thr3ads.net - samba - [Samba] Using pam_winbind and nss_winbind with active directory UPN [Feb 2011]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Uri Simchoni

2011-Feb-22 05:18 UTC

[Samba] Using pam_winbind and nss_winbind with active directory UPN

Hi,
I'm using a samba 3.2.15 connected to active directory Windows 2003 server.
I've been successfully using pam_winbind and nss_winbind for integrating
ftp.
Recently I've been asked to support users who log on using UPN (user at
domain.com instead of DOMAIN\user).
PAM fails authenticating using this user syntax.

For a user whose sAMAccountName is "sam" and userPrincipalName is
"upn", what I get is:
1. wbinfo -K upn%password succeeds
2. wbinfo -K upn at domain%password fails
3. wbinfo -i upn succeeds "for a while" after wbinfo -K succeeds
(after some time it fails, probably it succeeds due to some caching and fails if
nothing's in the cache, not sure about that)
4. wbinfo -i upn at domain always fails

What's the expected samba behavior?

Thanks,
Uri.

samba - Feb 2011 - Using pam_winbind and nss_winbind with active directory UPN

[Samba] Using pam_winbind and nss_winbind with active directory UPN