Hi, On 10/29/20 12:51 PM, Rowland penny via samba wrote:> Are we talking from Windows here ?Yes.> If so, then 'username at dns.domain.com' should work.dns in the above sample meaning the samba AD dns name, i guess..? In that case, that basically means username at samba.domain.com, or username at realm, which also equals the above) That is still something for our end users to remember specifically (and use only) when accessing the domain member fileservers. I was actually hoping someone knew a clever way to make username at domain.com work for samba access. MJ
On 29/10/2020 12:05, mj via samba wrote:> dns in the above sample meaning the samba AD dns name, i guess..? > > In that case, that basically means username at samba.domain.com, or > username at realm, which also equals the above) > > That is still something for our end users to remember specifically > (and use only) when accessing the domain member fileservers. > > I was actually hoping someone knew a clever way to make > username at domain.com work for samba access.You are authenticating to AD, so you need to use information that AD understands, its dns domain (not an email domain) and the users name, or the Netbios domain\username. Rowland
Mandi! Rowland penny via samba In chel di` si favelave...> You are authenticating to AD, so you need to use information that AD > understands, its dns domain (not an email domain) and the users name, or the > Netbios domain\username.But UPN is written 'domainful', eg 'username at ad.domain.name': root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "DC=ad,DC=fvg,DC=lnf,DC=it" "sAMAccountName=gaio" userPrincipalName | grep ^userPrincipalName: userPrincipalName: gaio at ad.fvg.lnf.it but because is domainful, can be a generic (rather obviously, unique) email? -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On Thu, 2020-10-29 at 12:13 +0000, Rowland penny via samba wrote:> On 29/10/2020 12:05, mj via samba wrote: > > dns in the above sample meaning the samba AD dns name, i guess..? > > > > In that case, that basically means username at samba.domain.com, or > > username at realm, which also equals the above) > > > > That is still something for our end users to remember specifically > > (and use only) when accessing the domain member fileservers. > > > > I was actually hoping someone knew a clever way to make > > username at domain.com work for samba access. > > You are authenticating to AD, so you need to use information that AD > understands, its dns domain (not an email domain) and the users name, > or > the Netbios domain\username.The UPN can be in a different domain. For full trust routing in complex forests you need to fill in a table somewhere, but Samba doesn't really care, it just searches for it as a string. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba