[Samba] Azure AD Connect and the challenge of funding Samba bugs

mj lists at merit.unu.edu
Tue Oct 27 20:15:26 UTC 2020

Hi all,

An update.

On 10/26/20 10:24 PM, Andrew Bartlett wrote:
> The fact that there is a viable workaround (pass-though authentication)
> also seems to be making this harder to fix - because it remains an
> annoyance, not a deal-breaker.

Today I tried again with these ingredients:
- fresh azure tenant
- fresh installed AD (samba 4.12.8 sernet)
- an azure "custom domain name" for our AD realm, status "verified"
- new Azure AD Connect Cloud Provisioning agent, using a "domain admins" 
AD account
- with password-hash sync

And it works. :-)

No high CPU usage on the samba DC so far. I tried turning off the samba 
DC, and I can still authentiate on office365, meaning the password-hash 
successfully synced as well.

The new tool is different in many ways, but the way we see it, it has 
many advantages over the older Azure AD Connect. AD Connect required a 
mssql server and you could have only one Azure Connect server per AD. 
The new one is very light-weight, processing/configuration done in 
Azure, and you can simply install multiple agents for HA.

But most importantly: it seems to work nicely with samba. (so far, 
anyway...) :-)

Here is a small article about the differences between the two:

Enjoy your evening,

More information about the samba mailing list