[Samba] [samba] strange: 20 characters max in samAccountName
mathias dufresne
infractory at gmail.com
Thu Jul 2 08:43:45 UTC 2015
Thank you again Rowland for precision : )
In userPrincipalName there is a "@". It is forged with cn at ad.domain.tld
and cn is forged with firstname.sn, as samAccountName, which often is
longer than 20 chars.
I'll change that...
Thank you again all, have a nice day!
mathias
2015-07-01 18:56 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 01/07/15 17:44, mathias dufresne wrote:
>
>> Thank you both precisions : )
>>
>> My users have no "@" in their names (samAccountName nor userPrincipalName
>> nor anything) except in mail attribute).
>>
>
> What have you got in userPrincipalName ?
>
>
>> From https://msdn.microsoft.com/en-us/library/ms679635%28v=vs.85%29.aspx
>> which I read before initial post I understand AD can have this limitation
>> of 20 chars if and only if you decide to support (so) old clients (that we
>> should stop thinking about them).
>>
>
> No, you cannot have more than 20 characters, it is set like this to
> support old clients, you do not get a choice.
>
> In first table the limit of 20 chars is there.
>> In others tables this limit seems to me pushed up to 256 characters
>> (range-upper line).
>>
>
> range-upper != size
>
>
>> Now I can read this table in the wrong way (that won't be the first time
>> :), but I thought this limit was removed with AD without the option to
>> support old clients...
>>
>
> No it wasn't
>
> Rowland
>
>
>> 2015-07-01 17:30 GMT+02:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
>>
>> Hello Mathias,
>>>
>>> as Rowland already said, it's an AD limitation.
>>>
>>>
>>> Am 01.07.2015 um 16:44 schrieb mathias dufresne:
>>>
>>>> I can log in using administrator account or any other having a short
>>>> (enough) samAccountName.
>>>> I tried to add @ad.domain.tld to samAccountName during log in process
>>>> without any success.
>>>>
>>> Even if the @ character is allowed, your sAMAccountName attributes
>>> should't contain it! You will run into problems some day with it. It's
>>> the same with spaces, umlauts, etc.
>>>
>>> If you see someone login with user at samdom.example.com, then this usually
>>> isn't the sAMAccountName attribute. It's the value from the
>>> userPrincipalName attribute.
>>>
>>>
>>> http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-76-18/3568.HSG_2D00_8_2D00_13_2D00_13_2D00_01.png
>>>
>>> If the account doesn't have a userPrincipalName attribute set, then you
>>> can only use the value from sAMAccountName for login.
>>>
>>>
>>> Regards,
>>> Marc
>>>
>>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list