[Samba] [samba] strange: 20 characters max in samAccountName

Marc Muehlfeld mmuehlfeld at samba.org
Wed Jul 1 15:30:43 UTC 2015


Hello Mathias,

as Rowland already said, it's an AD limitation.


Am 01.07.2015 um 16:44 schrieb mathias dufresne:
> I can log in using administrator account or any other having a short
> (enough) samAccountName.
> I tried to add @ad.domain.tld to samAccountName during log in process
> without any success.

Even if the @ character is allowed, your sAMAccountName attributes
should't contain it! You will run into problems some day with it. It's
the same with spaces, umlauts, etc.

If you see someone login with user at samdom.example.com, then this usually
isn't the sAMAccountName attribute. It's the value from the
userPrincipalName attribute.
http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-76-18/3568.HSG_2D00_8_2D00_13_2D00_13_2D00_01.png

If the account doesn't have a userPrincipalName attribute set, then you
can only use the value from sAMAccountName for login.


Regards,
Marc


More information about the samba mailing list