username format during login

This could cause problems. Even in Windows, they make you specify the domain. If a username is duplicated, this would cause a login failure on both client and host, potentially causing the user to be locked out of the AD account.

At this time, I can't think of a sane way to do this.

but in windows you've a drop down menu with all the available domains, it took me 4-5 tries to find out how to write the username (domain\user, user+domain, user@domain etc...)

anyway there should be an order thus if the username is written without domain the system should try to authenticate agains every domain (and local system) until one authentication is successful

average users won't understand how to write their usernames

Trying to authenticate against every domain would be a bad idea,
especially on a big network with dozens (hundreds?) of domains where
such an algorithm would easily get out of hand.

However, you could ease the burden on some users by:
- Providing hints as to the correct format of the user and domain
string would be a good thing.
- Presenting a list of available domains on the network would be helpful.
- If only one domain is found, defaulting to authenticating against
that domain would make sense.
- And once any successful authentication has occurred, it would be a
good idea to cache the fully qualified user+domain, and reference that
on future authentications.

:-Dustin

At the moment our company authenticates users with samba/winbind/kerberos. They simply enter their usernames without any domain-part.

I would appreciate if likewise-open can offer the same functionality.

@Farbrizio: I agree to your statement "average users won't understand how to write their usernames".

Windows-Users are usually not used to enter their domain.

In Windows, entering a domain is required in many other places besides the login screen(i.e. mounting networked drives, using proxy servers in IE, etc...).
While the list of domains may be helpful, the best solution would probably allow users to input their credentials using the long(user@fqdn) or short domain(domain\user) formats.

If nothing else, it would be nice if there were an easy way to add a dropdown to the login screen to select domain.

On the commandline, either user@fqdn or domain\user is probably fine (though less than ideal).

To make likewise-open use the default domain, you can add the following statement to /etc/samba/lwiauthd.conf:

winbind use default domain = yes

Then restart the likewise-open-service. Users now don't have to type the "domain\"-prefix when logging in.

As cfrein suggested, this can be configured for those interested.
Support for domain choice in GDM login box are tracked in bug 192599.