Hi Tobias, thanks for your answer.
Is this only possible with krb5 security or does any of the ntlm* security options support this method?
Regards Christian Am 08.07.2014 13:04, schrieb Tobias Doerffel:
Hi Christian, you could indeed use krb5 authentication (and possibly in combination with the multiuser option) so you can build whatever mechanism you like for getting the required kerberos ticket for the user. Once you have the ticket you should be able to access the shares independent of the account name specifications. You have to configure your AD server such that it provides credentials for the UPN. Advantage: you don't have to deal with possible limitations in the CIFS implementation on the client side. Best regards Tobias Doerffel -----Ursprüngliche Nachricht----- Hi everybody, just one simple question regarding the authentication of users in the mount options: Is it possible to authenticate a user with his userPrincipalName attribute and a password or are there any more dependencies to get this to work (i. e. krb5 or other security options)? Example: mount -t cifs //server/share /mnt -o [email protected],password=PASSWORD The only working solution was with the default sAMAccountName Attribute. Background: We are building a new fileservice for Windows and Linux Clients. The users are stored in Active Directory. The username (sAMAccountName) is a random string created by the Server itself. The only login attribute the user knows is his UPN (which is also the mailaddress in our case). Thanks in advance Christian --------------------------------- -- Dipl.-Inf. Tobias Doerffel ----------------------------------------------- EDC Electronic Design Chemnitz GmbH Technologie-Campus 4, 09126 Chemnitz Geschäftsführer: Dr.-Ing. Steffen Heinz Dipl.-Ing. André Lange Tel.: +49 371 52 45 90 Fax.: +49 371 52 45 910 E-Mail: [email protected] Sitz der Gesellschaft: Chemnitz HRB 23986, Amtsgericht Chemnitz USTID: DE258181725 -----------------------------------------------
-- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
