[Samba] Azure Sync
Bernhard Dick
bernhard at bdick.de
Thu Jul 9 16:59:01 UTC 2020
Hi,
Am 02.07.2020 um 17:23 schrieb Martin Hauptmann via samba:
> Sorry if I didn't find the right manual.
>
> I would like to set up a new Domain Controller and connect it to an existing Office 365 with Exchange in a way, AD-Users of a certain group can login and not having to login to Office365.
>
> My questions:
>
> Can I map the existing Office365-Accounts to the new Domain?
One thing I would take a look at, also after I've read the recent
answers, is the SAML interface for office365. I do not yet have a
working environment using this but it seems promising. Here you'd need
to set up an own IdP (for example using shibboleth) and connect this
with the office365 users. I'm not sure how seemless this works but I
think that there should be an idp being able to authenticate the users
via kerberos if they're already logged in on a workstation.
Here is some documentation on the Microsoft side for using an SAML Idp:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp
. A mapping of existing users seems possible.
However it seems that only adding someone to a group of allowed users is
not enough but you still need to create a user identity for everyone you
want to use O365 there.
> Is the existing username scheme in Office 365 of lois.griffin at company.com compatible with Samba?
That is compatible, you can set/add an UPN-Domain accordingly, if your
AD sits in the company.com hierarchy (i.e. ad.company.com).
> Do I need a Windows Server to execute AzureADConnect.msi to keep groups and passwords in sync?
>
> Is there a samba-tool command or some ldap-command to do the job?
>
> Which version of Samba is the minimum version I need? (I prefer debian stable with standard packages if possible)
>
> The Domain of the new AD will be
> cmpn.company.com
So the UPN part (see above) will work.
Best regards
Bernhard
> I've been looking through the last 1,5 years in the Mailinglist archive and did not find clear answers to that.
>
> Thank you
> Martin
>
More information about the samba
mailing list