[Samba] winbind use default domain and alternative UPN Suffix. Samba as Domain Member.

Rowland penny rpenny at samba.org
Mon Nov 30 13:05:26 UTC 2020

On 30/11/2020 12:29, Markus Jansen via samba wrote:
> Dear all,
> I use Samba as Active Directory Member, my Domain is called something
> like "ad.test.de" . I joined the domain and everything is running well.
> To take advantage of the "winbind use default domain" - option, users
> can login by "tim.altern" instead of "tim.altern at ad.test.de"
Ah, no, it is the netbios domain name, not the dns domain. If your 
domain is 'AD', your users can log in using 'tim.altern' instead of 
> I set up an alternative UPN Suffix afterwards like "test.de" to benefit
> from shorter more meaningful usernames like "tim.altern at test.de" at some
> other services.
> When I try to login to samba using just the username (without the domain
> suffix, like tim.altern) it fails when the userPrincipalName is set up
> using the alternative UPN suffix "@test.de", like "tim.altern at test.de" .
> I assume winbind expect a user "tim.altern at ad.test.de", that does not
> exists (the logfile indicates that ... "FAILED with error
Something else going on here, just change the UPN shouldn't affect the 
login, at least it doesn't for myself.
> I could provide more details (logfiles, etc) later, but I'm asking
> myself if there is any way to make this work at all, login in without
> the domain suffix and by using the alternative domain suffix in AD.

Lets start with the smb.conf from your Unix domain member and what the 
DC is.


More information about the samba mailing list