[Samba] Azure AD Sync not working

Simon FONTENEAU sfonteneau at tranquil.it
Wed Jul 6 10:00:25 UTC 2022 

Hi

Le 06/07/2022 à 10:30, Andrew Bartlett a écrit :
> We would really prefer the password check API wasn't used like that,
> but I suppose that works.

yes I understand Something like "post script password" in samba would be 
ideal

>
> Is there any documentation on which hash formats Azure can take?
When I looked 4 years ago it was not possible

https://github.com/Azure/azure-sdk-for-python/issues/4018

this may have changed, i have to look.

I just think it's not documented at microsoft...  (He doesn't want it)


>
> Folks had the same for Google, and then we showed that we could have
> Samba store a crypt() hash and then sync that with the samba-tool
> userpasswords sync toolkit.
>
https://github.com/sfonteneau/samba4-gaps

I know because I participated in the script ;)
>
> If storing the plaintext passwords in your directory, GPG encrypted, is
> not impossible then this can also be done that way, if needed.
If the password could not be recoverable outside the samba process even 
with a gpg key that would be better.

That's just my opinion

>
> Andrew Bartlett
>
> On Tue, 2022-07-05 at 23:32 +0200, Simon FONTENEAU via samba wrote:
>> Hi Arthur
>>
>> Have you tried to implement this script with /check password script ?
>> /
>>
>> https://github.com/sfonteneau/send_password_in_azure/blob/master/send_password_azure.py
>>
>> It's less practical but it uses the official Microsoft APIs
>>
>> Simon Fonteneau
>>
>>
>> Le 05/07/2022 à 14:12, Arthur Toussaint via samba a écrit :
>>> Okay, I thought PTA didn't work, but I guess it was because I had
>>> "Enable single sign on" enabled, once i unticked that, it worked,
>>> thanks a lot !
>>> Kind regards
>>>
>>>
>>> De: "Min Wai Chan"<dcmwai at gmail.com>   
>>> À: "arthur toussaint"<arthur.toussaint at wandercraft.eu>   
>>> Envoyé: Mardi 5 Juillet 2022 13:32:36
>>> Objet: Re: [Samba] Azure AD Sync not working
>>>
>>> Dear Arthur,
>>>
>>> I'm on Azure Ad connect 1.6.16.0
>>> Download from this link below
>>> [https://www.microsoft.com/en-us/download/details.aspx?id=103336   |
>>> https://www.microsoft.com/en-us/download/details.aspx?id=103336   ]
>>>
>>>
>>> What I do is change the users sign in
>>>
>>>
>>> And Change to pass-through authentication.
>>>
>>>
>>>
>>> And that will change the azure AD to pass-through authentication...
>>>
>>> Hope this help.
>>>
>>> Thank You
>>> Regards,
>>> Min Wai
>>>
>>> On Tue, Jul 5, 2022 at 4:02 PM Arthur Toussaint < [mailto:
>>> arthur.toussaint at wandercraft.eu   |arthur.toussaint at wandercraft.eu   
>>> ] > wrote:
>>>
>>>
>>>
>>> Hi,
>>> Thanks a lot, how did you manage to make Passthrough work ?
>>> Kind regards
>>> Arthur
>>>
>>>
>>> De: "Min Wai Chan" < [mailto:dcmwai at gmail.com   |dcmwai at gmail.com   ]
>>> À: "arthur toussaint" < [mailto:arthur.toussaint at wandercraft.eu   
>>> |arthur.toussaint at wandercraft.eu   ] >
>>> Cc: "Dr. Hansjörg Maurer" < [mailto:hansjoerg.maurer at itsd.de   
>>> |hansjoerg.maurer at itsd.de   ] >, "samba" < [mailto:
>>> samba at lists.samba.org   |samba at lists.samba.org   ] >
>>> Envoyé: Mardi 5 Juillet 2022 04:44:30
>>> Objet: Re: [Samba] Azure AD Sync not working
>>>
>>> Dear Arthur,
>>> I've face with similar issue on my new Azure AD Connect Setup but
>>> same like you password hash synchronization don't seem to work.
>>>
>>> I'm wondering if the MS site had upgrade to Connect protocol 1st...
>>>
>>> I don't know and I'm clueless...
>>>
>>> However for me... currently the only working way is Passthrough...
>>>
>>> Thank you
>>>
>>> Regards,
>>> Min Wai
>>>
>>> On Mon, Jul 4, 2022 at 11:09 PM Arthur Toussaint via samba <
>>> [mailto:samba at lists.samba.org   |samba at lists.samba.org   ] > wrote:
>>>
>>> BQ_BEGIN
>>> OK,
>>> Is there anything I could do to help ? Or anywhere I could find
>>> info about the effort done up to now to trace the root cause ?
>>> Thanks a lot
>>> Arthur
>>>
>>>
>>> De: "samba" < [mailto:samba at lists.samba.org   |samba at lists.samba.org
>>>    ] >
>>> À: "samba" < [mailto:samba at lists.samba.org   |samba at lists.samba.org  
>>>   ] >
>>> Envoyé: Lundi 4 Juillet 2022 16:58:04
>>> Objet: Re: [Samba] Azure AD Sync not working
>>>
>>> Hi
>>>
>>>
>>> Am 23.06.22 um 11:03 schrieb Arthur Toussaint via samba:
>>>> Hi,
>>>>
>>>> I'm trying to sync my local samba AD to azure AD, but I'm running
>>>> into an issue with password hash synchronization.
>>>> The users sync task works well,but the password hash sync task is
>>>> always marked "Active" on the interface but never finishes
>>>> I'm following this guide : [ [
>>>> https://wiki.samba.org/index.php/Azure_AD_Sync   |
>>>> https://wiki.samba.org/index.php/Azure_AD_Sync   ] | [
>>>> https://wiki.samba.org/index.php/Azure_AD_Sync   |
>>>> https://wiki.samba.org/index.php/Azure_AD_Sync   ] ] with samba
>>>> 4.13.13
>>>> Does someone have any pointers on where and what to do to
>>>> diagnose the issue, I'm not seeing any logs
>>>> Also, I'm not sure anyone has managed to sync passwords, so even
>>>> a "Password sync works for me" answer would be a huge help.
>>> Password sync has been working for almost one year, with the config
>>> you
>>> mention above, but it stopped working some month ago (without any
>>> change
>>> on the samba side)
>>> We did not manage to trace it down up to now
>>>
>>> Regards
>>>
>>> Hansjörg
>>>
>>>
>>>> Thanks a lot
>>>> Arthur

More information about the samba mailing list