On May 26, 2014, at 5:05, Jakub Hrozek <[email protected]> wrote: > On Sun, May 25, 2014 at 10:31:14PM +0000, Vinícius Ferrão wrote: >> Hello guys, >> >> I’m running sssd version 1.11 in Ubuntu 14.04 LTS (1.11.5-1ubuntu3) to >> authenticate users from Active Directory from WIndows Server 2012 R2, and >> I’m trying to achieve logins with the User Principal Name for all users of >> the domain. But the UPN are always Enterprise Principal Names. >> >> Let-me illustrate the problem with my user account: >> >> Domain: local.example.com >> sAMAccountName: ferrao >> UPN: [email protected] (there’s no local in the UPN) >> >> I can successfully login with the sAMAccount atribute, which is fine, but I >> can’t login with [email protected] which is my UPN. The optimum solution >> for me is to allow logins from sAMAccount and the UPN. If’s not possible, >> the UPN should be the right way instead of the sAMAccountName. > > I'll let Sumit answer the above, I think he's already working on making > that possible. > >> >> Another annoyance is the homedir pattern with those options in sssd.conf: >> default_shell = /bin/bash >> fallback_homedir = /home/%d/%u >> >> What I would like to achieve is separated home directories from the EPN. For >> example: >> >> /home/example.com/user >> /home/whatever.example.com/user >> >> But with this pattern I can’t map the way I would like to do. >> >> I’ve looked through man pages and was unable to find any answers for this >> issues. > > I wonder if I understand your issue correctly, would you like to use the > UPN as a new template expansion? If so, then file a RFE please, that > should be an easy one to implement.
Yep, it’s just more options to create a pattern of home directories. As example getting the contents after @ in the User Principal Name and making a folder in /home only with users of this UPN. So we can avoid conflicts like this: [email protected] [email protected] j...@i-will-migrate-to-red-hat-if-you-guys-implement-this.example.com And so on. The resulting generated home folders will be something like this: /home/example.com/john /home/whatever.example.com/john /home/i-will-migrate-to-red-hat-if-you-guys-implement-this.example.com/john > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
