On Sun, May 25, 2014 at 10:31:14PM +0000, Vinícius Ferrão wrote:
Hello guys,
I’m running sssd version 1.11 in Ubuntu 14.04 LTS (1.11.5-1ubuntu3) to authenticate users
from Active Directory from WIndows Server 2012 R2, and I’m trying to achieve logins with
the User Principal Name for all users of the domain. But the UPN are always Enterprise
Principal Names.
Let-me illustrate the problem with my user account:
Domain:
local.example.com
sAMAccountName: ferrao
UPN: ferrao(a)example.com (there’s no local in the UPN)
I can successfully login with the sAMAccount atribute, which is fine, but I can’t login
with ferrao(a)example.com which is my UPN. The optimum solution for me is to allow logins
from sAMAccount and the UPN. If’s not possible, the UPN should be the right way instead of
the sAMAccountName.
Technically this is related to the topic discussed in the '[RFC] Change
default regular-expressions for user names' thread
(
https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019642.html)
on sssd-devel. It's about finding a user by his Kerberos principal, the
Enterprise Principal Names are aliases for the Kerberos principal of the
user.
My plan is to include this use-case in the design for the feature
discussed in the tread but I'm afraid it will only be available in the
next major SSSD release.
HTH
bye,
Sumit
Another annoyance is the homedir pattern with those options in sssd.conf:
default_shell = /bin/bash
fallback_homedir = /home/%d/%u
What I would like to achieve is separated home directories from the EPN. For example:
/home/example.com/user
/home/whatever.example.com/user
But with this pattern I can’t map the way I would like to do.
I’ve looked through man pages and was unable to find any answers for this issues.
Thanks in advance,
Vinícius.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users