Bug 16010 - KDC Disable Subject Alternative Name for UPN mapping
Summary: KDC Disable Subject Alternative Name for UPN mapping
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: unspecified
Hardware: All All
: P5 enhancement (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2026-02-23 19:52 UTC by Gary Lockyer
Modified: 2026-02-23 19:53 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gary Lockyer 2026-02-23 19:52:46 UTC 
Implement KB 4043463  https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/disable-subject-alternative-name-upn-mapping

User principal name (UPN) mapping is a special case of one-to-one mapping used in Active Directory. This article describes how to use an explicit mapping instead of UPN mapping by disabling the subject alternative name (SAN) through Registry Editor. Performing the following steps will allow the use of an explicit mapping by ignoring the SAN extension of a deployed client certificate.