UPN for AD authentication

Alan DeKok aland at deployingradius.com
Fri May 29 14:57:10 CEST 2020

On May 29, 2020, at 5:46 AM, R3DNano <r3dnano at gmail.com> wrote:
> AFAIK, when I authenticate my users via ntlm_auth (samba AD bnind, etc...,
> not the LDAP module, as suggested by the docu), account names in SAM are
> used instead of UPN (please, correct me if I'm wrong)

  You use whatever AD allows.  See the AD documentation for how AD works.

> Is it possible to use UPN instead?

  Some people do.  See the AD docs.

> What drawbacks can we have if we do this?

  The format of user names doesn't matter to FreeRADIUS.  So the only issues are elsewhere.

  Alan DeKok.

More information about the Freeradius-Users mailing list