On Mon, May 26, 2014 at 04:19:11PM +0000, Vinícius Ferrão wrote: > > On May 26, 2014, at 5:05, Jakub Hrozek <[email protected]> wrote: > > > On Sun, May 25, 2014 at 10:31:14PM +0000, Vinícius Ferrão wrote: > >> Hello guys, > >> > >> I’m running sssd version 1.11 in Ubuntu 14.04 LTS (1.11.5-1ubuntu3) to > >> authenticate users from Active Directory from WIndows Server 2012 R2, and > >> I’m trying to achieve logins with the User Principal Name for all users of > >> the domain. But the UPN are always Enterprise Principal Names. > >> > >> Let-me illustrate the problem with my user account: > >> > >> Domain: local.example.com > >> sAMAccountName: ferrao > >> UPN: [email protected] (there’s no local in the UPN) > >> > >> I can successfully login with the sAMAccount atribute, which is fine, but > >> I can’t login with [email protected] which is my UPN. The optimum > >> solution for me is to allow logins from sAMAccount and the UPN. If’s not > >> possible, the UPN should be the right way instead of the sAMAccountName. > > > > I'll let Sumit answer the above, I think he's already working on making > > that possible. > > > >> > >> Another annoyance is the homedir pattern with those options in sssd.conf: > >> default_shell = /bin/bash > >> fallback_homedir = /home/%d/%u > >> > >> What I would like to achieve is separated home directories from the EPN. > >> For example: > >> > >> /home/example.com/user > >> /home/whatever.example.com/user > >> > >> But with this pattern I can’t map the way I would like to do. > >> > >> I’ve looked through man pages and was unable to find any answers for this > >> issues. > > > > I wonder if I understand your issue correctly, would you like to use the > > UPN as a new template expansion? If so, then file a RFE please, that > > should be an easy one to implement. > > Yep, it’s just more options to create a pattern of home directories. As > example getting the contents after @ in the User Principal Name and making a > folder in /home only with users of this UPN. So we can avoid conflicts like > this: > > [email protected] > [email protected] > j...@i-will-migrate-to-red-hat-if-you-guys-implement-this.example.com > > And so on. > > The resulting generated home folders will be something like this: > > /home/example.com/john > /home/whatever.example.com/john > /home/i-will-migrate-to-red-hat-if-you-guys-implement-this.example.com/john
Can you file an RFE at https://fedorahosted.org/sssd/newticket ? If not, I can file it for you, but I prefer if users voice their requirements themselves :-) Thank you! _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
