| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:reply-to:subject:to:references:from:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=VrFrbDT2h+nUCwK/ | |
| flX0hENdjYrz4XmpkmrGE0kOHZ/43EVzha0x3dA5Y+sxvVgq2glwScROp4/JrJr5 | |
| FVMjd+fDXwvPq9pd1efWQwHwxQQSPaxorRhBVaixmu+lOdzHazS3TfB6Nsc29n4J | |
| 2mSvRmx/iKReKdl6FthRGwztq7c= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:reply-to:subject:to:references:from:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=Oybp+ZYb9CTDXwlyFszeEK | |
| U2MT8=; b=KIPahuC9xKdDh/EXHKqtog5971vr2IWEmhnJeUAs9+rBM9UxjA0TEz | |
| 6Ji0uqfjZnl9yeaCzH88ivtlswZ4CBX9F9zKqFSA8cgqkzaF1j1khV6eTgedZM8e | |
| 0CPEb1bB+q3HHaog96IJZ+ACkSF97SKfNM09wsCBs7qq0VnDFuXuA= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | No, score=-3.1 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 spammy=trusted, SERVICE, H*r:sk:smtp-ou, H*RU:sk:smtp-ou |
| X-HELO: | smtp-out-no.shaw.ca |
| Reply-To: | Brian DOT Inglis AT SystematicSw DOT ab DOT ca |
| Subject: | Re: getent doesn't show all domain users |
| To: | cygwin AT cygwin DOT com |
| References: | <3a2c51fe-894d-8959-70b9-22a9d8f980aa AT SystematicSw DOT ab DOT ca> <AM6PR07MB5334AC0D9083A5425E6CA390951E0 AT AM6PR07MB5334 DOT eurprd07 DOT prod DOT outlook DOT com> |
| From: | Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca> |
| Openpgp: | preference=signencrypt |
| Message-ID: | <7e76691f-5184-fbc6-e6ff-90f5d69b83c2@SystematicSw.ab.ca> |
| Date: | Tue, 28 May 2019 09:15:25 -0600 |
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 |
| MIME-Version: | 1.0 |
| In-Reply-To: | <AM6PR07MB5334AC0D9083A5425E6CA390951E0@AM6PR07MB5334.eurprd07.prod.outlook.com> |
| X-IsSubscribed: | yes |
On 2019-05-28 02:36, Maayan Apelboim wrote: >> Systems may have tens to hundreds of local user accounts, and domains may >> have hundreds to hundreds of thousands of user accounts. >> The system probably caches only active users, and getent enumerates those >> if no /etc/passwd file exists, as it was designed to enumerate only a few >> entries from local files. >> As it is, getent will not even enumerate hosts from the local hosts files >> or resolver. >> It appears that mkpasswd enumerates all local and system accounts in the >> Security Accounts Manager file at $SYSTEMROOT/System32/config/SAM loaded >> into /proc/registry/HKEY_LOCAL_MACHINE/SAM/, so it probably does the same >> for domain accounts from Active Directory Domain Service. > Ok, I understand why it won't display all users, but even when I query for > this specific user that exists in the domain - it returns nothing. > It only works when I have /etc/passwd file in place (generated by mkpasswd > -d), but I was told in a previous thread that I should not use mkpasswd -d > anymore, and use getent instead. > Is there something I need to do with getent to get access for all my domain > users? > Should I keep my previous passwd file generated by mkpasswd -d? Does "getent passwd" display any active domain+accounts on your system? If someone is logged on to that system from a domain+account? Check your domain membership: $ echo $USERDOMAIN $USERDOMAIN_ROAMINGPROFILE and any other DOMAIN environment variables you have, and explicitly specify a known account in that domain before the userid using a plus sign "+" separator: $ getent passwd domain+account similar to Trusted Installer: $ getent passwd nt\ service+trustedinstaller NT SERVICE+TrustedInstaller:*:328384:328384:U-NT SERVICE\TrustedInstaller,S-1-5-80-...:/:/sbin/nologin If the account doesn't display, check you are using the correct domain membership using AD DS tools or e.g a PowerShell script. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |