[Samba] winbind use default domain and alternative UPN Suffix. Samba as Domain Member.
rpenny at samba.org
Thu Dec 3 15:47:33 UTC 2020
On 03/12/2020 14:34, Markus Jansen wrote:
> Thanks so much for the quick reply.
> Maybe I should make my issue clearer. I want to use the UPN for login,
> because the sAMAccountName's limitation of 20 characters leads to cut
> off usernnames like "Maria Antunes-Mariotes" -> maria.antunes-mariot . I
> want to users to use their full firstname.lastname without '@test.de'
> for login purposes, i.e. maria.antunes-mariotes. The UPN is
> maria.antunes-mariotes at test.de . Is that even possible?
You seem to be conflating the UPN with the sAMAccountName, whilst they
both can be used to login, they can be different. As you say, the
sAMAccountName is limited to 20 characters, but the UPN can be longer.
The UPN consists of a prefix and suffix joined with an '@' sign, the
prefix can be a long name and the suffix is a dns domain (though it
doesn't have to be the AD domain) i.e. it looks like an email address.
Lets take an example, the user Fred Bloggs is a user in the
SAMDOM.EXAMPLE.COM realm, his sAMAccountName is 'fred', but his UPN
could be 'fred at samdom.example.com' or 'fred.bloggs at samdom.example.com'
or 'fred.bloggs at gmail.com' or anything that looks like an email address.
He will be to log in using his sAMAccountName or UPN, but he cannot log
in using the UPN prefix.
More information about the samba