[Samba] Azure AD Sync not working

Arthur Toussaint arthur.toussaint at wandercraft.eu
Wed Jul 6 09:30:09 UTC 2022 

Oh, but I'm already using Azure AD Connect V2.x, so I should be good 
Thanks 
Arthur 


De: "Min Wai Chan" <dcmwai at gmail.com> 
À: "arthur toussaint" <arthur.toussaint at wandercraft.eu> 
Cc: "Simon FONTENEAU" <sfonteneau at tranquil.it>, "samba" <samba at lists.samba.org> 
Envoyé: Mercredi 6 Juillet 2022 11:28:15 
Objet: Re: [Samba] Azure AD Sync not working 

Dear Arthur, 
Under this 
[ https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-version-history | https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-version-history ] 




So unless Samba can connect to windows Server 2016 or higher else that will be gone... 

Thank You 
Regards, 
Min Wai 

On Wed, Jul 6, 2022 at 5:16 PM Arthur Toussaint < [ mailto:arthur.toussaint at wandercraft.eu | arthur.toussaint at wandercraft.eu ] > wrote: 



What, 
Nope I didn't see that, where did you see that ? 
Kind regards 
Arthur 


De: "Min Wai Chan" < [ mailto:dcmwai at gmail.com | dcmwai at gmail.com ] > 
À: "arthur toussaint" < [ mailto:arthur.toussaint at wandercraft.eu | arthur.toussaint at wandercraft.eu ] > 
Cc: "Simon FONTENEAU" < [ mailto:sfonteneau at tranquil.it | sfonteneau at tranquil.it ] >, "samba" < [ mailto:samba at lists.samba.org | samba at lists.samba.org ] > 
Envoyé: Mercredi 6 Juillet 2022 11:14:35 
Objet: Re: [Samba] Azure AD Sync not working 

Dear Arthur, 
I think you might know that this PTA using windows 2012 R2 will be only available until 31 Aug 2022... 

Thus, this will be a very short solution... 

Regards, 
Min Wai 

On Wed, Jul 6, 2022 at 4:35 PM Arthur Toussaint via samba < [ mailto:samba at lists.samba.org | samba at lists.samba.org ] > wrote: 

BQ_BEGIN
Hi, 
So far I'm using the PTA, which works well, I think I've seen this script but it requires storing password in plaintext if I'm not mistaken, which I don't want to do 
Kind regards 
Arthur 


De: "samba" < [ mailto:samba at lists.samba.org | samba at lists.samba.org ] > 
À: "samba" < [ mailto:samba at lists.samba.org | samba at lists.samba.org ] > 
Envoyé: Mardi 5 Juillet 2022 23:32:07 
Objet: Re: [Samba] Azure AD Sync not working 

Hi Arthur 

Have you tried to implement this script with /check password script ? 
/ 

[ https://github.com/sfonteneau/send_password_in_azure/blob/master/send_password_azure.py | https://github.com/sfonteneau/send_password_in_azure/blob/master/send_password_azure.py ] 

It's less practical but it uses the official Microsoft APIs 

Simon Fonteneau 


Le 05/07/2022 à 14:12, Arthur Toussaint via samba a écrit : 
> Okay, I thought PTA didn't work, but I guess it was because I had "Enable single sign on" enabled, once i unticked that, it worked, thanks a lot ! 
> Kind regards 
> 
> 
> De: "Min Wai Chan"< [ mailto:dcmwai at gmail.com | dcmwai at gmail.com ] > 
> À: "arthur toussaint"< [ mailto:arthur.toussaint at wandercraft.eu | arthur.toussaint at wandercraft.eu ] > 
> Envoyé: Mardi 5 Juillet 2022 13:32:36 
> Objet: Re: [Samba] Azure AD Sync not working 
> 
> Dear Arthur, 
> 
> I'm on Azure Ad connect 1.6.16.0 
> Download from this link below 
> [ [ https://www.microsoft.com/en-us/download/details.aspx?id=103336 | https://www.microsoft.com/en-us/download/details.aspx?id=103336 ] | [ https://www.microsoft.com/en-us/download/details.aspx?id=103336 | https://www.microsoft.com/en-us/download/details.aspx?id=103336 ] ] 
> 
> 
> What I do is change the users sign in 
> 
> 
> And Change to pass-through authentication. 
> 
> 
> 
> And that will change the azure AD to pass-through authentication... 
> 
> Hope this help. 
> 
> Thank You 
> Regards, 
> Min Wai 
> 
> On Tue, Jul 5, 2022 at 4:02 PM Arthur Toussaint < [mailto: [ mailto:arthur.toussaint at wandercraft.eu | arthur.toussaint at wandercraft.eu ] | [ mailto:arthur.toussaint at wandercraft.eu | arthur.toussaint at wandercraft.eu ] ] > wrote: 
> 
> 
> 
> Hi, 
> Thanks a lot, how did you manage to make Passthrough work ? 
> Kind regards 
> Arthur 
> 
> 
> De: "Min Wai Chan" < [mailto: [ mailto:dcmwai at gmail.com | dcmwai at gmail.com ] | [ mailto:dcmwai at gmail.com | dcmwai at gmail.com ] ] > 
> À: "arthur toussaint" < [mailto: [ mailto:arthur.toussaint at wandercraft.eu | arthur.toussaint at wandercraft.eu ] | [ mailto:arthur.toussaint at wandercraft.eu | arthur.toussaint at wandercraft.eu ] ] > 
> Cc: "Dr. Hansjörg Maurer" < [mailto: [ mailto:hansjoerg.maurer at itsd.de | hansjoerg.maurer at itsd.de ] | [ mailto:hansjoerg.maurer at itsd.de | hansjoerg.maurer at itsd.de ] ] >, "samba" < [mailto: [ mailto:samba at lists.samba.org | samba at lists.samba.org ] | [ mailto:samba at lists.samba.org | samba at lists.samba.org ] ] > 
> Envoyé: Mardi 5 Juillet 2022 04:44:30 
> Objet: Re: [Samba] Azure AD Sync not working 
> 
> Dear Arthur, 
> I've face with similar issue on my new Azure AD Connect Setup but same like you password hash synchronization don't seem to work. 
> 
> I'm wondering if the MS site had upgrade to Connect protocol 1st... 
> 
> I don't know and I'm clueless... 
> 
> However for me... currently the only working way is Passthrough... 
> 
> Thank you 
> 
> Regards, 
> Min Wai 
> 
> On Mon, Jul 4, 2022 at 11:09 PM Arthur Toussaint via samba < [mailto: [ mailto:samba at lists.samba.org | samba at lists.samba.org ] | [ mailto:samba at lists.samba.org | samba at lists.samba.org ] ] > wrote: 
> 
> 
> OK, 
> Is there anything I could do to help ? Or anywhere I could find info about the effort done up to now to trace the root cause ? 
> Thanks a lot 
> Arthur 
> 
> 
> De: "samba" < [mailto: [ mailto:samba at lists.samba.org | samba at lists.samba.org ] | [ mailto:samba at lists.samba.org | samba at lists.samba.org ] ] > 
> À: "samba" < [mailto: [ mailto:samba at lists.samba.org | samba at lists.samba.org ] | [ mailto:samba at lists.samba.org | samba at lists.samba.org ] ] > 
> Envoyé: Lundi 4 Juillet 2022 16:58:04 
> Objet: Re: [Samba] Azure AD Sync not working 
> 
> Hi 
> 
> 
> Am 23.06.22 um 11:03 schrieb Arthur Toussaint via samba: 
>> Hi, 
>> 
>> I'm trying to sync my local samba AD to azure AD, but I'm running into an issue with password hash synchronization. 
>> The users sync task works well,but the password hash sync task is always marked "Active" on the interface but never finishes 
>> I'm following this guide : [ [ [ https://wiki.samba.org/index.php/Azure_AD_Sync | https://wiki.samba.org/index.php/Azure_AD_Sync ] | [ https://wiki.samba.org/index.php/Azure_AD_Sync | https://wiki.samba.org/index.php/Azure_AD_Sync ] ] | [ [ https://wiki.samba.org/index.php/Azure_AD_Sync | https://wiki.samba.org/index.php/Azure_AD_Sync ] | [ https://wiki.samba.org/index.php/Azure_AD_Sync | https://wiki.samba.org/index.php/Azure_AD_Sync ] ] ] with samba 4.13.13 
>> Does someone have any pointers on where and what to do to diagnose the issue, I'm not seeing any logs 
>> Also, I'm not sure anyone has managed to sync passwords, so even a "Password sync works for me" answer would be a huge help. 
> Password sync has been working for almost one year, with the config you 
> mention above, but it stopped working some month ago (without any change 
> on the samba side) 
> We did not manage to trace it down up to now 
> 
> Regards 
> 
> Hansjörg 
> 
> 
>> Thanks a lot 
>> Arthur 
> 
> 
-- 
To unsubscribe from this list go to the following URL and read the 
instructions: [ https://lists.samba.org/mailman/options/samba | https://lists.samba.org/mailman/options/samba ] 
-- 
To unsubscribe from this list go to the following URL and read the 
instructions: [ https://lists.samba.org/mailman/options/samba | https://lists.samba.org/mailman/options/samba ] 




BQ_END

More information about the samba mailing list