[Samba] Azure Sync

Bernhard Dick bernhard at bdick.de
Thu Jul 9 16:59:01 UTC 2020


Am 02.07.2020 um 17:23 schrieb Martin Hauptmann via samba:
> Sorry if I didn't find the right manual.
> I would like to set up a new Domain Controller and connect it to an existing Office 365 with Exchange in a way, AD-Users of a certain group can login and not having to login to Office365.
> My questions:
> Can I map the existing Office365-Accounts to the new Domain?
One thing I would take a look at, also after I've read the recent 
answers, is the SAML interface for office365. I do not yet have a 
working environment using this but it seems promising. Here you'd need 
to set up an own IdP (for example using shibboleth) and connect this 
with the office365 users. I'm not sure how seemless this works but I 
think that there should be an idp being able to authenticate the users 
via kerberos if they're already logged in on a workstation.
Here is some documentation on the Microsoft side for using an SAML Idp: 
. A mapping of existing users seems possible.
However it seems that only adding someone to a group of allowed users is 
not enough but you still need to create a user identity for everyone you 
want to use O365 there.

> Is the existing username scheme in Office 365 of lois.griffin at company.com compatible with Samba?
That is compatible, you can set/add an UPN-Domain accordingly, if your 
AD sits in the company.com hierarchy (i.e. ad.company.com).

> Do I need a Windows Server to execute AzureADConnect.msi to keep groups and passwords in sync?
> Is there a samba-tool command or some ldap-command to do the job?
> Which version of Samba is the minimum version I need? (I prefer debian stable with standard packages if possible)
> The Domain of the new AD will be
> cmpn.company.com
So the UPN part (see above) will work.

   Best regards

> I've been looking through the last 1,5 years in the Mailinglist archive and did not find clear answers to that.
> Thank you
> Martin

More information about the samba mailing list