[Samba] winbindd: getent passwd yields empty GECOS field
James Dingwall
james-samba at dingwall.me.uk
Fri Feb 14 15:43:58 UTC 2020
On Thu, 2020-02-13 at 15:07 -0800, Johan Hattne via samba wrote:
>> Dear all;
>>
>> I'm trying to use winbindd to resolve names in an AD setup. I can
>> authenticate just fine, but I've noticed that for some users "getent
>> passwd" returns a GECOS field populated with displayName from the LDAP
>> servers and for others is does not. For example:
>>
>> $ getent passwd user1
>> user1:*:1111111111:2222222222:John Doe:/home/user1:/bin/bash
>> $ getent passwd user2
>> user2:*:3333333333:2222222222::/home/user2:/bin/bash
>>
>> I don't see any systematic differences between users for which this
>> works and for those where it doesn't, but I would like to see the GECOS
>> populated for all users. I've seen this issue discussed in various
>> places in the past but nowhere solved, so I' hoping there's simple fix.
>> Can anyone provide insight?
>
> Users who we have seen a login for (and so have cached the full name)
> will get it, others we omit it due to the cost to obtain those for a
> full domain.
>
> The the 'samlogon cache' as a keyword to understand this more.
I have populated the 'gecos' attribute in my directory and that seems to be
reported in the 'getent passwd' output regardles of whether the user has
logged in to the system.
dn: CN=James Dingwall,OU=Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
...
uidNumber: 12345
gidNumber: 12345
gecos: James Dingwall,My Office,,,james.dingwall at example.com
unixHomeDirectory: /home/jdingwall
loginShell: /bin/bash
...
EXAMPLE\jdingwall:*:12345:12345:James Dingwall,My Office,,,james.dingwall at example.com:/home/jdingwall:/bin/bash
(Samba 4.7.6+dfsg~ubuntu-0ubuntu2.15 on Ubuntu bionic)
James
More information about the samba
mailing list