It would be nice if winbind would allow the _consequent_ usage/display of user/group names in the form of user@workgroup.com. At work we are migrating currently from sssd back to winbind, due to it's RID support for stable UIDs/GIDs. In sssd this is possible and looks like this: $ ssh user@workgroup.com@HOST1 $ id user@workgroup.com $ ls -al /home/workgroup.com/user drwx------ 5 user@workgroup.com samba_group@workgroup.com 103 12. Jun 14:14 . $ grep AllowGroups /etc/ssh/sshd_config AllowGroups local_unix_group samba_group@workgroup.com With winbind this doesn't seem possible in such a way. We have set `winbind use default domain = no`. Then it looks like this: $ id user@workgroup.com $ id WORKGROUP\\user (works as well) All the other commands use the WORKGROUP\user nomenclature. $ ssh user@WORKGROUP@HOST1 $ ssh WORKGROUP\user@HOST1 -> does not work $ ls -al /home/workgroup.com/user drwxr-x--- 4 WORKGROUP\user WORKGROUP\samba_group 4096 Jun 15 17:10 . $ grep AllowGroups /etc/ssh/sshd_config AllowGroups local_unix_group WORKGROUP\samba_group