[Samba] winbindd: getent passwd yields empty GECOS field

Johan Hattne johan at hattne.se
Fri Feb 14 17:14:12 UTC 2020

On 2020-02-14 01:05, Andrew Bartlett wrote:
> On Thu, 2020-02-13 at 15:07 -0800, Johan Hattne via samba wrote:
>> Dear all;
>> I'm trying to use winbindd to resolve names in an AD setup.  I can
>> authenticate just fine, but I've noticed that for some users "getent
>> passwd" returns a GECOS field populated with displayName from the LDAP
>> servers and for others is does not.  For example:
>>     $ getent passwd user1
>>     user1:*:1111111111:2222222222:John Doe:/home/user1:/bin/bash
>>     $ getent passwd user2
>>     user2:*:3333333333:2222222222::/home/user2:/bin/bash
>> I don't see any systematic differences between users for which this
>> works and for those where it doesn't, but I would like to see the GECOS
>> populated for all users.  I've seen this issue discussed in various
>> places in the past but nowhere solved, so I' hoping there's simple fix.
>> Can anyone provide insight?
> Users who we have seen a login for (and so have cached the full name)
> will get it, others we omit it due to the cost to obtain those for a
> full domain.
> The the 'samlogon cache' as a keyword to understand this more.

Ah, great!  That explains it.

I'm still wondering why that cache wasn't refreshed, but that is an 
entirely different problem.

// Cheers; Johan

More information about the samba mailing list