Does Samba support UPN authentication using NTLM?
Jeremy Allison
jra at samba.org
Wed Aug 31 00:18:04 UTC 2016
On Tue, Aug 30, 2016 at 11:34:51PM +0000, Hemanth Thummala wrote:
> Hi,
>
> We are using samba 4.3.11 stack as a member server. We could see that authentication for UPN(user at domain) formats failing with STATUS NO SUCH USER. Looking at the code, we are not actually converting the UPN to DOMAIN\USER format before contacting the DC. Whereas UPN access works fine with Kerberos auth.
>
> What I understood is that NTLM doesn’t support UPN format. We might want to convert the user format(to DOMAIN\user) before checking with DC which we are not doing currently. I would like to know if there is any plan to support this in future.
>
> On the other hand, I could see that smbclient works with UPN format. Looks like we are converting the name format here to DOMAIN\user. I couldn’t trace out the place where we do this conversion. If we could do the conversion here, can't we use the same thing in winbindd as well?
Can you post the debug level 10 log from the smbclient working
with UPN and converting to DOMAIN\user. We should be able to
spot the point at which the conversion takes place from the
logs produced (and then we can look into doing the same
elsewhere).
More information about the samba-technical
mailing list