[Samba] Access to s3 shares when userPrincipalName differs from the sAMAccountName

simo idra at samba.org
Mon Feb 21 13:09:14 MST 2011

On Mon, 2011-02-21 at 21:03 +0100, Volker Lendecke wrote:
> On Mon, Feb 21, 2011 at 02:42:26PM -0500, simo wrote:
> > On Mon, 2011-02-21 at 20:38 +0100, Volker Lendecke wrote:
> > technically SamAccountName can be completely different from the UPN
> > which is what is used as a principal name. So it is safe to check if the
> > samaccountname in the PAC differs from the principal, and use that as
> > the username in case they differ.
> > 
> > We may also want to cache the principal -> samaccoutnname mapping if
> > that is useful elsewhere.
> Ok, what you're saying is that the samaccountname is not
> valid as an identifier for the user at all anymore. This
> differs from my understanding a bit. I'm out here, the
> Kerberos higher-ups need to review the patch, sorry.
> Sorry for stepping in where I have no clue,

No, for windows the samAccountName is the *real* username,
it's the UPN that may differ for whatever reason.


Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the samba-technical mailing list