[Samba] finger command with winbind / Linux
jas at eecs.yorku.ca
Fri Apr 16 19:24:27 UTC 2021
On 4/16/2021 3:05 PM, Andrew Bartlett via samba wrote:
> On Fri, 2021-04-16 at 12:54 -0400, Jason Keltz via samba wrote:
>> A question about using the "finger" command under Linux when using
>> winbind nss backend..
>> When users were in /etc/passwd, and I would do:
>> finger <first name of user> or
>> finger <last name of user>
>> I would get back all entries from /etc/passwd with that first name
>> last name matching my spec.
>> With winbind in place, finger works, but only if I specify a full
>> username. It doesn't find users based on their name field.
>> The truth is, I only set "displayname" to the full name, and that may
>> the issue because if I do finger "jas", the "Name:" field from finger
>> However, if I edit my user record under AD and set "gecos: Jason
>> then finger "jas" now shows my full name under "Name:" field, but I
>> still can't search by "Jason" or "Keltz".
> A search on "Jason" or "Keltz" isn't possible via the nsswitch API, so
> finger must be using getpwent() to list all the users and do the
> filtering in finger itself. This is off by default via 'winbind enum
> users = no' because of the performance impact on large domains.
> If your domain is small, you could turn that on.
> Otherwise, you might write a replacement finger that does a search
> against AD, perhaps using anr= which does a substring search on a few
> attributes (used for exactly this purpose, eg in outlook I think).
Thanks a lot Andrew! Makes sense.
More information about the samba