[Samba] winbind use default domain and alternative UPN Suffix. Samba as Domain Member.

Rowland penny rpenny at samba.org
Thu Dec 3 15:47:33 UTC 2020

On 03/12/2020 14:34, Markus Jansen wrote:
> Thanks so much for the quick reply.
> Maybe I should make my issue clearer. I want to use the UPN for login,
> because the sAMAccountName's limitation of 20 characters leads to cut
> off usernnames like "Maria Antunes-Mariotes" -> maria.antunes-mariot . I
> want to users to use their full firstname.lastname without '@test.de'
> for login purposes, i.e. maria.antunes-mariotes. The UPN is
> maria.antunes-mariotes at test.de . Is that even possible?
You seem to be conflating the UPN with the sAMAccountName, whilst they 
both can be used to login, they can be different. As you say, the 
sAMAccountName is limited to 20 characters, but the UPN can be longer. 
The UPN consists of a prefix and suffix joined with an '@' sign, the 
prefix can be a long name and the suffix is a dns domain (though it 
doesn't have to be the AD domain) i.e. it looks like an email address.

Lets take an example, the user Fred Bloggs is a user in the 
SAMDOM.EXAMPLE.COM realm, his sAMAccountName is 'fred', but his UPN 
could be 'fred at samdom.example.com' or 'fred.bloggs at samdom.example.com' 
or 'fred.bloggs at gmail.com' or anything that looks like an email address.

He will be to log in using his sAMAccountName or UPN, but he cannot log 
in using the UPN prefix.


More information about the samba mailing list