[Samba] Azure Sync
Martin Hauptmann
post at mailbox.org
Fri Jul 10 16:26:37 UTC 2020
On 09.07.20 18:59, Bernhard Dick via samba wrote:
> Hi,
>
> Am 02.07.2020 um 17:23 schrieb Martin Hauptmann via samba:
>> Sorry if I didn't find the right manual.
>>
>> I would like to set up a new Domain Controller and connect it to an
>> existing Office 365 with Exchange in a way, AD-Users of a certain
>> group can login and not having to login to Office365.
>>
>> My questions:
>>
>> Can I map the existing Office365-Accounts to the new Domain?
> One thing I would take a look at, also after I've read the recent
> answers, is the SAML interface for office365. I do not yet have a
> working environment using this but it seems promising. Here you'd need
> to set up an own IdP (for example using shibboleth) and connect this
> with the office365 users. I'm not sure how seemless this works but I
> think that there should be an idp being able to authenticate the users
> via kerberos if they're already logged in on a workstation.
> Here is some documentation on the Microsoft side for using an SAML
> Idp:
> https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp
> . A mapping of existing users seems possible.
> However it seems that only adding someone to a group of allowed users
> is not enough but you still need to create a user identity for
> everyone you want to use O365 there.
That sounds complicated. Has no one tried that yet?
>
>> Is the existing username scheme in Office 365 of
>> lois.griffin at company.com compatible with Samba?
> That is compatible, you can set/add an UPN-Domain accordingly, if your
> AD sits in the company.com hierarchy (i.e. ad.company.com).
OK, a colleague told me, that I should avoid @ in Samba usernames. They
have a similar setup and he says the Azure-standard naming looking like
an E-Mail address would lead to huge problems on Samba.
Happy to hear it is not a problem.
>
>> Do I need a Windows Server to execute AzureADConnect.msi to keep
>> groups and passwords in sync?
>>
>> Is there a samba-tool command or some ldap-command to do the job?
>>
>> Which version of Samba is the minimum version I need? (I prefer
>> debian stable with standard packages if possible)
>>
>> The Domain of the new AD will be
>> cmpn.company.com
> So the UPN part (see above) will work.
>
> Best regards
> Bernhard
>
Thank you
Martin
>
>> I've been looking through the last 1,5 years in the Mailinglist
>> archive and did not find clear answers to that.
>>
>> Thank you
>> Martin
>>
>
More information about the samba
mailing list