[Samba] winbindd: getent passwd yields empty GECOS field

Andrew Bartlett abartlet at samba.org
Fri Feb 14 09:05:50 UTC 2020

On Thu, 2020-02-13 at 15:07 -0800, Johan Hattne via samba wrote:
> Dear all;
> I'm trying to use winbindd to resolve names in an AD setup.  I can 
> authenticate just fine, but I've noticed that for some users "getent 
> passwd" returns a GECOS field populated with displayName from the LDAP 
> servers and for others is does not.  For example:
>    $ getent passwd user1
>    user1:*:1111111111:2222222222:John Doe:/home/user1:/bin/bash
>    $ getent passwd user2
>    user2:*:3333333333:2222222222::/home/user2:/bin/bash
> I don't see any systematic differences between users for which this 
> works and for those where it doesn't, but I would like to see the GECOS 
> populated for all users.  I've seen this issue discussed in various 
> places in the past but nowhere solved, so I' hoping there's simple fix. 
> Can anyone provide insight?

Users who we have seen a login for (and so have cached the full name)
will get it, others we omit it due to the cost to obtain those for a
full domain.

The the 'samlogon cache' as a keyword to understand this more. 

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list