Re: Question on Active Directory Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Tobias,

thanks for your answer.
Is this only possible with krb5 security or does any of the ntlm* security options support this method? 

Regards
Christian


Am 08.07.2014 13:04, schrieb Tobias Doerffel:

Hi Christian,

you could indeed use krb5 authentication (and possibly in combination with the multiuser option) so you can build whatever mechanism you like for getting the required kerberos ticket for the user.  Once you have the ticket you should be able to access the shares independent of the account name specifications. You have to configure your AD server such that it provides credentials for the UPN. Advantage: you don't have to deal with possible limitations in the CIFS implementation on the client side.

Best regards

Tobias Doerffel


-----Ursprüngliche Nachricht-----

Hi everybody,

just one simple question regarding the authentication of users in the mount options: Is it possible to authenticate a user with his userPrincipalName attribute and a password or are there any more dependencies to get this to work (i. e. krb5 or other security options)?

Example: mount -t cifs //server/share /mnt -o username=my.upn.prefix@xxxxxxxxxxxxxxx,password=PASSWORD

The only working solution was with the default sAMAccountName Attribute.

Background:
We are building a new fileservice for Windows and Linux Clients. The users are stored in Active Directory. The username (sAMAccountName) is a random string created by the Server itself. The only login attribute the user knows is his UPN (which is also the mailaddress in our case).


Thanks in advance
Christian

---------------------------------



--
Dipl.-Inf. Tobias Doerffel

-----------------------------------------------
EDC Electronic Design Chemnitz GmbH
Technologie-Campus 4, 09126 Chemnitz

Geschäftsführer: Dr.-Ing. Steffen Heinz
                  Dipl.-Ing. André Lange
Tel.:            +49 371 52 45 90
Fax.:            +49 371 52 45 910
E-Mail:          info@xxxxxxxxxxxxxx

Sitz der Gesellschaft: Chemnitz
HRB 23986, Amtsgericht Chemnitz
USTID: DE258181725
-----------------------------------------------



--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux