James Dingwall
2020-Feb-14 15:43 UTC
[Samba] winbindd: getent passwd yields empty GECOS field
On Thu, 2020-02-13 at 15:07 -0800, Johan Hattne via samba wrote:>> Dear all; >> >> I'm trying to use winbindd to resolve names in an AD setup. I can >> authenticate just fine, but I've noticed that for some users "getent >> passwd" returns a GECOS field populated with displayName from the LDAP >> servers and for others is does not. For example: >> >> $ getent passwd user1 >> user1:*:1111111111:2222222222:John Doe:/home/user1:/bin/bash >> $ getent passwd user2 >> user2:*:3333333333:2222222222::/home/user2:/bin/bash >> >> I don't see any systematic differences between users for which this >> works and for those where it doesn't, but I would like to see the GECOS >> populated for all users. I've seen this issue discussed in various >> places in the past but nowhere solved, so I' hoping there's simple fix. >> Can anyone provide insight? > > Users who we have seen a login for (and so have cached the full name) > will get it, others we omit it due to the cost to obtain those for a > full domain. > > The the 'samlogon cache' as a keyword to understand this more.I have populated the 'gecos' attribute in my directory and that seems to be reported in the 'getent passwd' output regardles of whether the user has logged in to the system. dn: CN=James Dingwall,OU=Users,DC=example,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user ... uidNumber: 12345 gidNumber: 12345 gecos: James Dingwall,My Office,,,james.dingwall at example.com unixHomeDirectory: /home/jdingwall loginShell: /bin/bash ... EXAMPLE\jdingwall:*:12345:12345:James Dingwall,My Office,,,james.dingwall at example.com:/home/jdingwall:/bin/bash (Samba 4.7.6+dfsg~ubuntu-0ubuntu2.15 on Ubuntu bionic) James
Rowland penny
2020-Feb-14 16:47 UTC
[Samba] winbindd: getent passwd yields empty GECOS field
On 14/02/2020 15:43, James Dingwall via samba wrote:> On Thu, 2020-02-13 at 15:07 -0800, Johan Hattne via samba wrote: >>> Dear all; >>> >>> I'm trying to use winbindd to resolve names in an AD setup. I can >>> authenticate just fine, but I've noticed that for some users "getent >>> passwd" returns a GECOS field populated with displayName from the LDAP >>> servers and for others is does not. For example: >>> >>> $ getent passwd user1 >>> user1:*:1111111111:2222222222:John Doe:/home/user1:/bin/bash >>> $ getent passwd user2 >>> user2:*:3333333333:2222222222::/home/user2:/bin/bash >>> >>> I don't see any systematic differences between users for which this >>> works and for those where it doesn't, but I would like to see the GECOS >>> populated for all users. I've seen this issue discussed in various >>> places in the past but nowhere solved, so I' hoping there's simple fix. >>> Can anyone provide insight? >> Users who we have seen a login for (and so have cached the full name) >> will get it, others we omit it due to the cost to obtain those for a >> full domain. >> >> The the 'samlogon cache' as a keyword to understand this more. > I have populated the 'gecos' attribute in my directory and that seems to be > reported in the 'getent passwd' output regardles of whether the user has > logged in to the system. > > dn: CN=James Dingwall,OU=Users,DC=example,DC=com > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > ... > uidNumber: 12345 > gidNumber: 12345 > gecos: James Dingwall,My Office,,,james.dingwall at example.com > unixHomeDirectory: /home/jdingwall > loginShell: /bin/bash > ... > > > EXAMPLE\jdingwall:*:12345:12345:James Dingwall,My Office,,,james.dingwall at example.com:/home/jdingwall:/bin/bash > > > (Samba 4.7.6+dfsg~ubuntu-0ubuntu2.15 on Ubuntu bionic) > > James >Whilst it is a valid 'gecos', you could use the 'DisplayName', 'physicalDeliveryOfficeName' and 'mail' attributes instead. Rowland