On May 26, 2014, at 5:05, Jakub Hrozek <jhrozek(a)redhat.com> wrote:
On Sun, May 25, 2014 at 10:31:14PM +0000, Vinícius Ferrão wrote:
> Hello guys,
>
> I’m running sssd version 1.11 in Ubuntu 14.04 LTS (1.11.5-1ubuntu3) to authenticate
users from Active Directory from WIndows Server 2012 R2, and I’m trying to achieve logins
with the User Principal Name for all users of the domain. But the UPN are always
Enterprise Principal Names.
>
> Let-me illustrate the problem with my user account:
>
> Domain:
local.example.com
> sAMAccountName: ferrao
> UPN: ferrao(a)example.com (there’s no local in the UPN)
>
> I can successfully login with the sAMAccount atribute, which is fine, but I can’t
login with ferrao(a)example.com which is my UPN. The optimum solution for me is to allow
logins from sAMAccount and the UPN. If’s not possible, the UPN should be the right way
instead of the sAMAccountName.
I'll let Sumit answer the above, I think he's already working on making
that possible.
>
> Another annoyance is the homedir pattern with those options in sssd.conf:
> default_shell = /bin/bash
> fallback_homedir = /home/%d/%u
>
> What I would like to achieve is separated home directories from the EPN. For
example:
>
> /home/example.com/user
> /home/whatever.example.com/user
>
> But with this pattern I can’t map the way I would like to do.
>
> I’ve looked through man pages and was unable to find any answers for this issues.
I wonder if I understand your issue correctly, would you like to use the
UPN as a new template expansion? If so, then file a RFE please, that
should be an easy one to implement.
Yep, it’s just more options to create a pattern of home directories. As example getting
the contents after @ in the User Principal Name and making a folder in /home only with
users of this UPN. So we can avoid conflicts like this:
john(a)example.com
john(a)whatever.example.com
john(a)i-will-migrate-to-red-hat-if-you-guys-implement-this.example.com
And so on.
The resulting generated home folders will be something like this:
/home/example.com/john
/home/whatever.example.com/john
/home/i-will-migrate-to-red-hat-if-you-guys-implement-this.example.com/john
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users