[Samba] Using winbind and UPNs
jgauthier at lastar.com
Mon Nov 28 12:11:01 MST 2011
I've been a long term user of the samba, ntlm, winbind, and active directory as the backend authentication mechanism for a squid proxy server.
Recently, a challenge has presented itself and I am still seeking an answer.
Currently, my users login to the PCs, VPN connection, etc with just a username. Ie: jgauthier
I would like to have them login to these services using any number of their assigned UPNs.
For instance, my email address is a valid UPN in my AD. However, using this fails authentication. I did some digging and found that wbinfo -n cannot look up the name:
wbinfo -n jgauthier at validupn.com
Could not lookup name jgauthier at validupn.com
The server logs inform:
[2011/11/28 14:11:21.132945, 3] winbindd/winbindd_lookupname.c:69(winbindd_lookupname_send)
[2011/11/28 14:11:21.133057, 5] winbindd/winbindd_lookupname.c:105(winbindd_lookupname_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
If appears using the AD domain name works just fine. However, I do not want to use the AD domain name. It is my goal to use one of our *many* possible secondary UPNs.
I'd appreciate any pointers in achieving this goal.
More information about the samba