[Samba] [samba] strange: 20 characters max in samAccountName

mathias dufresne infractory at gmail.com
Wed Jul 1 16:44:32 UTC 2015


Thank you both precisions : )

My users have no "@" in their names (samAccountName nor userPrincipalName
nor anything) except in mail attribute).

>From https://msdn.microsoft.com/en-us/library/ms679635%28v=vs.85%29.aspx
which I read before initial post I understand AD can have this limitation
of 20 chars if and only if you decide to support (so) old clients (that we
should stop thinking about them).
In first table the limit of 20 chars is there.
In others tables this limit seems to me pushed up to 256 characters
(range-upper line).

Now I can read this table in the wrong way (that won't be the first time
:), but I thought this limit was removed with AD without the option to
support old clients...

2015-07-01 17:30 GMT+02:00 Marc Muehlfeld <mmuehlfeld at samba.org>:

> Hello Mathias,
>
> as Rowland already said, it's an AD limitation.
>
>
> Am 01.07.2015 um 16:44 schrieb mathias dufresne:
> > I can log in using administrator account or any other having a short
> > (enough) samAccountName.
> > I tried to add @ad.domain.tld to samAccountName during log in process
> > without any success.
>
> Even if the @ character is allowed, your sAMAccountName attributes
> should't contain it! You will run into problems some day with it. It's
> the same with spaces, umlauts, etc.
>
> If you see someone login with user at samdom.example.com, then this usually
> isn't the sAMAccountName attribute. It's the value from the
> userPrincipalName attribute.
>
> http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-76-18/3568.HSG_2D00_8_2D00_13_2D00_13_2D00_01.png
>
> If the account doesn't have a userPrincipalName attribute set, then you
> can only use the value from sAMAccountName for login.
>
>
> Regards,
> Marc
>


More information about the samba mailing list