winbind pam login using enterprise names
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Feb 23 08:53:01 MST 2011
On Wed, Feb 23, 2011 at 05:31:09PM +0200, Uri Simchoni wrote:
> I just tried "winbind normalize names", and it didn't
> work. I think it's not just a name issue.
>
> Suppose I define a new user in "Active Directory Users and
> Computers". There's the "user logon name" which maps to
> userPrincipalName and the pre-Windows 2000 name which maps
> to sAMAccountName. The user logon name doesn't have to be
> something at mydomain.com - I can add another suffix to the
> domain, say "mysuffix" and set the logon name to
> "something at mysuffix".
> So in order to identify the user in upn form I need to
> supply, at the networking level, the entire
> userPrincipalName. Just the part before the '@' is not
> unique.
>
> I therefore tried "wbinfo -K something at mysuffix%password"
> and it didn't work. Then I did some studying.
>
> If I'm not mistaken, "upn at mysuffix" is what's called an
> Enterprise name (an alias to the real account name) and a
> whole different negotiation is needed to work with it (as
> I indicated in my original message - using a name type of
> "Enterprise Name" and adding the "Canonicalize" KDC
> option). But then I got cold feet - hasn't this been
> solved already? it's been around in Windows domains since
> Win2k...
Please apologize that Samba is not fulfilling your needs in
this respect. Samba is driven by user demand and developer
interest. If it does not fulfill your needs, you have 4
choices:
* Implement the stuff yourself
* Pay a developer to implement it
* Wait for it to appear
* Choose a different solution like Windows
Samba is not a perfect replacement for Windows. We are
trying to match what our users expect, but our development
resources are limited. If you need every feature that
Windows offers, then it might be the best solution for you
to choose Windows for your needs.
With best regards,
Volker Lendecke
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
More information about the samba-technical
mailing list