On May 26, 2014, at 14:27, Jakub Hrozek <jhrozek(a)redhat.com> wrote:
On Mon, May 26, 2014 at 04:19:11PM +0000, Vinícius Ferrão wrote:
> On May 26, 2014, at 5:05, Jakub Hrozek <jhrozek(a)redhat.com> wrote:
>> On Sun, May 25, 2014 at 10:31:14PM +0000, Vinícius Ferrão wrote:
>>> Hello guys,
>>> I’m running sssd version 1.11 in Ubuntu 14.04 LTS (1.11.5-1ubuntu3) to
authenticate users from Active Directory from WIndows Server 2012 R2, and I’m trying to
achieve logins with the User Principal Name for all users of the domain. But the UPN are
always Enterprise Principal Names.
>>> Let-me illustrate the problem with my user account:
>>> Domain: local.example.com
>>> sAMAccountName: ferrao
>>> UPN: ferrao(a)example.com (there’s no local in the UPN)
>>> I can successfully login with the sAMAccount atribute, which is fine, but I
can’t login with ferrao(a)example.com which is my UPN. The optimum solution for me is to
allow logins from sAMAccount and the UPN. If’s not possible, the UPN should be the right
way instead of the sAMAccountName.
>> I'll let Sumit answer the above, I think he's already working on making
>> that possible.
>>> Another annoyance is the homedir pattern with those options in sssd.conf:
>>> default_shell = /bin/bash
>>> fallback_homedir = /home/%d/%u
>>> What I would like to achieve is separated home directories from the EPN. For
>>> But with this pattern I can’t map the way I would like to do.
>>> I’ve looked through man pages and was unable to find any answers for this
>> I wonder if I understand your issue correctly, would you like to use the
>> UPN as a new template expansion? If so, then file a RFE please, that
>> should be an easy one to implement.
> Yep, it’s just more options to create a pattern of home directories. As example
getting the contents after @ in the User Principal Name and making a folder in /home only
with users of this UPN. So we can avoid conflicts like this:
> And so on.
> The resulting generated home folders will be something like this:
Can you file an RFE at https://fedorahosted.org/sssd/newticket
If not, I can file it for you, but I prefer if users voice their
requirements themselves :-)
I hope that I’ve explained exactly what I would like to describe.
About the other issue, login with email addresses or UPN addresses it’s already under
Thank in advance,
sssd-users mailing list