similar to: Auth via ADS: using userPrincipalName as username

On 05/10/2020 16:14, Markus Jansen via samba wrote: > Dear all, > > i'm investigating the issue that I can't authenticate against a Samba (as Active-Directory Member) using the userPrincipalName (UPN). (Using Samba and sAMAccountName works fine.) > > After some research I'm quite sure that winbind is limited to the sAMAccountName and can't use UPN. So I deciced to

Dear all, i'm investigating the issue that I can't authenticate against a Samba (as Active-Directory Member) using the userPrincipalName (UPN). (Using Samba and sAMAccountName works fine.) After some research I'm quite sure that winbind is limited to the sAMAccountName and can't use UPN. So I deciced to use SSSD and configured the `ldap_user_name = userPrincipalName` in the

On 14/10/2020 15:07, Markus Jansen via samba wrote: > Am 14.10.20 um 08:31 schrieb Nico Kadel-Garcia via samba: >> On Tue, Oct 13, 2020 at 10:30 AM Rowland penny via samba >> <samba at lists.samba.org> wrote: >>> On 13/10/2020 15:01, Markus Jansen via samba wrote: >>>> Thank you very much for your hints. >>>> >>>> I got rid of SSSD

Am 14.10.20 um 16:19 schrieb Rowland penny via samba: > On 14/10/2020 15:07, Markus Jansen via samba wrote: >> Am 14.10.20 um 08:31 schrieb Nico Kadel-Garcia via samba: >>> On Tue, Oct 13, 2020 at 10:30 AM Rowland penny via samba >>> <samba at lists.samba.org> wrote: >>>> On 13/10/2020 15:01, Markus Jansen via samba wrote: >>>>> Thank you

Am 14.10.20 um 08:31 schrieb Nico Kadel-Garcia via samba: > On Tue, Oct 13, 2020 at 10:30 AM Rowland penny via samba > <samba at lists.samba.org> wrote: >> On 13/10/2020 15:01, Markus Jansen via samba wrote: >>> Thank you very much for your hints. >>> >>> I got rid of SSSD and managed to get a successful kerberos >>> authentication via wbinfo

Thank you very much for your hints. I got rid of SSSD and managed to get a successful kerberos authentication via wbinfo -K and the UPN. But accessing via SMB (using MAC OS' smbutil or Finder) still fails with "FAILED with error NT_STATUS_NO_SUCH_USER". As I'm using CentOS 8, I used authselect to configure winbind integration to PAM (do I really need this for SMB?) and enabled

On 13/10/2020 15:01, Markus Jansen via samba wrote: > Thank you very much for your hints. > > I got rid of SSSD and managed to get a successful kerberos > authentication via wbinfo -K and the UPN. > > But accessing via SMB (using MAC OS' smbutil or Finder) still fails with > "FAILED with error NT_STATUS_NO_SUCH_USER". > > As I'm using CentOS 8, I used

On Mon, Oct 5, 2020 at 11:46 AM Rowland penny via samba <samba at lists.samba.org> wrote: > You cannot use sssd with Samba >= 4.8.0 even red-hat tells you this. And sssd is *not* your friend if you do anything remotely sophisticated. It's configuration tools erase any sophisticated setups in sssd. For any even repotely sophisticated setup, I'll encourage you to configure

Hello all, I've been trying to use a Samba3 fileserver with security = ADS in a domain where the DC is Samba4. It all seems to work, except for users with long names. What happens is that users can log in to the domain with their userPrincipalName as well as the sAMAccountName. Unfortunately, if the username is longer than 20 characters (which, because of our username =

On Tue, Oct 13, 2020 at 10:30 AM Rowland penny via samba <samba at lists.samba.org> wrote: > > On 13/10/2020 15:01, Markus Jansen via samba wrote: > > Thank you very much for your hints. > > > > I got rid of SSSD and managed to get a successful kerberos > > authentication via wbinfo -K and the UPN. > > > > But accessing via SMB (using MAC OS'

Hi Samba-Group, my name is carsten from cologne. I would like to use samba/winbind in a Windows AD 2k3, 2k8 multi-domain environment as workstation. All users from the AD should be able to logon via ssh for example. It would great to use the MS userprincipalName (UPN). I am using samba 3.2.6.37 from sernet on a centos 5.2 system. The normal authentication by domain+username works fine.

Hi Louis, 2016-08-29 16:18 GMT+02:00 L.P.H. van Belle via samba <samba at lists.samba.org >: > Hai > > > > After my squid group adventure, i have a remaining question here. > > > > The problem was as followed. ( and this probely dont applie to squid > kerberos helpers only. ) > > > > samba-tool setup for squid i used, was as followed. > >

Mandi! Rowland penny via samba In chel di` si favelave... > You are authenticating to AD, so you need to use information that AD > understands, its dns domain (not an email domain) and the users name, or the > Netbios domain\username. But UPN is written 'domainful', eg 'username at ad.domain.name': root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b

And reading last mails comforts me in believing the filter used by client side to retrieve user is not correct, that filter should use SPN then you won't need to set up SPN into UPN field. 2016-08-30 15:55 GMT+02:00 mathias dufresne <infractory at gmail.com>: > Hi Louis, > > > 2016-08-29 16:18 GMT+02:00 L.P.H. van Belle via samba < > samba at lists.samba.org>: >

Hello, Now, I'm faced with a problem: I need to be able to login using the same username that I bind against using ldapsearch, and not the sAMAccountName given to me via winbind. ie. to login using one of my AD usernames right now, I issue: su - ADSDOMAIN+username1 but the binddn I use to search the ldap directory is, say, username2: ldapsearch -x -W -D"username2"

On 22/02/2023 08:45, Leon Benthaus via samba wrote: > Dear all, > > since I didn't get an answer I would carefully ask again. Maybe this is just a quick yes or no question: > > Is there any known way to get winbind to accept UPNs as username instead of the samaccountname? All the threads I found online regarding this are really old. > > Best, > Leon NO Well,

See inline comments. On Wed, 7 Sep 2016 09:12:35 +0000 Julian Zielke <jzielke at next-level-integration.com> wrote: > > > > smb.conf: > Can you try this smb.conf: [global] workgroup = MYDOMAIN realm = MYDOMAIN.local netbios name = vmu09tcse01 dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab server string = Samba AD Client Version %v

I did tried to use ldapmodify to modify RDN (as CN is used for group membership and also used to forge DN) and this change was reflected into the group this belongs to. As ldapmodify is external tool, as it works well with that external tool, I would expect internal tools provided by Samba or MS are working well too. Anyway Julian you should check if the change is reflected into groups. You

Thank you again Rowland for precision : ) In userPrincipalName there is a "@". It is forged with cn at ad.domain.tld and cn is forged with firstname.sn, as samAccountName, which often is longer than 20 chars. I'll change that... Thank you again all, have a nice day! mathias 2015-07-01 18:56 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 01/07/15 17:44,

On 01/07/15 17:44, mathias dufresne wrote: > Thank you both precisions : ) > > My users have no "@" in their names (samAccountName nor userPrincipalName > nor anything) except in mail attribute). What have you got in userPrincipalName ? > > From https://msdn.microsoft.com/en-us/library/ms679635%28v=vs.85%29.aspx > which I read before initial post I understand AD