[Samba] azure ad provisioning | password hashes sync
abartlet at samba.org
Fri Oct 16 17:34:54 UTC 2020
On Fri, 2020-10-16 at 14:01 +0200, mj via samba wrote:
> On 10/16/20 5:48 AM, Andrew Bartlett wrote:
> > What I asked them for, and (because we have worked together before)
> > I'm
> > confident you can get is, correlated by a high-resolution
> > timestamp:
> I hope someone here can help me a little bit, doing the above.
> I have a level 10 log from the samba DC, however, it shows nothing
> "GetNCChanges" anywhere.
> It does however show an NT_STATUS_INTERNAL_ERROR, as soon as I start
> AzureSync client:
OK, that isn't good.
> Could it be that the error already happens before samba tries to do
> anything like GetNCChanges? (since the error above seems to appear
GetNCChanges is normally over TCP/IP but presumably yes. Is there
anything before that packet dump? In Samba, an outgoing packet dump
like that will always be the last thing in the logs, so any error will
be before it.
> Or do I need to setup other logging for GetNCChanges errors? (and if
> yes: how do I do that?)
> (this is how I acheved the log above:
Just to be clear, the AD DC does not support the client specific
logging in the source4 parts of the codebase, so while any traffic to
smbd (handling SMB) will be split out, the main traffic in 'samba'
handling all the rest will ignore all that.
You might need to bite the bullet and do the level 10 trace quickly on
a quiet DC at a quiet time.
We really should fix that... It isn't trivial (because we handle
multiple clients in one process) but we might be able to at least
reload the logging settings before each packet...
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
More information about the samba