I’m running sssd
version 1.11 with the AD backend in Ubuntu 14.04 LTS (1.11.5-1ubuntu3) to authenticate users from Active Directory running on Windows Server 2012 R2, and I’m trying to achieve logins with the User Principal Name for all users of the domain. But the UPN are always Enterprise Principal Names.
Let-me illustrate the problem with my user account:
Domain: local.example.com sAMAccountName: ferrao UPN: ferrao@example.com (there’s no local in the UPN)
I can successfully login with the sAMAccountName
atribute, which is fine, but I can’t login with ferrao@example.com which is my UPN. The optimum solution for me is to allow logins from sAMAccountName
and the UPN (User Principal Name). If’s not possible, the UPN should be the right way instead of the sAMAccountName
.
Another annoyance is the homedir pattern with those options in sssd.conf
:
default_shell = /bin/bash
fallback_homedir = /home/%d/%u
What I would like to achieve is separated home directories from the EPN. For example:
/home/example.com/user
/home/whatever.example.com/user
But with this pattern I can’t map the way I would like to do. I’ve looked through man pages and was unable to find any answers for this issues.
Thanks,
Best Answer
After further investigation the conclusion was that as today it's impossible to implement this setup using
sssd
.There are two patches that should be done, and they are acknowledged by the
sssd
developers team.Allow email addresses in User Principal https://fedorahosted.org/sssd/ticket/1749
Home directory with template expansion: https://fedorahosted.org/sssd/ticket/2340
So there's no viable solution using
sssd
at this time.