[Samba] Azure AD Connect and the challenge of funding Samba bugs
mj
lists at merit.unu.edu
Tue Oct 27 20:15:26 UTC 2020
Hi all,
An update.
On 10/26/20 10:24 PM, Andrew Bartlett wrote:
> The fact that there is a viable workaround (pass-though authentication)
> also seems to be making this harder to fix - because it remains an
> annoyance, not a deal-breaker.
Today I tried again with these ingredients:
- fresh azure tenant
- fresh installed AD (samba 4.12.8 sernet)
- an azure "custom domain name" for our AD realm, status "verified"
- new Azure AD Connect Cloud Provisioning agent, using a "domain admins"
AD account
- with password-hash sync
And it works. :-)
No high CPU usage on the samba DC so far. I tried turning off the samba
DC, and I can still authentiate on office365, meaning the password-hash
successfully synced as well.
The new tool is different in many ways, but the way we see it, it has
many advantages over the older Azure AD Connect. AD Connect required a
mssql server and you could have only one Azure Connect server per AD.
The new one is very light-weight, processing/configuration done in
Azure, and you can simply install multiple agents for HA.
But most importantly: it seems to work nicely with samba. (so far,
anyway...) :-)
Here is a small article about the differences between the two:
https://docs.microsoft.com/nl-nl/azure/active-directory/cloud-provisioning/what-is-cloud-provisioning
Enjoy your evening,
MJ
More information about the samba
mailing list