[Samba] winbindd: getent passwd yields empty GECOS field
Johan Hattne
johan at hattne.se
Thu Feb 13 23:07:49 UTC 2020
Dear all;
I'm trying to use winbindd to resolve names in an AD setup. I can
authenticate just fine, but I've noticed that for some users "getent
passwd" returns a GECOS field populated with displayName from the LDAP
servers and for others is does not. For example:
$ getent passwd user1
user1:*:1111111111:2222222222:John Doe:/home/user1:/bin/bash
$ getent passwd user2
user2:*:3333333333:2222222222::/home/user2:/bin/bash
I don't see any systematic differences between users for which this
works and for those where it doesn't, but I would like to see the GECOS
populated for all users. I've seen this issue discussed in various
places in the past but nowhere solved, so I' hoping there's simple fix.
Can anyone provide insight?
Full smb.conf below (the Time Machine stuff is probably irrelevant, but
included for completeness); this is using the buster-samba410 packages
from https://apt.van-belle.nl/debian.
[global]
client signing = required
load printers = No
local master = No
log file = /var/log/samba/log.%m
max log size = 1000
mdns name = mdns
realm = AD.EXAMPLE.COM
security = ADS
server min protocol = SMB2
server signing = required
server string = Samba %v (%h)
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = Yes
workgroup = AD
fruit:copyfile = yes
idmap config * : rangesize = 1000000
idmap config * : range = 1734200000 - 1999999999
idmap config * : backend = autorid
use sendfile = Yes
vfs objects = catia fruit streams_xattr
[time_machine]
comment = Time Machine (%h)
path = /var/time_machine/%U
read only = No
valid users = "@AD.EXAMPLE.COM\mygroup"
fruit:model = RackMac
fruit:encoding = native
fruit:time machine max size = 1024G
fruit:time machine = yes
// Best wishes; Johan
More information about the samba
mailing list