Using upn for winbind login

Diego Zuccato diego.zuccato at
Mon Jan 26 14:20:53 GMT 2009

Hello all.

I know I'm bringing up an old topic, but I couldn't find any solution.

Here at unibo we have quite a complex AD struct, but I'm interested only in two domains: PERSONALE.DIR.UNIBO.IT and STUDENTI.DIR.UNIBO.IT .

I'd need to authenticate some users (placed in an appropriate AD group), from both domains, on a machine joined to PERSONALE, using their upn as login name. The bit that's not working is the "using upn as login name": I can correctly login by personale+diego.zuccato (personale+ is optional, since it's the default domain) but fail when I try to login with my upn.
Seems winbind parameter krb5_auth have no effect (IIUC upn login is handled by Kerberor5).
The really strange thing is that, in auth.log, I have two lines like:
... pam_winbind(login:auth): user 'diego.zuccato at' Ok

"wbinfo -n diego.zuccato at" returns my SID. And it works for users in the other domain, too.
I'm sure I'm missing something, but can't spot WHAT :-(

Could someone please point me in the right direction?


Diego Zuccato
Servizi Informatici

Dip. di Astronomia - Università di Bologna
Via Ranzani, 1 - 40126 Bologna - Italy
tel.: +39 051 20 95792
mail: diego.zuccato at 

More information about the samba-technical mailing list