[Samba] Using winbind and UPNs

Jason Gauthier jgauthier at lastar.com
Mon Nov 28 12:11:01 MST 2011

Greetings all,

  I've been a long term user of the samba, ntlm, winbind, and active directory as the backend authentication mechanism for a squid proxy server.  
Recently, a challenge has presented itself and I am still seeking an answer.

Currently, my users login to the PCs, VPN connection, etc with just a username. Ie:  jgauthier
I would like to have them login to these services using any number of their assigned UPNs.

For instance, my email address is a valid UPN in my AD.  However, using this fails authentication.    I did some digging and found that wbinfo -n cannot look up the name:

wbinfo -n jgauthier at validupn.com
Could not lookup name jgauthier at validupn.com

The server logs inform:
[2011/11/28 14:11:21.132945,  3] winbindd/winbindd_lookupname.c:69(winbindd_lookupname_send)
  lookupname validupn.com\jgauthier
[2011/11/28 14:11:21.133057,  5] winbindd/winbindd_lookupname.c:105(winbindd_lookupname_recv)
  Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED

If appears using the AD domain name works just fine.  However, I do not want to use the AD domain name.  It is my goal to use one of our *many* possible secondary UPNs.  

I'd appreciate any pointers in achieving this goal.



More information about the samba mailing list