Greetings all,
I've been a long term user of the samba, ntlm, winbind, and active
directory as the backend authentication mechanism for a squid proxy server.
Recently, a challenge has presented itself and I am still seeking an answer.
Currently, my users login to the PCs, VPN connection, etc with just a username.
Ie: jgauthier
I would like to have them login to these services using any number of their
assigned UPNs.
For instance, my email address is a valid UPN in my AD. However, using this
fails authentication. I did some digging and found that wbinfo -n cannot look
up the name:
wbinfo -n jgauthier at validupn.com
Could not lookup name jgauthier at validupn.com
The server logs inform:
[2011/11/28 14:11:21.132945, 3]
winbindd/winbindd_lookupname.c:69(winbindd_lookupname_send)
lookupname validupn.com\jgauthier
[2011/11/28 14:11:21.133057, 5]
winbindd/winbindd_lookupname.c:105(winbindd_lookupname_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
If appears using the AD domain name works just fine. However, I do not want to
use the AD domain name. It is my goal to use one of our *many* possible
secondary UPNs.
I'd appreciate any pointers in achieving this goal.
Thanks,
Jason
