X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:references
	:in-reply-to:content-type:content-transfer-encoding
	:mime-version; q=dns; s=default; b=AQDeWqJzLcdJSbxlaTNfPc/echNiT
	vfmuY3Mg+0Z9iLhcPLlHrOBSuRwLvLcoINfeidXo0tyn4D0Ug5knymn9aptjNvh2
	r10UMawUwgo2xQYyphtnzK473It5/6K2WA1CubC7w5KNgUoeBqo/zHq/PyxR2nFb
	jUZJENstZj67H4=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:references
	:in-reply-to:content-type:content-transfer-encoding
	:mime-version; s=default; bh=N/8Hh2t9z2RXFFkO3IpxqJnSpTM=; b=mKU
	1A/JQG+1rUWdxxngUK04/cVECBeeW/fvaiVm+qm2lSf7r99Z2/LwznUrHm3Kv/Xr
	rTleVt1FQZ78WbMvHBDdGAhs+w9T5r+g5lWyoZIQ01lu7YTWP5m9JXahgq8X5CnS
	7sKlAP62jKRyRSLY426U8nfLDHfYbAZCKJZyihVY=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-5.1 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,MIME_BASE64_BLANKS,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS autolearn=ham version=3.3.1 spammy=accounts, SERVICE, Accounts, Manager
X-HELO:	EUR04-HE1-obe.outbound.protection.outlook.com
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=clarizen.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J2ESm9d3H0yBzy4s5G5aSB1BBOvZsQqCXoPAUGDOLZk=; b=JpJgJCa2e9lfXdoIjWS+Z6pdxnDyZu9E9HLnbFYF7HztbXPom+iiB9noK0iBkCUVHZ+S81CkxZJnJkb2rGUiIriQ3weR54twX9ygzvDGUBHRjo/+8bwc2cDXHU502+2ALYtDZOLG4V8m4clJSlKvvE7TL7PGpqvyha5TkGuK3jA=
From:	Maayan Apelboim <Maayan DOT Apelboim AT clarizen DOT com>
To:	"cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject:	RE: getent doesn't show all domain users
Date:	Wed, 29 May 2019 09:16:35 +0000
Message-ID:	<AM6PR07MB5334E3CFB13C52429A865591951F0@AM6PR07MB5334.eurprd07.prod.outlook.com>
References:	<7e76691f-5184-fbc6-e6ff-90f5d69b83c2 AT SystematicSw DOT ab DOT ca>
In-Reply-To:	<7e76691f-5184-fbc6-e6ff-90f5d69b83c2@SystematicSw.ab.ca>
authentication-results:	spf=none (sender IP is ) smtp.mailfrom=Maayan DOT Apelboim AT clarizen DOT com;
x-ms-oob-tlc-oobclassifiers:	OLM:10000;
received-spf:	None (protection.outlook.com: clarizen.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck:	1
MIME-Version:	1.0
X-MS-Exchange-CrossTenant-mailboxtype:	HOSTED
X-MS-Exchange-CrossTenant-userprincipalname:	Maayan DOT Apelboim AT clarizen DOT com
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id x4T9GpZP031588

Yes, my active domain user is displayed.
The user I'm searching for is also displayed after a few teaks / restarts.
Couldn't replicate a stable workaround that always works for me - best solution I found was create passwd with mkpasswd -d and then move the file (was also not very stable, the user was found, then it wasn't and I needed to run it again, for now it works).

I'm looking for something that will force getent to query my DC, or maybe delete its cache.
Any idea?

-----Original Message-----
From: Brian Inglis [mailto:Brian DOT Inglis AT SystematicSw DOT ab DOT ca] 
Sent: Tuesday, May 28, 2019 6:15 PM
To: cygwin AT cygwin DOT com
Subject: Re: getent doesn't show all domain users

On 2019-05-28 02:36, Maayan Apelboim wrote:
>> Systems may have tens to hundreds of local user accounts, and domains 
>> may have hundreds to hundreds of thousands of user accounts.
>> The system probably caches only active users, and getent enumerates 
>> those if no /etc/passwd file exists, as it was designed to enumerate 
>> only a few entries from local files.
>> As it is, getent will not even enumerate hosts from the local hosts 
>> files or resolver.
>> It appears that mkpasswd enumerates all local and system accounts in 
>> the Security Accounts Manager file at $SYSTEMROOT/System32/config/SAM 
>> loaded into /proc/registry/HKEY_LOCAL_MACHINE/SAM/, so it probably 
>> does the same for domain accounts from Active Directory Domain Service.

> Ok, I understand why it won't display all users, but even when I query 
> for this specific user that exists in the domain - it returns nothing.
> It only works when I have /etc/passwd file in place (generated by 
> mkpasswd -d), but I was told in a previous thread that I should not 
> use mkpasswd -d anymore, and use getent instead.
> Is there something I need to do with getent to get access for all my 
> domain users?
> Should I keep my previous passwd file generated by mkpasswd -d?

Does "getent passwd" display any active domain+accounts on your system?
If someone is logged on to that system from a domain+account?

Check your domain membership:

	$ echo $USERDOMAIN $USERDOMAIN_ROAMINGPROFILE

and any other DOMAIN environment variables you have, and explicitly specify a known account in that domain before the userid using a plus sign "+" separator:

	$ getent passwd domain+account

similar to Trusted Installer:

	$ getent passwd nt\ service+trustedinstaller
	NT SERVICE+TrustedInstaller:*:328384:328384:U-NT
 	SERVICE\TrustedInstaller,S-1-5-80-...:/:/sbin/nologin

If the account doesn't display, check you are using the correct domain membership using AD DS tools or e.g a PowerShell script.

--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -