Hello Jakub, On May 26, 2014, at 14:27, Jakub Hrozek <[email protected]> wrote:
> On Mon, May 26, 2014 at 04:19:11PM +0000, Vinícius Ferrão wrote: >> >> On May 26, 2014, at 5:05, Jakub Hrozek <[email protected]> wrote: >> >>> On Sun, May 25, 2014 at 10:31:14PM +0000, Vinícius Ferrão wrote: >>>> Hello guys, >>>> >>>> I’m running sssd version 1.11 in Ubuntu 14.04 LTS (1.11.5-1ubuntu3) to >>>> authenticate users from Active Directory from WIndows Server 2012 R2, and >>>> I’m trying to achieve logins with the User Principal Name for all users of >>>> the domain. But the UPN are always Enterprise Principal Names. >>>> >>>> Let-me illustrate the problem with my user account: >>>> >>>> Domain: local.example.com >>>> sAMAccountName: ferrao >>>> UPN: [email protected] (there’s no local in the UPN) >>>> >>>> I can successfully login with the sAMAccount atribute, which is fine, but >>>> I can’t login with [email protected] which is my UPN. The optimum >>>> solution for me is to allow logins from sAMAccount and the UPN. If’s not >>>> possible, the UPN should be the right way instead of the sAMAccountName. >>> >>> I'll let Sumit answer the above, I think he's already working on making >>> that possible. >>> >>>> >>>> Another annoyance is the homedir pattern with those options in sssd.conf: >>>> default_shell = /bin/bash >>>> fallback_homedir = /home/%d/%u >>>> >>>> What I would like to achieve is separated home directories from the EPN. >>>> For example: >>>> >>>> /home/example.com/user >>>> /home/whatever.example.com/user >>>> >>>> But with this pattern I can’t map the way I would like to do. >>>> >>>> I’ve looked through man pages and was unable to find any answers for this >>>> issues. >>> >>> I wonder if I understand your issue correctly, would you like to use the >>> UPN as a new template expansion? If so, then file a RFE please, that >>> should be an easy one to implement. >> >> Yep, it’s just more options to create a pattern of home directories. As >> example getting the contents after @ in the User Principal Name and making a >> folder in /home only with users of this UPN. So we can avoid conflicts like >> this: >> >> [email protected] >> [email protected] >> j...@i-will-migrate-to-red-hat-if-you-guys-implement-this.example.com >> >> And so on. >> >> The resulting generated home folders will be something like this: >> >> /home/example.com/john >> /home/whatever.example.com/john >> /home/i-will-migrate-to-red-hat-if-you-guys-implement-this.example.com/john > > Can you file an RFE at https://fedorahosted.org/sssd/newticket ? > > If not, I can file it for you, but I prefer if users voice their > requirements themselves :-) > > Thank you! Done: https://fedorahosted.org/sssd/ticket/2340 I hope that I’ve explained exactly what I would like to describe. About the other issue, login with email addresses or UPN addresses it’s already under progress, right? Thank in advance, > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
