Re: Question on Active Directory Authentication

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Christian Lutz <christian.lutz-EnyPcy3oyxIb1SvskN2V4Q@public.gmane.org>
To: Tobias Doerffel
	<tobias.doerffel-2LT3hlbiLj/X2ID+q72mRQ@public.gmane.org>,
	"linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
	<linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: Question on Active Directory Authentication
Date: Wed, 09 Jul 2014 13:05:59 +0200	[thread overview]
Message-ID: <53BD2217.1030304@muenchen.de> (raw)
In-Reply-To: <zarafa.53bbd04a.78cf.1d5ae9d4134672c1-Re+uX9gtWIdJ209wn1+v+yQaj01YtLkH@public.gmane.org>

Hi Tobias,

thanks for your answer.

Is this only possible with krb5 security or does any of the ntlm* 
security options support this method?

Regards
Christian


Am 08.07.2014 13:04, schrieb Tobias Doerffel:
> Hi Christian,
>
> you could indeed use krb5 authentication (and possibly in combination with the multiuser option) so you can build whatever mechanism you like for getting the required kerberos ticket for the user.  Once you have the ticket you should be able to access the shares independent of the account name specifications. You have to configure your AD server such that it provides credentials for the UPN. Advantage: you don't have to deal with possible limitations in the CIFS implementation on the client side.
>
> Best regards
>
> Tobias Doerffel
>
>
> -----Ursprüngliche Nachricht-----
>
> Hi everybody,
>
> just one simple question regarding the authentication of users in the mount options: Is it possible to authenticate a user with his userPrincipalName attribute and a password or are there any more dependencies to get this to work (i. e. krb5 or other security options)?
>
> Example: mount -t cifs //server/share /mnt -o username=my.upn.prefix@domain.name.tld,password=PASSWORD
>
> The only working solution was with the default sAMAccountName Attribute.
>
> Background:
> We are building a new fileservice for Windows and Linux Clients. The users are stored in Active Directory. The username (sAMAccountName) is a random string created by the Server itself. The only login attribute the user knows is his UPN (which is also the mailaddress in our case).
>
>
> Thanks in advance
> Christian
>
> ---------------------------------
>
>
>
> --
> Dipl.-Inf. Tobias Doerffel
>
> -----------------------------------------------
> EDC Electronic Design Chemnitz GmbH
> Technologie-Campus 4, 09126 Chemnitz
>
> Geschäftsführer: Dr.-Ing. Steffen Heinz
>                   Dipl.-Ing. André Lange
> Tel.:            +49 371 52 45 90
> Fax.:            +49 371 52 45 910
> E-Mail:          info-2LT3hlbiLj/X2ID+q72mRQ@public.gmane.org
>
> Sitz der Gesellschaft: Chemnitz
> HRB 23986, Amtsgericht Chemnitz
> USTID: DE258181725
> -----------------------------------------------
>
>

next prev parent reply	other threads:[~2014-07-09 11:05 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-07-04 12:54 Question on Active Directory Authentication Christian Lutz
     [not found] ` <53B6A3ED.9060805-EnyPcy3oyxIb1SvskN2V4Q@public.gmane.org>
2014-07-08 11:04   ` AW: " Tobias Doerffel
     [not found]     ` <zarafa.53bbd04a.78cf.1d5ae9d4134672c1-Re+uX9gtWIdJ209wn1+v+yQaj01YtLkH@public.gmane.org>
2014-07-09 11:05       ` Christian Lutz [this message]
     [not found] ` <53BD2217.1030304-EnyPcy3oyxIb1SvskN2V4Q@public.gmane.org>
2014-07-09 11:13   ` Tobias Doerffel
     [not found]     ` <zarafa.53bd23f4.13c0.46a6a8115b51d1f3-Re+uX9gtWIdJ209wn1+v+yQaj01YtLkH@public.gmane.org>
2014-07-16  7:43       ` Christian Lutz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=53BD2217.1030304@muenchen.de \
    --to=christian.lutz-enypcy3oyxib1svskn2v4q@public.gmane.org \
    --cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=tobias.doerffel-2LT3hlbiLj/X2ID+q72mRQ@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.