[Samba] winbindd: getent passwd yields empty GECOS field
Rowland penny
rpenny at samba.org
Fri Feb 14 16:47:24 UTC 2020
On 14/02/2020 15:43, James Dingwall via samba wrote:
> On Thu, 2020-02-13 at 15:07 -0800, Johan Hattne via samba wrote:
>>> Dear all;
>>>
>>> I'm trying to use winbindd to resolve names in an AD setup. I can
>>> authenticate just fine, but I've noticed that for some users "getent
>>> passwd" returns a GECOS field populated with displayName from the LDAP
>>> servers and for others is does not. For example:
>>>
>>> $ getent passwd user1
>>> user1:*:1111111111:2222222222:John Doe:/home/user1:/bin/bash
>>> $ getent passwd user2
>>> user2:*:3333333333:2222222222::/home/user2:/bin/bash
>>>
>>> I don't see any systematic differences between users for which this
>>> works and for those where it doesn't, but I would like to see the GECOS
>>> populated for all users. I've seen this issue discussed in various
>>> places in the past but nowhere solved, so I' hoping there's simple fix.
>>> Can anyone provide insight?
>> Users who we have seen a login for (and so have cached the full name)
>> will get it, others we omit it due to the cost to obtain those for a
>> full domain.
>>
>> The the 'samlogon cache' as a keyword to understand this more.
> I have populated the 'gecos' attribute in my directory and that seems to be
> reported in the 'getent passwd' output regardles of whether the user has
> logged in to the system.
>
> dn: CN=James Dingwall,OU=Users,DC=example,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> ...
> uidNumber: 12345
> gidNumber: 12345
> gecos: James Dingwall,My Office,,,james.dingwall at example.com
> unixHomeDirectory: /home/jdingwall
> loginShell: /bin/bash
> ...
>
>
> EXAMPLE\jdingwall:*:12345:12345:James Dingwall,My Office,,,james.dingwall at example.com:/home/jdingwall:/bin/bash
>
>
> (Samba 4.7.6+dfsg~ubuntu-0ubuntu2.15 on Ubuntu bionic)
>
> James
>
Whilst it is a valid 'gecos', you could use the 'DisplayName',
'physicalDeliveryOfficeName' and 'mail' attributes instead.
Rowland
More information about the samba
mailing list