Mail Archives: cygwin/2024/12/10/16:23:23

Brian Inglis via Cygwin <cygwin AT cygwin DOT com> · Tue, 10 Dec 2024 14:22:52 -0700

On 2024-12-10 06:35, Cedric Blancher via Cygwin wrote:
> Good afternoon!
> 
> We have a Win10 env with mixed local and domain accounts.
> We cannot lookup up local AND domain users with just the plain
> username from Windows. Instead we have to do lookups twice:
> 
> 1. Configuration:
> $ hostname
> LAB14
> $ getent passwd
> LAB14+SW-Install:*:197611:197121:U-LAB14\SW-Install,S-1-5-21-521464686-2813731464-1693715110-1003:/home/SW-Install:/bin/bash
> 
> 2. Looking up user by plain Windows user name fails:
> $ getent passwd 'SW-Install' || echo fail
> fail
> 
> 3. Looking up user by Hostname plus Windows user name works:
> $ getent passwd 'LAB14+SW-Install' || echo fail
> LAB14+SW-Install:*:197611:197121:U-LAB14\SW-Install,S-1-5-21-521464686-2813731464-1693715110-1003:/home/SW-Install:/bin/bash
> 
> But I cannot lookup domain users with getent passwd
> "${domainname}+${winusername}" or  getent passwd
> "${hostname}+${winusername}"; only getent passwd "${winusername}"
> works.
> 
> How can I lookup the passwd entries by plain unprefixed Windows user
> name, for both local and domain users, without editing
> /etc/nfsswitch.conf (IT policy says we are NOT to touch that file!!)
       ^ NFS on the brain? ;^>

Your IT policy is probably limiting what you can and have to do!
What does /etc/nsswitch.conf contain, as that will affect how and what is looked 
up by default, and is cygserver running to cache and share lookups?

For example, you may not want getent passwd to fetch and dump all your AD 
entries, but having some easily available and cached would speed up a lot of 
operations, eliminate AD refetches, and some long slow AD searches.

Default /etc/nsswitch.conf does not include local SAM, /etc/ files, or AD:

# db_enum:  cache builtin
# db_enum - getpwent or getgrent database search depth
# db_enum: source1 source2 ...
# Sources:
# none  No output from getpwent/getgrent at all.
# all   The opposite. Enumerates accounts from all known sources,
#       including all trusted domains.
# cache Enumerate all accounts currently cached in memory.
# builtin
#       Enumerate the predefined builtin accounts for backward compatibility.
#       These are five passwd accounts (SYSTEM, LocalService, NetworkService,
#       Administrators, TrustedInstaller)
#       and two group accounts (SYSTEM and TrustedInstaller).
# files Enumerate the accounts from /etc/passwd or /etc/group.
# local Enumerate all accounts from the local SAM.
# primary
#       Enumerate all accounts from the primary domain.
# alltrusted
#       Enumerate all accounts from all trusted domains.
# some.domain
#       Enumerate all accounts from the trusted domain some.domain.
# Examples:
# db_enum: none
#       No output from getpwent/getgrent at all.
# db_enum: cache files
#       Enumerate all accounts cached by the current process,
#       plus all entries from either the /etc/passwd or /etc/group file.
# db_enum: cache local primary
#       Enumerate all accounts cached by the current process,
#       all accounts from the SAM of the local machine,
#       and all accounts from the primary domain of the machine.
# db_enum: local primary alltrusted
#       Enumerate the accounts from the machine's SAM,
#       from the primary domain of the machine, and from all trusted domains.
# db_enum: primary domain1.corp sub.domain.corp domain2.net
#       Enumerate the accounts from the primary domain and from the domains
#       domain1.corp, sub.domain.corp and domain2.net.
# db_enum: all
#       Enumerate everything and the kitchen sink.

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer     but when there is no more to cut
                                 -- Antoine de Saint-Exupéry

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

DMARC-Filter:	OpenDMARC Filter v1.4.2 delorie.com 4BALNNZr1306249
Authentication-Results:	delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results:	delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter:	OpenDKIM Filter v2.11.0 delorie.com 4BALNNZr1306249
Authentication-Results:	delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=btRtJ7ag
X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 4C3E53858289
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1733865801;
	bh=Ca7deUv/AExJY7BamY+DrCIgufIouMhJeLb/2lmckEs=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	From;
	b=btRtJ7agzObdRhE3aft/vRq7qQs+qgTasEykMI3HGSclrLP1GI1uNlyi266mvB1Up
	Vx9Z5clKkVEUXmCaBwUnYLevpYwa7x0ld+i4Q+568JR8i79Du7Fq1NyMRKaVrtod5Y
	B+yIP1Zo5Qr+pMXkDG2pH1JDUo3sFN/S6ABHDur4=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 295F93858D33
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org 295F93858D33
ARC-Seal:	i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733865775; cv=none;
	b=q0GPgfOfxIR+3cZZze5LKJUksdEg/8T+nT1DFYL+4wNWrl/+RpKwRLq0FOAKcpw3IgIdaSVyy/afj9jerqn/kYUWY2Bv10P6LYWrny/02S/1im/K8tanrCruoR1imE2eKarkRw1Oi1Ro9MxKhj94RMmiU6ohpLKOYBFrTT/R6KM=
ARC-Message-Signature:	i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1733865775; c=relaxed/simple;
	bh=uON2UvQhD36M2JYXn/Lg/82nSYb5waepa9FaKEXFMDs=;
	h=Message-ID:Date:MIME-Version:Subject:To:From:DKIM-Signature;
	b=c4kq0O0bU6L3AH1hk1BjSlJmCvCrNL5zCmn6g9mM6ZWMEDwSInDAOyJyh9RxYp7cQae9YUl3YKGVeXFH/Zt+PSU7AqM3HhWjBU3TrN+nRLUtYHuiey8IP4Nojw1VnllikWviybnnJMhDUwGN8RI/6hQFcW8XIhVGJwZj0fB7pI8=
ARC-Authentication-Results:	i=1; server2.sourceware.org
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 295F93858D33
Message-ID:	<62d02a80-2faf-4547-a5f3-ff8afe9bda46@SystematicSW.ab.ca>
Date:	Tue, 10 Dec 2024 14:22:52 -0700
MIME-Version:	1.0
User-Agent:	Mozilla Thunderbird
Subject:	Re: getent passwd which works for unprefixed Windows user names with
	both local and domain users?
To:	cygwin AT cygwin DOT com
References:	<CALXu0UfQmvNfQ0UFfcTp1hvTYCzQ621ypCWUDuGrPj8wKddkQw AT mail DOT gmail DOT com>
Autocrypt:	addr=Brian DOT Inglis AT Shaw DOT ca; keydata=
	xjMEXopx9BYJKwYBBAHaRw8BAQdAPq8FIaW+Bz7xnfyJ1gHQyf2EZo5sAwSPy/bRAcLeWl/N
	I0JyaWFuIEluZ2xpcyA8QnJpYW4uSW5nbGlzQFNoYXcuY2E+wpYEExYIAD4WIQTG63sbl+cr
	2nyOuZiKvQKcH1E27wUCXopx9AIbAwUJCWYBgAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAK
	CRCKvQKcH1E276DmAP91Bt8kfJhKHYb9b2sao2fxwJFsl1GlRi516WKI0OkphQEA+ULITsPs
	blfzSq+GgI7q4LPfRfTLy4Oo3gorlnhnfgnOOAReinH0EgorBgEEAZdVAQUBAQdAepgIsLwm
	GQicfoIBaB9xHp63MQJqVCPbgPzESTg7EEwDAQgHwn0EGBYIACYWIQTG63sbl+cr2nyOuZiK
	vQKcH1E27wUCXopx9AIbDAUJCWYBgAAKCRCKvQKcH1E27+zoAP4u2ivMQBAqaMeLOilqRWgy
	nV2ATImz1p2v1H5P4kBiDwD3caPK1cxU5lijzuSDCjgtIpgF/avHbjA32fxJdIRwAA==
Organization:	Systematic Software
In-Reply-To:	<CALXu0UfQmvNfQ0UFfcTp1hvTYCzQ621ypCWUDuGrPj8wKddkQw@mail.gmail.com>
X-Rspamd-Queue-Id:	8F3772000D
X-Rspamd-Server:	rspamout05
X-Stat-Signature:	w9zwaaayxto8zxwmc5udx1pr7gb6g93m
X-Session-Marker:	427269616E2E496E676C69734053797374656D6174696353572E61622E6361
X-Session-ID:	U2FsdGVkX1+x3m0O69f748XZsd1b/kUhbzPM4zlKfeo=
X-HE-Tag:	1733865757-778376
X-HE-Meta:	U2FsdGVkX19kVU9PFlTg65lVUhxDK1qT21FCwy1gwCN+3jTi8xJEqdf3g1s0TrGgNRhlSuDT7zwMOlZ1G8u4zHbUW12k9PQJ0QN1A2HBd0lALY3Es5c2N2G7i8uYhEAEDfo13Zr6bBpHu/yJotMdTZF8gmZyMsLjP1CBvQef5rHT6s13uUnKekse0+lXPPqgyytHB2uY99tqVxez92+vmANEVFK58XLFHmYslq9+QG8cX/tMTX0jvuz/Oey4KbhiQIFYwPWiKLyXwG5dKLLpd9pGQRSLQATiMLxotUYgvlC9tr1WVIumMDAhjtcpSRbfLcxr51DC+xFcFDCTF/rvVE0V82FUzKTmztEXoPcQn3LOb9LR7qci73jnnZ+6mqtYwmOzFeFZkpYUs+2m+Gt5tw==
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Brian Inglis via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	cygwin AT cygwin DOT com
Cc:	Brian Inglis <Brian DOT Inglis AT SystematicSW DOT ab DOT ca>
Errors-To:	cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 4BALNNZr1306249

webmaster	delorie software privacy
Copyright � 2019 by DJ Delorie	Updated Jul 2019