SAMBA+
SerNet

Blog

Bridging On-Prem and Cloud: Samba AD to Entra ID Success Story
Success Story: Samba AD meets Entra ID


It started with a straightforward architecture decision: keep identity on-prem under your control while still using Microsoft 365 in the cloud. 

That’s the challenge Qudora Technologies GmbH brought to SerNet. QUDORA is a leading full-stack quantum computing company based in Germany. The company’s proprietary Near-Field Quantum Control (NFQC®) technology brings together ultra precise qubit control with very long coherence times significantly improving the performance per qubit. QUDORA’s QC systems are designed for seamless integration with existing industrial infrastructure, including on-premise deployments for HPC centers. With operations in Braunschweig and Hamburg, QUDORA is making quantum computing accessible to a broader range of applications and industries.

Qudora approached SerNet because the Göttingen-based open-source specialist combines upstream Samba engineering with hands-on integration expertise across Samba and Microsoft environments.

Project snapshot

  • On-prem authoritative directory: Samba Active Directory Domain Controller
  • Cloud services: Microsoft 365 (Exchange Online, SharePoint, Teams)
  • Sync engine: Microsoft Entra Connect (one-way: on-prem → cloud)
  • Key requirement: Exchange-relevant attributes available and correct in Samba AD
  • Goal: Production-ready hybrid setup

Architecture: On-Prem Stays Authoritative

The core question was simple: Can a Samba AD domain synchronize cleanly to Microsoft Entra ID using Entra Connect – including the Exchange-relevant attributes.

In many real-world environments, Exchange requirements have historically pushed teams toward “just use Windows for AD,” because Exchange Online (and hybrid patterns around it) expect specific object classes and attributes.

Qudora wanted a different design that takes digitial sovereignty requirements serious: Samba AD stays the source of authority, Microsoft 365 consumes synchronized identities, and admins manage users in one place.

Schematics for a setup with Samba AD sync to Entra ID

The Engineering Core: Bringing Exchange Attributes to Samba AD

The challenge wasn’t “getting sync to run.” The challenge was meeting the schema and attribute expectations that come with Exchange.

Exchange Online commonly relies on attributes and structures such as:

  • proxyAddresses
  • mail
  • targetAddress
  • multiple msExch* attributes
  • Exchange organization objects / related classes

To meet those requirements with Samba as the only AD DC, the project required:

  1. Extending the LDAP schema in Samba AD for Exchange-relevant object classes and attributes
  2. Targeted Samba code changes so these objects were handled correctly
  3. Protocol-level troubleshooting (network traces + deep debug logs) to confirm what Entra Connect was actually requesting and how Samba responded

This is where SerNet’s team setup mattered in a very concrete way:

  • Björn Jacke (Integrator in SerNets Samba Team) led the AD-side implementation and guided the Samba AD/DC requirements.
  • Stefan Metzmacher (Samba core development) traced the behavior down to the relevant code paths and implemented the fixes.
  • Carl Massiang (Integrator in SerNets Secure Infrastructures Team) implemented the Entra Connect configuration and handled the Microsoft 365 / Exchange Online integration work.

The resulting changes were merged upstream, so the broader Samba community benefits as well.

A key point from the field: from Entra ID’s perspective, this behaved like a standard Active Directory environment. Entra “didn’t care” that the DC was Samba.

The solution in production

Once in place, the operational flow was clean and repeatable:

  1. Create/manage users in the on-prem Samba AD (the authoritative directory).
  2. Set Exchange-relevant attributes in Samba AD.
  3. Entra Connect synchronizes objects one way (on-prem → Entra ID).
  4. Microsoft 365 provisions the Exchange Online mailbox automatically based on the synchronized identity and attributes.

No on-prem Exchange server was required for this setup. No extra Windows domain was added. No double maintenance of identities. Only one Windows Member Server for the Entra Connect Sync Service is needed. 

What changed for Qudora

This implementation delivered a hybrid identity design that was:

  • single-source-of-truth (on-prem Samba AD)
  • cloud-ready for Microsoft 365 services
  • schema-correct for Exchange Online expectations
  • stable and reproducible in production

In a follow-on project with another company, the same approach was applied to a hybrid scenario involving an on-prem Exchange server, where domain controllers must evaluate certain policies correctly for Exchange objects to provision as expected. That scenario was achievable as well, building on the extended schema foundation.

Planning something similar?

If you run Samba AD and want to connect Microsoft 365 or you need to harden an existing hybrid setup, reach out to SerNet. We’ll review your directory model and schema, validate Exchange attribute requirements, design the Entra Connect architecture, and implement it end-to-end – including upstream-grade troubleshooting when the issue is deeper than configuration.

Note on digital sovereignty: Depending on your requirements, SerNet also designs and implements sovereign alternatives without Microsoft cloud services – on-prem or with European providers – especially where data residency, regulatory constraints, or risk considerations (including topics like the U.S. CLOUD Act) are part of the decision.

SerNet can do this, just reach out.

Opening Samba to a Wilder World: sambaXP 2026 Recordings
Thumbnail Keynote sambaXP 2026

The recordings from sambaXP 2026 are now available. They bring together the talks from the 25th International User and Developer Conference for Samba, held in Göttingen on April 20 and 21, 2026. Watch the full playlist on YouTube:

This year’s conference offered a focused look at current work around Samba, SMB and the wider interoperability ecosystem. The talks cover Samba AD in real networks, SMB over QUIC, SMB-Direct, SMB3.1.1 client improvements, authentication and authorization, Winbind with Kerberos S4U2SELF, CTDB, VFS development, OpenRSAT, FreeIPA and Active Directory integration, and recent Samba AD security work.

Storage and performance were also strong themes, with sessions on Samba and Ceph, including SMB access to Ceph RGW, CephFS-backed SMB deployments, and SMB Multichannel in IBM Storage Scale.

Volker Lendecke’s keynote “25 years of sambaXP” set the frame for the conference. What started as a look back at 25 editions of sambaXP became a broader tour through major milestones in Samba’s history – from early SMB work to Samba 4 and the structures shaping the project today.

sambaXP 2026 was also closely connected with the SNIA SMB3 IO Lab EMEA. Hosted by SNIA with support from Microsoft, the IO Lab added a hands-on setting for SMB3 interoperability testing, protocol work and direct collaboration around real implementations. While sambaXP provided the public talks and discussions, the IO Lab continued that work in a dedicated test environment. That combination is central to sambaXP, where technical talks, direct exchange and practical interoperability meet in one place. It also reflects how Samba continues to develop.

sambaXP is organized by SerNet and has been a meeting point for the Samba Team, developers, users and vendors since 2002. The 2026 edition was made possible with the support of this years sponsors Microsoft, Tranquil IT, SerNet.

Samba Release Management Transitions to Björn Jacke

Samba’s release management is transitioning from Jule Anger to Björn Jacke. Both work at SerNet GmbH, which continues to sponsor the release manager role as part of its long-standing commitment to the Samba project.

A Role Central to the Project

Release management has always been a cornerstone of the Samba project. Stable maintenance branches, predictable release cycles, and timely security updates are essential to users and distributors alike. These responsibilities have traditionally been coordinated and communicated through the samba mailing lists, providing transparency and reliability for the wider community. In recent years, Jule Anger played a key role in carrying this work forward. She coordinated releases across multiple branches, supported security updates, and helped keep the release process structured and dependable. Jule remains connected to Samba as she transitions into a new role within SerNet’s verinice team.

With Björn Jacke stepping into the role, Samba’s release management remains in experienced hands. Björn is a long-time Samba maintainer and integrator who has been working with Samba for nearly its entire lifetime, integrating it into networks ranging from small setups to large-scale enterprise environments.

He has been closely involved in release-related workflows for many years and is a central contributor to SAMBA+ packaging. The transition therefore represents continuity rather than a change in direction.

Continued Support from SerNet

The change in personnel does not affect the underlying support structure. SerNet continues to sponsor the release manager role, ensuring that the time and focus required for this responsibility remain available. This support helps maintain regular releases, coordinated maintenance, and fast responses to security issues—benefiting the entire Samba community.

SMB Direct is moving forward – high performance meets open infrastructure
Samba STF project: Milestone 6.1

The Samba team at SerNet has reached another major milestone in the STA-funded development project: SMB Direct (RDMA) support is now taking shape in the Linux kernel. This marks a new stage for Samba – bringing high-speed, low-latency data transfer into the open-source world. With Remote Direct Memory Access (RDMA), data moves directly between client and server network adapters, bypassing the CPU and reducing latency. The result: enterprise-grade performance, available in an open, community-driven stack.

159 patches later

Developing SMB Direct required deep kernel integration. Over 159 patches, the Samba team unified existing SMB Direct components for both client and server, which paves the way toward a shared socket layer that can be exported to user space via socket API and then used by applications like Samba. This foundation enables future work on full SMB Direct support in smbd and smbclient, as well as automated testing and performance validation.

Several commits have already been merged into the main Linux kernel, with further work under active review: a milestone made possible through collaboration between Samba developers, kernel maintainers, and the wider Linux community.

Open performance, sovereign infrastructure 

SMB Direct is more than a technical upgrade. It’s a step toward digital sovereignty through performance and openness. By making advanced data-transfer capabilities available as free software, Samba enables secure, scalable file services without proprietary dependencies. The Sovereign Tech Agency (STA) supports this work as part of its mission to strengthen open digital infrastructure and Europe’s technological resilience.

With STA funding, Samba can focus on the kind of long-term, architectural development that benefits everyone from enterprises to public institutions.

Learn more about the full STA-funded Samba project and all milestones: https://samba.plus/stf-project

New: SAMBA+ Development SLA with guaranteed time-to-start
SAMBA+ SLA

SerNet now offers a dedicated SAMBA+ Development SLA – tailored for organizations that want to commission specific Samba-related developments with a clearly defined start date.

Depending on the selected service level, development work begins within 10, 20 or 30 days. This provides planning certainty for customers who need timely implementation of features, integrations or performance improvements in:

  • SAMBA+ or upstream Samba
  • SMB protocol stacks
  • Related technologies like AD, LDAP, DNS, DHCP, SSL, CUPS or Netatalk

The Development SLA complements our existing Support SLA and expands SerNet’s offering for customers with long-term engineering needs or custom development goals.

The full SLA terms, pricing, and ordering options are available in the SAMBA+ World Shop (EUR) and the SAMBA+ US Shop (USD). 

For more information, feel free to contact our sales team.

Contact us
Contact
Deutsch English Français