Hi Christian,
you could indeed use krb5 authentication (and possibly in combination with the multiuser option) so you can build whatever mechanism you like for getting the required kerberos ticket for the user. Once you have the ticket you should be able to access the shares independent of the account name specifications. You have to configure your AD server such that it provides credentials for the UPN. Advantage: you don't have to deal with possible limitations in the CIFS implementation on the client side.
Best regards
Tobias Doerffel
-----Ursprüngliche Nachricht-----
Hi everybody,
just one simple question regarding the authentication of users in the mount options: Is it possible to authenticate a user with his userPrincipalName attribute and a password or are there any more dependencies to get this to work (i. e. krb5 or other security options)?
Example: mount -t cifs //server/share /mnt -o username=my.upn.prefix@xxxxxxxxxxxxxxx,password=PASSWORD
The only working solution was with the default sAMAccountName Attribute.
Background:
We are building a new fileservice for Windows and Linux Clients. The users are stored in Active Directory. The username (sAMAccountName) is a random string created by the Server itself. The only login attribute the user knows is his UPN (which is also the mailaddress in our case).
Thanks in advance
Christian
---------------------------------
--
Dipl.-Inf. Tobias Doerffel
-----------------------------------------------
EDC Electronic Design Chemnitz GmbH
Technologie-Campus 4, 09126 Chemnitz
Geschäftsführer: Dr.-Ing. Steffen Heinz
Dipl.-Ing. André Lange
Tel.: +49 371 52 45 90
Fax.: +49 371 52 45 910
E-Mail: info@xxxxxxxxxxxxxx
Sitz der Gesellschaft: Chemnitz
HRB 23986, Amtsgericht Chemnitz
USTID: DE258181725
-----------------------------------------------
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
