[Samba] [samba] strange: 20 characters max in samAccountName
rowlandpenny241155 at gmail.com
Wed Jul 1 16:56:12 UTC 2015
On 01/07/15 17:44, mathias dufresne wrote:
> Thank you both precisions : )
> My users have no "@" in their names (samAccountName nor userPrincipalName
> nor anything) except in mail attribute).
What have you got in userPrincipalName ?
> From https://msdn.microsoft.com/en-us/library/ms679635%28v=vs.85%29.aspx
> which I read before initial post I understand AD can have this limitation
> of 20 chars if and only if you decide to support (so) old clients (that we
> should stop thinking about them).
No, you cannot have more than 20 characters, it is set like this to
support old clients, you do not get a choice.
> In first table the limit of 20 chars is there.
> In others tables this limit seems to me pushed up to 256 characters
> (range-upper line).
range-upper != size
> Now I can read this table in the wrong way (that won't be the first time
> :), but I thought this limit was removed with AD without the option to
> support old clients...
No it wasn't
> 2015-07-01 17:30 GMT+02:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
>> Hello Mathias,
>> as Rowland already said, it's an AD limitation.
>> Am 01.07.2015 um 16:44 schrieb mathias dufresne:
>>> I can log in using administrator account or any other having a short
>>> (enough) samAccountName.
>>> I tried to add @ad.domain.tld to samAccountName during log in process
>>> without any success.
>> Even if the @ character is allowed, your sAMAccountName attributes
>> should't contain it! You will run into problems some day with it. It's
>> the same with spaces, umlauts, etc.
>> If you see someone login with user at samdom.example.com, then this usually
>> isn't the sAMAccountName attribute. It's the value from the
>> userPrincipalName attribute.
>> If the account doesn't have a userPrincipalName attribute set, then you
>> can only use the value from sAMAccountName for login.
More information about the samba