winbind pam login using enterprise names

Uri Simchoni uri_simchoni at
Wed Feb 23 07:13:15 MST 2011


I've been trying to make my samba setup (3.2.15) support PAM logins using upn format (user at suffix).

Looking a what a Windows client does (WinXP), it appears that it implements something similar to draft-ietf-krb-wg-kerberos-referrals - 
Supply a client's Enterprise name and ask the DC to cannonicalize it.

There doesn't seem to be support in Samba3 for this stuff, and even with Heimdal it looks like changes need to be made to support the TGS exchange (I've gotten past the AS).

Am I missing something? This looked like pretty basic stuff, and the upn syntax is supposed to be the "new way of doing things" in Microsoft...



More information about the samba-technical mailing list