Hi, Perhaps a strange question, but is it possible to configure samba to accept an emailaddress as a username for authentication to a UNC network path? (so: "username at domain.com" next to the standard "DOMAIN\username" or "username at samba.domain.com") Some of our users access a samba UNC network path over VPN, while working from home. They often have difficulties remembering the correct username format. If we could somehow arrange for emailaddress to work too, it would align samba authentication to the rest of our external logons, like websites, email, VPN, etc. All of those use emailaddress as a username. We're running latest samba in AD config. The question is about access to a linux domain member server. Curious. MJ
On 29/10/2020 11:36, mj via samba wrote:> Hi, > > Perhaps a strange question, but is it possible to configure samba to > accept an emailaddress as a username for authentication to a UNC > network path? > > (so: "username at domain.com" next to the standard "DOMAIN\username" or > "username at samba.domain.com") > > Some of our users access a samba UNC network path over VPN, while > working from home. They often have difficulties remembering the > correct username format. > > If we could somehow arrange for emailaddress to work too, it would > align samba authentication to the rest of our external logons, like > websites, email, VPN, etc. All of those use emailaddress as a username. > > We're running latest samba in AD config. The question is about access > to a linux domain member server. > > Curious. > > MJ >Are we talking from Windows here ? If so, then 'username at dns.domain.com' should work. Rowland
Hi, On 10/29/20 12:51 PM, Rowland penny via samba wrote:> Are we talking from Windows here ?Yes.> If so, then 'username at dns.domain.com' should work.dns in the above sample meaning the samba AD dns name, i guess..? In that case, that basically means username at samba.domain.com, or username at realm, which also equals the above) That is still something for our end users to remember specifically (and use only) when accessing the domain member fileservers. I was actually hoping someone knew a clever way to make username at domain.com work for samba access. MJ
On Thu, Oct 29, 2020 at 7:37 AM mj via samba <samba at lists.samba.org> wrote:> > Hi, > > Perhaps a strange question, but is it possible to configure samba to > accept an emailaddress as a username for authentication to a UNC network > path?It would be.... well, like running a gasoline motor on diesel fuel, The underlying Kerveros is *not* based on handling email address to identify credentials, and usernames with '@' characters in them will break utilities like SSH where 'username at hostname" means "log in as this username at that hostname".> (so: "username at domain.com" next to the standard "DOMAIN\username" or > "username at samba.domain.com") > > Some of our users access a samba UNC network path over VPN, while > working from home. They often have difficulties remembering the correct > username format.Yeah. "DOMAIN" is the name of the LDAP domain, and need not have anything to do with anything else in the world.> If we could somehow arrange for emailaddress to work too, it would align > samba authentication to the rest of our external logons, like websites, > email, VPN, etc. All of those use emailaddress as a username.There are multi-factor authentican vendors who support this, you log in with your email addres at the corporate website and get a token for other services. But it has its own issues and limitations.> We're running latest samba in AD config. The question is about access to > a linux domain member server. > > Curious. > > MJ > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Thu, 2020-10-29 at 12:36 +0100, mj via samba wrote:> Hi, > > Perhaps a strange question, but is it possible to configure samba to > accept an emailaddress as a username for authentication to a UNC > network > path? > > (so: "username at domain.com" next to the standard "DOMAIN\username" or > "username at samba.domain.com") > > Some of our users access a samba UNC network path over VPN, while > working from home. They often have difficulties remembering the > correct > username format.NTLM authentication using the userPrincipalName on their AD record should work. The domain is "" if asked. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba