0

I have winbind up and running and it is working well for authentication.

When a user is prompted at logon to provide credentials what AD attribute is username checked against? Is it name? sAMAccountName? CN?

The follow-up to this is can I make a change to winbind either via authconfig or smb.conf to allow two possible matches? E.g., I want to have user be able to provide at logon either ID number (currently working) and/or email username (attribute is mailnickname in AD)

EDIT: Is this not possible?

Gray Race
  • 853
  • 3
  • 11
  • 22

1 Answers1

1

Active Directory stores this information in LDAP accessible databases.
LDAP query filter "(|(idnumber=%s)(mailnickname =%s))".
Unknown if Samba/Winbind allow use of RFC2254 query filters.

84104
  • 12,905
  • 6
  • 45
  • 76
  • Thanks for the response... not sure what variable to change/add to smb.conf or pam.d though to add the filter. – Gray Race Aug 29 '11 at 21:24