Rowland penny
2020-Dec-03 15:47 UTC
[Samba] winbind use default domain and alternative UPN Suffix. Samba as Domain Member.
On 03/12/2020 14:34, Markus Jansen wrote:> Thanks so much for the quick reply. > > Maybe I should make my issue clearer. I want to use the UPN for login, > because the sAMAccountName's limitation of 20 characters leads to cut > off usernnames like "Maria Antunes-Mariotes" -> maria.antunes-mariot . I > want to users to use their full firstname.lastname without '@test.de' > for login purposes, i.e. maria.antunes-mariotes. The UPN is > maria.antunes-mariotes at test.de . Is that even possible? >You seem to be conflating the UPN with the sAMAccountName, whilst they both can be used to login, they can be different. As you say, the sAMAccountName is limited to 20 characters, but the UPN can be longer. The UPN consists of a prefix and suffix joined with an '@' sign, the prefix can be a long name and the suffix is a dns domain (though it doesn't have to be the AD domain) i.e. it looks like an email address. Lets take an example, the user Fred Bloggs is a user in the SAMDOM.EXAMPLE.COM realm, his sAMAccountName is 'fred', but his UPN could be 'fred at samdom.example.com' or 'fred.bloggs at samdom.example.com' or 'fred.bloggs at gmail.com' or anything that looks like an email address. He will be to log in using his sAMAccountName or UPN, but he cannot log in using the UPN prefix. Rowland
Markus Jansen
2020-Dec-09 14:22 UTC
[Samba] winbind use default domain and alternative UPN Suffix. Samba as Domain Member.
Thanks Rowland, that makes things more clearly to me! Am 03.12.20 um 16:47 schrieb Rowland penny via samba:> On 03/12/2020 14:34, Markus Jansen wrote: >> Thanks so much for the quick reply. >> >> Maybe I should make my issue clearer. I want to use the UPN for login, >> because the sAMAccountName's limitation of 20 characters leads to cut >> off usernnames like "Maria Antunes-Mariotes" -> maria.antunes-mariot . I >> want to users to use their full firstname.lastname without '@test.de' >> for login purposes, i.e. maria.antunes-mariotes. The UPN is >> maria.antunes-mariotes at test.de . Is that even possible? >> > You seem to be conflating the UPN with the sAMAccountName, whilst they > both can be used to login, they can be different. As you say, the > sAMAccountName is limited to 20 characters, but the UPN can be longer. > The UPN consists of a prefix and suffix joined with an '@' sign, the > prefix can be a long name and the suffix is a dns domain (though it > doesn't have to be the AD domain) i.e. it looks like an email address. > > Lets take an example, the user Fred Bloggs is a user in the > SAMDOM.EXAMPLE.COM realm, his sAMAccountName is 'fred', but his UPN > could be 'fred at samdom.example.com' or 'fred.bloggs at samdom.example.com' > or 'fred.bloggs at gmail.com' or anything that looks like an email address. > > He will be to log in using his sAMAccountName or UPN, but he cannot > log in using the UPN prefix. > > Rowland > > >-- Markus Jansen Christian Schmitz EDV System and Networkadministration Tel.: 0049 (0) 1520 2851228