[Samba] Using pam_winbind and nss_winbind with active directory UPN

Uri Simchoni uri_simchoni at hotmail.com
Mon Feb 21 22:18:20 MST 2011

I'm using a samba 3.2.15 connected to active directory Windows 2003 server.
I've been successfully using pam_winbind and nss_winbind for integrating ftp.
Recently I've been asked to support users who log on using UPN (user at domain.com instead of DOMAIN\user).
PAM fails authenticating using this user syntax.

For a user whose sAMAccountName is "sam" and userPrincipalName is "upn", what I get is:
1. wbinfo -K upn%password succeeds
2. wbinfo -K upn at domain%password fails
3. wbinfo -i upn succeeds "for a while" after wbinfo -K succeeds (after some time it fails, probably it succeeds due to some caching and fails if nothing's in the cache, not sure about that)
4. wbinfo -i upn at domain always fails

What's the expected samba behavior?



More information about the samba mailing list