[Samba] Access to s3 shares when userPrincipalName differs from the sAMAccountName

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon Feb 21 13:03:58 MST 2011

On Mon, Feb 21, 2011 at 02:42:26PM -0500, simo wrote:
> On Mon, 2011-02-21 at 20:38 +0100, Volker Lendecke wrote:
> technically SamAccountName can be completely different from the UPN
> which is what is used as a principal name. So it is safe to check if the
> samaccountname in the PAC differs from the principal, and use that as
> the username in case they differ.
> We may also want to cache the principal -> samaccoutnname mapping if
> that is useful elsewhere.

Ok, what you're saying is that the samaccountname is not
valid as an identifier for the user at all anymore. This
differs from my understanding a bit. I'm out here, the
Kerberos higher-ups need to review the patch, sorry.

Sorry for stepping in where I have no clue,


More information about the samba-technical mailing list