[Samba] auth. username rewriting?

Marc Lanctot marc.lanctot at mail.mcgill.ca
Mon Dec 13 16:38:24 GMT 2004

Marc Lanctot wrote:
> Hello,

(oops, I should not have deleted that first paragraph).

Basically, I just got a Linux machine to authenticate over via Active 
Directory Windows 2003 Domain Controller.

> Now, I'm faced with a problem: I need to be able to login using the same 
> username that I bind against using ldapsearch, and not the 
> sAMAccountName given to me via winbind.
> ie. to login using one of my AD usernames right now, I issue:
>   su - ADSDOMAIN+username1
> but the binddn I use to search the ldap directory is, say, username2:
>   ldapsearch -x -W -D"username2" samaccountname=bla
> I'd like to be able to do:
>   su - ADSDOMAIN+username2
> and for winbind to recognize username1 and username2 as the same user 
> account, and authenticate over the Active Directory server using 
> username1. Then, I can have a list of the username mappings in a file, 
> or obtain them via LDAP.
> I've searched around and couldn't find anything (the username map field 
> in smb.conf seems to be for something else).. and what comes to mind is 
> Apache's URL rewriting: I need something similar to this but for usernames.
> Is this possible via Samba/Winbind? If not, is there a way I can do it 
> through PAM?
> Any help is appreicated, thanks.
> Marc

"You must cut down the largest tree in the forest ... with ... a herring!!"
   -- Monty Python

More information about the samba mailing list