UPN for AD authentication

R3DNano r3dnano at gmail.com
Tue Jun 2 12:28:09 CEST 2020

Thanks for your reply, Alan
I've been reading some documentation and I guess I'm on the wrong path: I
got everything working with winbind but, as far as I understood, this only
works with SAM, and there's no (simple) way of doing UPN unless I switch to
LDAP module, so I think I'll go down this path and see how it goes.


On Fri, 29 May 2020, 14:57 Alan DeKok, <aland at deployingradius.com> wrote:

> On May 29, 2020, at 5:46 AM, R3DNano <r3dnano at gmail.com> wrote:
> >
> > AFAIK, when I authenticate my users via ntlm_auth (samba AD bnind,
> etc...,
> > not the LDAP module, as suggested by the docu), account names in SAM are
> > used instead of UPN (please, correct me if I'm wrong)
>   You use whatever AD allows.  See the AD documentation for how AD works.
> > Is it possible to use UPN instead?
>   Some people do.  See the AD docs.
> > What drawbacks can we have if we do this?
>   The format of user names doesn't matter to FreeRADIUS.  So the only
> issues are elsewhere.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list