[Samba] Azure AD Connect and the challenge of funding Samba bugs
Michal Bruncko
michal.bruncko at ssrk.sk
Tue Oct 27 21:49:13 UTC 2020
hi mj
did you also put sync account MSOL_xyz a member of "domain admins"?
cheers
michal
On 10/27/2020 9:15 PM, mj via samba wrote:
> Hi all,
>
> An update.
>
> On 10/26/20 10:24 PM, Andrew Bartlett wrote:
>> The fact that there is a viable workaround (pass-though authentication)
>> also seems to be making this harder to fix - because it remains an
>> annoyance, not a deal-breaker.
>
> Today I tried again with these ingredients:
> - fresh azure tenant
> - fresh installed AD (samba 4.12.8 sernet)
> - an azure "custom domain name" for our AD realm, status "verified"
> - new Azure AD Connect Cloud Provisioning agent, using a "domain
> admins" AD account
> - with password-hash sync
>
> And it works. :-)
>
> No high CPU usage on the samba DC so far. I tried turning off the
> samba DC, and I can still authentiate on office365, meaning the
> password-hash successfully synced as well.
>
> The new tool is different in many ways, but the way we see it, it has
> many advantages over the older Azure AD Connect. AD Connect required a
> mssql server and you could have only one Azure Connect server per AD.
> The new one is very light-weight, processing/configuration done in
> Azure, and you can simply install multiple agents for HA.
>
> But most importantly: it seems to work nicely with samba. (so far,
> anyway...) :-)
>
> Here is a small article about the differences between the two:
> https://docs.microsoft.com/nl-nl/azure/active-directory/cloud-provisioning/what-is-cloud-provisioning
>
>
> Enjoy your evening,
> MJ
>
More information about the samba
mailing list