[Samba] finger command with winbind / Linux
Andrew Bartlett
abartlet at samba.org
Fri Apr 16 19:05:39 UTC 2021
On Fri, 2021-04-16 at 12:54 -0400, Jason Keltz via samba wrote:
> Hi.
>
> A question about using the "finger" command under Linux when using
> winbind nss backend..
>
> When users were in /etc/passwd, and I would do:
>
> finger <first name of user> or
>
> finger <last name of user>
>
> I would get back all entries from /etc/passwd with that first name
> or
> last name matching my spec.
>
> With winbind in place, finger works, but only if I specify a full
> username. It doesn't find users based on their name field.
>
> The truth is, I only set "displayname" to the full name, and that may
> be
> the issue because if I do finger "jas", the "Name:" field from finger
> is
> blank.
>
> However, if I edit my user record under AD and set "gecos: Jason
> Keltz",
> then finger "jas" now shows my full name under "Name:" field, but I
> still can't search by "Jason" or "Keltz".
A search on "Jason" or "Keltz" isn't possible via the nsswitch API, so
finger must be using getpwent() to list all the users and do the
filtering in finger itself. This is off by default via 'winbind enum
users = no' because of the performance impact on large domains.
If your domain is small, you could turn that on.
Otherwise, you might write a replacement finger that does a search
against AD, perhaps using anr= which does a substring search on a few
attributes (used for exactly this purpose, eg in outlook I think).
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the samba
mailing list