[Samba] Azure AD Connect

gabben gabbenx at gmail.com
Fri May 15 16:53:37 UTC 2020 

Hello all,

How can I support this effort? What can I provide to assist?

Cheers

> On May 7, 2020, at 3:18 AM, Andrew Bartlett <abartlet at samba.org> wrote:
> 
> G'Day Marcio and gabben,
> 
> Douglas (CC'ed) is going to try and look into why this doesn't 'just
> work' with Samba.  No promises, but at least a trained eye will look
> over the process.  If you could help him get set up and understand what
> works and doesn't that will leave him more time for actual debugging.
> 
> The Azure AD sync feature is a big of an oddity in Samba, because it
> wasn't ever intentionally developed, which is why it has been so
> fragile.
> 
> Samba's most rock-solid features have tended to be those intentionally
> developed in the past few years when we have had strong automated
> testing expectations and positive code review requirements.
> 
> Azure AD sync is entirely the opposite.  Never specified, it has
> happened to work because it uses standard (for AD) features that we
> have supported for other reasons.  When it 'just works' this is
> awesome, but it means that there hasn't been built up the expertise
> inside the Samba Team on exactly how it works and why it may fail.
> 
> In terms of improving the situation, the best way forward is to work
> with a commercial support partner who employs Samba team members on the
> AD DC.  See https://www.samba.org/samba/support/globalsupport.html <https://www.samba.org/samba/support/globalsupport.html>
> 
> Weather supporting large features like new DB backends, small fixes
> like annoying bugs or support contracts supporting those who employ
> Samba developers supports Samba itself.
> 
> Finally, I see mentioned issues around schema.  Samba can be upgraded
> to the Windows 2012R2 schema if that would help, and I understand the
> exchange schema can be loaded. 
> 
> Thanks,
> 
> Andrew Bartlett
> 
> On Tue, 2020-05-05 at 08:45 -0300, Marcio Merlone via samba wrote:
>> Em 04/05/2020 14:25, gabben escreveu:
>>> We joined one MS Windows 2012 R2 server to our Samba DC fleet and
>>> pointed the Azure AD sync tool to that new Windows AD server and
>>> Azure password sync is working well now.
>> 
>> Good to know.
>> 
>> 
>>> I don’t have any experience with distribution groups.
>> 
>> There was this *one* test group which had no permission to receive
>> from 
>> outside the company, while all others was as expected. But, the
>> problem 
>> arises the other way around, If I have to restrict a group for
>> insiders 
>> only I wont be able to.
>> 
>> I will do some further tests, thanks you for your input.
>> 
>> 
>>> 
>>> Good Luck!
>>> 
>>>> On May 4, 2020, at 10:21 AM, Marcio Merlone via samba <
>>>> samba at lists.samba.org> wrote:
>>>> 
>>>> So, testing samba 4.12 on a Debian buster I found those no-go
>>>> issues:
>>>> 
>>>> - Password sync dont work either way, nor sync neither write-
>>>> back.
>>>> 
>>>> - Distribution groups can't receive external mails, it relies on
>>>> missing properties on samba schema regarding Exchange. So I cant
>>>> permit a group to receive mail from outside my domain.
>>>> 
>>>> That said, only option to any kind of integration with Azure is
>>>> give up on samba and migrate ALL DCs to Microsoft as of now. I've
>>>> been working on this network with samba for more than a decade,
>>>> seems it is time to move on for me.
>>>> 
>>>> Thanks all, best regards.
>>>> 
>>>> 
>>>> Em 30/03/2020 10:05, Marcio Merlone via samba escreveu:
>>>>> Hi,
>>>>> 
>>>>> We are preparing to migrate our mail server to Azure and would
>>>>> like to integrate it vi AD Connect with our AD - Samba 4.7
>>>>> upgrading to 4.11 (Thanks Louis!).
>>>>> 
>>>>> Anyone willing to share the experience? I see on some not-so-
>>>>> old posts there is a problem syncing password hashes, but since
>>>>> samba is an ever evolving solution I would like to know how are
>>>>> you dealing with this?
>>>>> 
>>>>> Thanks and best regards.
>>>>> 
>>>> 
>>>> -- 
>>>> *Marcio Merlone*
>>>> -- 
>>>> To unsubscribe from this list go to the following URL and read
>>>> the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>> 
>> -- 
>> *Marcio Merlone*
>> TI - Administrador de redes
>> 
>> *A1 Engenharia - Unidade Corporativa*
>> Fone: 	+55 41 3616-3797
>> Cel: 	+55 41 99689-0036
>> 
>> https://a1.ind.br/ <https://a1.ind.br/> <https://a1.ind.br <https://a1.ind.br/>>
> -- 
> Andrew Bartlett                       https://samba.org/~abartlet/ <https://samba.org/~abartlet/>
> Authentication Developer, Samba Team  https://samba.org <https://samba.org/>
> Samba Developer, Catalyst IT          
> https://catalyst.net.nz/services/samba <https://catalyst.net.nz/services/samba>

More information about the samba mailing list