Using upn for winbind login
diego.zuccato at unibo.it
Mon Jan 26 14:20:53 GMT 2009
I know I'm bringing up an old topic, but I couldn't find any solution.
Here at unibo we have quite a complex AD struct, but I'm interested only in two domains: PERSONALE.DIR.UNIBO.IT and STUDENTI.DIR.UNIBO.IT .
I'd need to authenticate some users (placed in an appropriate AD group), from both domains, on a machine joined to PERSONALE, using their upn as login name. The bit that's not working is the "using upn as login name": I can correctly login by personale+diego.zuccato (personale+ is optional, since it's the default domain) but fail when I try to login with my upn.
Seems winbind parameter krb5_auth have no effect (IIUC upn login is handled by Kerberor5).
The really strange thing is that, in auth.log, I have two lines like:
... pam_winbind(login:auth): user 'diego.zuccato at unibo.it' Ok
"wbinfo -n diego.zuccato at unibo.it" returns my SID. And it works for users in the other domain, too.
I'm sure I'm missing something, but can't spot WHAT :-(
Could someone please point me in the right direction?
Dip. di Astronomia - Università di Bologna
Via Ranzani, 1 - 40126 Bologna - Italy
tel.: +39 051 20 95792
mail: diego.zuccato at unibo.it
More information about the samba-technical