Diego Zuccato wrote:
Just replying to myself to give some more infos...
> 1) In our organization we have two "primary" domains (a lot of
others,
> but they're not interesting here). I tried changing the default
> 'PERSONALE' (where machine is joined) to 'STUDENTI' (most
users are in
> this one, but I'm not allowed to join a machine to it) with no luck.
Seems "default domain" gets ignored when security=ads ...
> 2) I can't make users login with their UPN (user.name at
studio.unibo.it
> for users in STUDENTI domain, user.name at unibo.it for users in PERSONALE
> domain)
Just tested again. But it seems even "wbinfo -n user.name at unibo.it"
isn't resolved. This seems to be a regression (I now updated to 3.4.3,
but it correctly resolved it in 3.3.8, but even then I couldn't login by
UPN).
> 3) It seems "winbind separator" is incompatible with Kerberos
login: if
> I specify it, then all logins fail.
And even this still applies.
Attached are the relevant configuration files (might be useful for
others, for example for the multi-domain consistent id mapping).
--
Diego Zuccato
Servizi Informatici
Dip. di Astronomia - Universit? di Bologna
Via Ranzani, 1 - 40126 Bologna - Italy
tel.: +39 051 20 95786
mail: diego.zuccato at unibo.it
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: krb5.conf
URL:
<http://lists.samba.org/pipermail/samba/attachments/20091120/d93eddc2/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pam_winbind.conf
URL:
<http://lists.samba.org/pipermail/samba/attachments/20091120/d93eddc2/attachment-0001.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: smb.conf
URL:
<http://lists.samba.org/pipermail/samba/attachments/20091120/d93eddc2/attachment-0002.ksh>