Uri Simchoni
2011-Feb-22 05:18 UTC
[Samba] Using pam_winbind and nss_winbind with active directory UPN
Hi, I'm using a samba 3.2.15 connected to active directory Windows 2003 server. I've been successfully using pam_winbind and nss_winbind for integrating ftp. Recently I've been asked to support users who log on using UPN (user at domain.com instead of DOMAIN\user). PAM fails authenticating using this user syntax. For a user whose sAMAccountName is "sam" and userPrincipalName is "upn", what I get is: 1. wbinfo -K upn%password succeeds 2. wbinfo -K upn at domain%password fails 3. wbinfo -i upn succeeds "for a while" after wbinfo -K succeeds (after some time it fails, probably it succeeds due to some caching and fails if nothing's in the cache, not sure about that) 4. wbinfo -i upn at domain always fails What's the expected samba behavior? Thanks, Uri.