[Samba] azure ad provisioning | password hashes sync

Andrew Bartlett abartlet at samba.org
Fri Oct 16 17:34:54 UTC 2020

On Fri, 2020-10-16 at 14:01 +0200, mj via samba wrote:
> Hi,
> On 10/16/20 5:48 AM, Andrew Bartlett wrote:
> > What I asked them for, and (because we have worked together before)
> > I'm
> > confident you can get is, correlated by a high-resolution
> > timestamp:
> I hope someone here can help me a little bit, doing the above.
> I have a level 10 log from the samba DC, however, it shows nothing
> like 
> "GetNCChanges" anywhere.
> It does however show an NT_STATUS_INTERNAL_ERROR, as soon as I start
> the 
> AzureSync client:

OK, that isn't good.

> Could it be that the error already happens before samba tries to do 
> anything like GetNCChanges? (since the error above seems to appear
> in 
> rpc_parse)

GetNCChanges is normally over TCP/IP but presumably yes.  Is there
anything before that packet dump?  In Samba, an outgoing packet dump
like that will always be the last thing in the logs, so any error will
be before it.

> Or do I need to setup other logging for GetNCChanges errors? (and if 
> yes: how do I do that?)
> (this is how I acheved the log above:
> https://wiki.samba.org/index.php/Client_specific_logging

Just to be clear, the AD DC does not support the client specific
logging in the source4 parts of the codebase, so while any traffic to
smbd (handling SMB) will be split out, the main traffic in 'samba'
handling all the rest will ignore all that.

You might need to bite the bullet and do the level 10 trace quickly on
a quiet DC at a quiet time.

We really should fix that...  It isn't trivial (because we handle
multiple clients in one process) but we might be able to at least
reload the logging settings before each packet...


Andrew Bartlett

Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          

More information about the samba mailing list