The Samba team at SerNet recently organized an internal workshop to explore the compatibility of Microsoft Exchange 2019 with Samba Active Directory. Participants in the workshop included Stefan Metzmacher, Björn Jacke and Ralph Böhme - all long-time members of the international Samba team. To share the progress with the Samba community, here is a short report from the experimental lab. The team is happy to answer any questions about the project.
The journey started with a major hurdle: NTP time synchronization issues on the Windows Domain Controllers (DCs) within the test setup. The team was able to resolve the issue after a few attempts - but ran into a new obstacle when Exchange refused to start in the Samba environment. After several hours of examining the logs and lots of head scratching, the crew discovered that Exchange was trying to query the LDAP "ntSecurityDescriptor" attribute of the cn=Configuration object. Surprisingly, Samba returned an empty result, unlike a Windows DC that returned the attribute.
After investigating thoroughly, the team found the cause: incomplete support for Group Policy Objects (GPOs) on Samba DCs. The GPO that was supposed to grant an additional privilege to the Exchange domain account had not been applied. Consequently, Samba rightly refused to return the ntSecurityDescriptor attribute.
Manually granting the missing privilege fixed the problem and Exchange worked. Subsequent tests creating accounts and exchanging emails confirmed the initial success. "We were really thrilled with the result," said Ralph Böhme, Samba Team Lead at SerNet. By identifying the underlying issues and implementing the necessary actions, he and his team were able to successfully connect Microsoft Exchange 2019 and Samba Active Directory. The interoperability achieved was no accident, but the result of thorough planning, systematic testing, and patient debugging. Böhme continues, "The workshop showed what we can achieve when we pool our Samba experience and join forces to overcome technical challenges."
The interim success is a step in SerNet's larger mission to not only improve Samba's features and functionality, but to help make it an indispensable tool for businesses and organizations worldwide. The team looks forward to continuing to share its progress and work closely with the broader Samba community to achieve the vision of full interoperability between Samba AD and Exchange.