Re: Login with sAMAccountName and/or userPrincipalName from Active Directory
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Login with sAMAccountName and/or userPrincipalName from Active Directory
- From: Vinícius Ferrão <ferrao [at] if.ufrj.br>
- To: Arthur de Jong <arthur [at] arthurdejong.org>
- Cc: "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: Re: Login with sAMAccountName and/or userPrincipalName from Active Directory
- Date: Tue, 27 May 2014 16:22:51 +0000
Thank you Arthur.
Changing the user logon name to another thing screws up the Kerberos login.
So I think there’s no solution at this moment, for this problem.
Cheers,
Vinícius.
On May 23, 2014, at 4:45, Arthur de Jong <arthur@arthurdejong.org> wrote:
>
> On Wed, 2014-05-21 at 16:10 +0000, Vinícius Ferrão wrote:
>> I'm trying to setup authentication from Active Directory in FreeBSD
>> 10.0 using nslcd (nss-pam-ldapd-sasl package) and would like to allow
>> both sAMAccountName and userPrincipalName as valid login attributes in
>> the server.
>
> While the nss-pam-ldapd PAM functionality in general could allow logging
> in with something else than the *nix username (there is a mechanism to
> change username)the PAM stack and applications handling logins generally
> first do a username lookup to see if it exists before it hits pam_ldap.
>
> Also, nslcd currently only allows one attribute for the username field.
>
> I have also tried before to set up logins with people's full name and
> map it to their username but haven't succeeded (that was on Linux
> though, not FreeBSD).
>
> Thanks,
>
> --
> -- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --
> --
> To unsubscribe send an email to
> nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
> http://lists.arthurdejong.org/nss-pam-ldapd-users/
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
