search for: userprincipalname

Displaying 20 results from an estimated 356 matches for "userprincipalname".

2011 Feb 03
1
Access to s3 shares when userPrincipalName differs from the sAMAccountName
Hello all, I've been trying to use a Samba3 fileserver with security = ADS in a domain where the DC is Samba4. It all seems to work, except for users with long names. What happens is that users can log in to the domain with their userPrincipalName as well as the sAMAccountName. Unfortunately, if the username is longer than 20 characters (which, because of our username = first_name.last_name policy, is the case for a few users), then the userPrincipalName and the sAMAccountName differ. So when users that have logged in using their userPri...
2014 Jan 16
1
userPrincipalName question
Hi all, We're still experimenting with the samba3 -> samba4 upgrade. Lot's of nice progression. :-) ANyway: my question is how to deal with the userPrincipalName AD field. The classicupgrade does not fill this field. Reading up on it, tells me that it appears to be required, and should be something like username at samba4.domain Is this correct? How do you generally deal with this? Do we need to set it? FYI: I have written a php script to migrate many...
2016 Dec 02
6
Samba and kerberized NFSv4
> Does it work if you manually add userPrincipalName=CLIENT02.DOMAIN.TLD to your clients ldap entry and reexport the keytab? I already thought about trying that. So by now, I tried tweaking the client's LDAP entry. Adding userPrincipalName=CLIENT02.DOMAIN.TLD does not succeeed, however, after reviewing the ldap filter once again, I added...
2010 Nov 14
1
dovecot with Active Directory problem
...ost = ldap://xxx.xxx.xxx.xxx:389 search_base = dc=example, dc=com version = 3 timeout = 30 # Active Directory Searcher settings bind = yes bind_dn = cn=Mail Administrator, cn=Users, dc=example, dc=com bind_pw = ********* # Filter Query query_filter = (&(&(objectCategory=person)(|(mail=%s)(userPrincipalName=%s)))(!(userAccountControl:1.2.840.113556.1.4.803:=2))) result_attribute = userPrincipalName result_filter = %s/ chase_referrals = no ------------------------ The packet was done with wireshark by using this definition and a capture doing and a similar test were done to dovecot. It is a setting o...
2015 Jul 01
2
strange: 20 characters max in samAccountName
Thank you both precisions : ) My users have no "@" in their names (samAccountName nor userPrincipalName nor anything) except in mail attribute). >From https://msdn.microsoft.com/en-us/library/ms679635%28v=vs.85%29.aspx which I read before initial post I understand AD can have this limitation of 20 chars if and only if you decide to support (so) old clients (that we should stop thinking about them...
2017 Oct 12
3
Opensolaris-ish joins but does not seem to be valid
...the domain > controller and poked around more. > > Below are some pieces of the log: > > > > > > Kerberos: AS-REQ root/hostname.example.com at EXAMPLE.COM from > ipv4:192.168.0.115:41751 for krbtgt/EXAMPLE.COM at EXAMPLE.COM expr: > (&(objectClass=user)(userPrincipalName=root/hostname.example.com at EXAMPLE.COM)) > expr: (&(objectClass=user)(samAccountName=root/hostname.example.com)) > expr: > (&(servicePrincipalName=root/hostname.example.com)(objectClass=user)) > userPrincipalName: host/hostname.example.com at EXAMPLE.COM > servicePrincipalN...
2015 Jul 02
1
strange: 20 characters max in samAccountName
Thank you again Rowland for precision : ) In userPrincipalName there is a "@". It is forged with cn at ad.domain.tld and cn is forged with firstname.sn, as samAccountName, which often is longer than 20 chars. I'll change that... Thank you again all, have a nice day! mathias 2015-07-01 18:56 GMT+02:00 Rowland Penny <rowlandpenny241155 at gm...
2020 Oct 05
0
Samba SSSD authentication via userPrincipalName does not work because samba claims that the username does not exist.
On 05/10/2020 16:14, Markus Jansen via samba wrote: > Dear all, > > i'm investigating the issue that I can't authenticate against a Samba (as Active-Directory Member) using the userPrincipalName (UPN). (Using Samba and sAMAccountName works fine.) > > After some research I'm quite sure that winbind is limited to the sAMAccountName and can't use UPN. So I deciced to use SSSD and configured the `ldap_user_name = userPrincipalName` in the sssd.conf > > Example: > > *...
2020 Oct 05
2
Samba SSSD authentication via userPrincipalName does not work because samba claims that the username does not exist.
Dear all, i'm investigating the issue that I can't authenticate against a Samba (as Active-Directory Member) using the userPrincipalName (UPN). (Using Samba and sAMAccountName works fine.) After some research I'm quite sure that winbind is limited to the sAMAccountName and can't use UPN. So I deciced to use SSSD and configured the `ldap_user_name = userPrincipalName` in the sssd.conf Example: * sAMAccountName: timfin01 *...
2020 Oct 14
0
Samba SSSD authentication via userPrincipalName does not work because samba claims that the username does not exist.
...t; think they really want you to use sssd with freeipa instead. They have >>> removed openldap, smbldap-tools and libpam-krb5 that I am aware of, >>> there may be others. > Good hint. I switched to Debian Buster - same issue: > > Interestinly, "id tim-upn" (the userPrincipalname) works and refers to > the sAMAccountName. > > "uid=3000(tim-sam) gid=3000(domain users) groups=3000(domain > users),3001(storage-users),1000001(BUILTIN\users). > > "login tim-upn" works, "ssh tim-upn at localhost", too.? Also: "smbclient > -L //lo...
2020 Oct 29
1
authenticate to samba using email address
...n (not an email domain) and the users name, or the > Netbios domain\username. But UPN is written 'domainful', eg 'username at ad.domain.name': root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "DC=ad,DC=fvg,DC=lnf,DC=it" "sAMAccountName=gaio" userPrincipalName | grep ^userPrincipalName: userPrincipalName: gaio at ad.fvg.lnf.it but because is domainful, can be a generic (rather obviously, unique) email? -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo...
2004 Dec 20
0
Auth via ADS: using userPrincipalName as username
Hi, When using winbind, is there a way I could use a user's UPN (userPrincipalName) as their login username instead of DOMAIN (winbind separator) sAMAccountName ? Marc
2008 Dec 23
1
Docu for Winbind using userprincipalName (UPN)
Hi Samba-Group, my name is carsten from cologne. I would like to use samba/winbind in a Windows AD 2k3, 2k8 multi-domain environment as workstation. All users from the AD should be able to logon via ssh for example. It would great to use the MS userprincipalName (UPN). I am using samba 3.2.6.37 from sernet on a centos 5.2 system. The normal authentication by domain+username works fine. Where can I find a howto configure using UPN for Winbind? thanks for any input best carsten -- Psssst! Schon vom neuen GMX MultiMessenger geh?rt? Der kann`s mit allen...
2016 Dec 02
3
Samba and kerberized NFSv4
Am 2016-12-02 12:12, schrieb Rowland Penny via samba: > On Fri, 2 Dec 2016 11:05:50 +0100 > Matthias Kahle via samba <samba at lists.samba.org> wrote: > >> > Does it work if you manually add >> > userPrincipalName=CLIENT02.DOMAIN.TLD to your clients ldap entry >> > and reexport the keytab? >> >> I already thought about trying that. So by now, I tried tweaking the >> client's LDAP entry. >> >> Adding >> >> userPrincipalName=CLIENT02.DOMAIN.TLD >&g...
2017 Oct 12
0
Opensolaris-ish joins but does not seem to be valid
...I threw the log level up to 10 in /etc/smb.conf on the domain controller and poked around more. Below are some pieces of the log: Kerberos: AS-REQ root/hostname.example.com at EXAMPLE.COM from ipv4:192.168.0.115:41751 for krbtgt/EXAMPLE.COM at EXAMPLE.COM expr: (&(objectClass=user)(userPrincipalName=root/hostname.example.com at EXAMPLE.COM)) expr: (&(objectClass=user)(samAccountName=root/hostname.example.com)) expr: (&(servicePrincipalName=root/hostname.example.com)(objectClass=user)) userPrincipalName: host/hostname.example.com at EXAMPLE.COM servicePrincipalName: host/hostn...
2006 Aug 24
1
Joined 2 samba servers to ADS but kinit in winbindd failed for one of them!
...nect for domain YYY failed: Client not found in Kerberos database [2006/08/21 20:15:56, 5, pid=19247] nsswitch/winbindd_util.c:add_trusted_domains(202) Now, when I issue "net ads status" on both SAMBA systems I see the following. On the Machine that has no problem with kinit winbindd: userPrincipalName: HOST/banpfs01@YYY.NET <mailto:HOST/banpfs01@YYY.NET> And operatingSystem: Samba On the Machine that has problem with kinit in winbindd: servicePrincipalName: HOST/sjcpnas03.yyy.net servicePrincipalName: HOST/SJCPNAS03 No info on operatingSystem. So I underhand why kinit is failing, (be...
2019 Mar 28
2
Encoding problem with the unicodePwd stored into sam.ldb
hello, I use Samba 4.9.5 on Linux Debian 9. I want to extract users' passwords. A lot of passwords are ok, some are not. Example with a password returning an error : # ldbsearch -H /var/lib/samba/private/sam.ldb '(primaryGroupID=513)' userPrincipalName unicodePwd .... # record 494 dn: CN=XXX,CN=Users,DC=YYY,DC=ZZZ,DC=fr unicodePwd:: wXQvJaSkn0gvg1POsY9Icw== uidNumber: 5110 userPrincipalName: XXX ... ok. Then, I convert the password from utf-16 to hex : $ echo 'wXQvJaSkn0gvg1POsY9Icw==' | base64 -d -w 0 | hexdump -e '/1 "%02X&quot...
2020 Oct 13
0
Samba SSSD authentication via userPrincipalName does not work because samba claims that the username does not exist.
Thank you very much for your hints. I got rid of SSSD and managed to get a successful kerberos authentication via wbinfo -K and the UPN. But accessing via SMB (using MAC OS' smbutil or Finder) still fails with "FAILED with error NT_STATUS_NO_SUCH_USER". As I'm using CentOS 8, I used authselect to configure winbind integration to PAM (do I really need this for SMB?) and enabled
2016 Dec 02
0
Samba and kerberized NFSv4
Hi Matthias, adding (or better replacing) the userPrincipalName attribute with the nfs/* one, is exactly what you need to do. For some reason the NFS client's request *only* matches the userPrincipalName attribute, while all other services I tried so far are fine when matching one of the values in servicePrincipalName attribute. NFS seems to be a very spe...
2017 Oct 12
0
Opensolaris-ish joins but does not seem to be valid
...ound more. >> >> Below are some pieces of the log: >> >> >> >> >> >> Kerberos: AS-REQ root/hostname.example.com at EXAMPLE.COM from >> ipv4:192.168.0.115:41751 for krbtgt/EXAMPLE.COM at EXAMPLE.COM expr: >> (&(objectClass=user)(userPrincipalName=root/hostname.example.com at EXAMPLE.COM)) >> expr: (&(objectClass=user)(samAccountName=root/hostname.example.com)) >> expr: >> (&(servicePrincipalName=root/hostname.example.com)(objectClass=user)) >> userPrincipalName: host/hostname.example.com at EXAMPLE.COM >&g...