[Samba] Access to s3 shares when userPrincipalName differs from the sAMAccountName
Gerald Carter
jerry at plainjoe.org
Mon Feb 21 13:59:39 MST 2011
(Re-posting to ml...used a non-member address first time accidentally)
On 2/21/2011 12:17 PM, Volker Lendecke wrote:
>>> Ok, what you're saying is that the samaccountname is not
>>> valid as an identifier for the user at all anymore. This
>>> differs from my understanding a bit. I'm out here, the
>>> Kerberos higher-ups need to review the patch, sorry.
>>>
>>> Sorry for stepping in where I have no clue,
>>
>> No, for windows the samAccountName is the *real* username,
>> it's the UPN that may differ for whatever reason.
>
> And which one are we supposed to use for nss?
Hey Volker,
Just based on experience....
My suggestion would to use the DOMAIN\sAMAccountName version
as the canonical representation but allow the UPN in a "getent
passwd <upn>" as an alias. For example,
$ getent passwd ad\\gcarter
AD\gcarter:x:181931072:181928449:Gerald Carter:/home/gcarter:/bin/sh
$ getent passwd gerald.carter at ad
AD\gcarter:x:181931072:181928449:Gerald Carter:/home/gcarter:/bin/sh
$ getent passwd 181931072
AD\gcarter:x:181931072:181928449:Gerald Carter:/home/gcarter:/bin/sh
Cheers, Jerry
More information about the samba-technical
mailing list