[Samba] winbind use default domain and alternative UPN Suffix. Samba as Domain Member.

Markus Jansen jansen at schmitzmine.eu
Mon Nov 30 12:29:30 UTC 2020

Dear all,

I use Samba as Active Directory Member, my Domain is called something
like "ad.test.de" . I joined the domain and everything is running well.

To take advantage of the "winbind use default domain" - option, users
can login by "tim.altern" instead of "tim.altern at ad.test.de"

I set up an alternative UPN Suffix afterwards like "test.de" to benefit
from shorter more meaningful usernames like "tim.altern at test.de" at some
other services.

When I try to login to samba using just the username (without the domain
suffix, like tim.altern) it fails when the userPrincipalName is set up
using the alternative UPN suffix "@test.de", like "tim.altern at test.de" .
I assume winbind expect a user "tim.altern at ad.test.de", that does not
exists (the logfile indicates that ... "FAILED with error

I could provide more details (logfiles, etc) later, but I'm asking
myself if there is any way to make this work at all, login in without
the domain suffix and by using the alternative domain suffix in AD.

Thank you very much,


More information about the samba mailing list