X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:references :in-reply-to:content-type:content-transfer-encoding :mime-version; q=dns; s=default; b=AQDeWqJzLcdJSbxlaTNfPc/echNiT vfmuY3Mg+0Z9iLhcPLlHrOBSuRwLvLcoINfeidXo0tyn4D0Ug5knymn9aptjNvh2 r10UMawUwgo2xQYyphtnzK473It5/6K2WA1CubC7w5KNgUoeBqo/zHq/PyxR2nFb jUZJENstZj67H4= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:references :in-reply-to:content-type:content-transfer-encoding :mime-version; s=default; bh=N/8Hh2t9z2RXFFkO3IpxqJnSpTM=; b=mKU 1A/JQG+1rUWdxxngUK04/cVECBeeW/fvaiVm+qm2lSf7r99Z2/LwznUrHm3Kv/Xr rTleVt1FQZ78WbMvHBDdGAhs+w9T5r+g5lWyoZIQ01lu7YTWP5m9JXahgq8X5CnS 7sKlAP62jKRyRSLY426U8nfLDHfYbAZCKJZyihVY= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-5.1 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,MIME_BASE64_BLANKS,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS autolearn=ham version=3.3.1 spammy=accounts, SERVICE, Accounts, Manager X-HELO: EUR04-HE1-obe.outbound.protection.outlook.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=clarizen.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J2ESm9d3H0yBzy4s5G5aSB1BBOvZsQqCXoPAUGDOLZk=; b=JpJgJCa2e9lfXdoIjWS+Z6pdxnDyZu9E9HLnbFYF7HztbXPom+iiB9noK0iBkCUVHZ+S81CkxZJnJkb2rGUiIriQ3weR54twX9ygzvDGUBHRjo/+8bwc2cDXHU502+2ALYtDZOLG4V8m4clJSlKvvE7TL7PGpqvyha5TkGuK3jA= From: Maayan Apelboim To: "cygwin AT cygwin DOT com" Subject: RE: getent doesn't show all domain users Date: Wed, 29 May 2019 09:16:35 +0000 Message-ID: References: <7e76691f-5184-fbc6-e6ff-90f5d69b83c2 AT SystematicSw DOT ab DOT ca> In-Reply-To: <7e76691f-5184-fbc6-e6ff-90f5d69b83c2@SystematicSw.ab.ca> authentication-results: spf=none (sender IP is ) smtp.mailfrom=Maayan DOT Apelboim AT clarizen DOT com; x-ms-oob-tlc-oobclassifiers: OLM:10000; received-spf: None (protection.outlook.com: clarizen.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Maayan DOT Apelboim AT clarizen DOT com Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id x4T9GpZP031588 Yes, my active domain user is displayed. The user I'm searching for is also displayed after a few teaks / restarts. Couldn't replicate a stable workaround that always works for me - best solution I found was create passwd with mkpasswd -d and then move the file (was also not very stable, the user was found, then it wasn't and I needed to run it again, for now it works). I'm looking for something that will force getent to query my DC, or maybe delete its cache. Any idea? -----Original Message----- From: Brian Inglis [mailto:Brian DOT Inglis AT SystematicSw DOT ab DOT ca] Sent: Tuesday, May 28, 2019 6:15 PM To: cygwin AT cygwin DOT com Subject: Re: getent doesn't show all domain users On 2019-05-28 02:36, Maayan Apelboim wrote: >> Systems may have tens to hundreds of local user accounts, and domains >> may have hundreds to hundreds of thousands of user accounts. >> The system probably caches only active users, and getent enumerates >> those if no /etc/passwd file exists, as it was designed to enumerate >> only a few entries from local files. >> As it is, getent will not even enumerate hosts from the local hosts >> files or resolver. >> It appears that mkpasswd enumerates all local and system accounts in >> the Security Accounts Manager file at $SYSTEMROOT/System32/config/SAM >> loaded into /proc/registry/HKEY_LOCAL_MACHINE/SAM/, so it probably >> does the same for domain accounts from Active Directory Domain Service. > Ok, I understand why it won't display all users, but even when I query > for this specific user that exists in the domain - it returns nothing. > It only works when I have /etc/passwd file in place (generated by > mkpasswd -d), but I was told in a previous thread that I should not > use mkpasswd -d anymore, and use getent instead. > Is there something I need to do with getent to get access for all my > domain users? > Should I keep my previous passwd file generated by mkpasswd -d? Does "getent passwd" display any active domain+accounts on your system? If someone is logged on to that system from a domain+account? Check your domain membership: $ echo $USERDOMAIN $USERDOMAIN_ROAMINGPROFILE and any other DOMAIN environment variables you have, and explicitly specify a known account in that domain before the userid using a plus sign "+" separator: $ getent passwd domain+account similar to Trusted Installer: $ getent passwd nt\ service+trustedinstaller NT SERVICE+TrustedInstaller:*:328384:328384:U-NT SERVICE\TrustedInstaller,S-1-5-80-...:/:/sbin/nologin If the account doesn't display, check you are using the correct domain membership using AD DS tools or e.g a PowerShell script. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple