DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 4BALNNZr1306249 Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 4BALNNZr1306249 Authentication-Results: delorie.com; dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=btRtJ7ag X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4C3E53858289 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1733865801; bh=Ca7deUv/AExJY7BamY+DrCIgufIouMhJeLb/2lmckEs=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=btRtJ7agzObdRhE3aft/vRq7qQs+qgTasEykMI3HGSclrLP1GI1uNlyi266mvB1Up Vx9Z5clKkVEUXmCaBwUnYLevpYwa7x0ld+i4Q+568JR8i79Du7Fq1NyMRKaVrtod5Y B+yIP1Zo5Qr+pMXkDG2pH1JDUo3sFN/S6ABHDur4= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 295F93858D33 ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 295F93858D33 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733865775; cv=none; b=q0GPgfOfxIR+3cZZze5LKJUksdEg/8T+nT1DFYL+4wNWrl/+RpKwRLq0FOAKcpw3IgIdaSVyy/afj9jerqn/kYUWY2Bv10P6LYWrny/02S/1im/K8tanrCruoR1imE2eKarkRw1Oi1Ro9MxKhj94RMmiU6ohpLKOYBFrTT/R6KM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733865775; c=relaxed/simple; bh=uON2UvQhD36M2JYXn/Lg/82nSYb5waepa9FaKEXFMDs=; h=Message-ID:Date:MIME-Version:Subject:To:From:DKIM-Signature; b=c4kq0O0bU6L3AH1hk1BjSlJmCvCrNL5zCmn6g9mM6ZWMEDwSInDAOyJyh9RxYp7cQae9YUl3YKGVeXFH/Zt+PSU7AqM3HhWjBU3TrN+nRLUtYHuiey8IP4Nojw1VnllikWviybnnJMhDUwGN8RI/6hQFcW8XIhVGJwZj0fB7pI8= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 295F93858D33 Message-ID: <62d02a80-2faf-4547-a5f3-ff8afe9bda46@SystematicSW.ab.ca> Date: Tue, 10 Dec 2024 14:22:52 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: getent passwd which works for unprefixed Windows user names with both local and domain users? Content-Language: en-CA To: cygwin AT cygwin DOT com References: Autocrypt: addr=Brian DOT Inglis AT Shaw DOT ca; keydata= xjMEXopx9BYJKwYBBAHaRw8BAQdAPq8FIaW+Bz7xnfyJ1gHQyf2EZo5sAwSPy/bRAcLeWl/N I0JyaWFuIEluZ2xpcyA8QnJpYW4uSW5nbGlzQFNoYXcuY2E+wpYEExYIAD4WIQTG63sbl+cr 2nyOuZiKvQKcH1E27wUCXopx9AIbAwUJCWYBgAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAK CRCKvQKcH1E276DmAP91Bt8kfJhKHYb9b2sao2fxwJFsl1GlRi516WKI0OkphQEA+ULITsPs blfzSq+GgI7q4LPfRfTLy4Oo3gorlnhnfgnOOAReinH0EgorBgEEAZdVAQUBAQdAepgIsLwm GQicfoIBaB9xHp63MQJqVCPbgPzESTg7EEwDAQgHwn0EGBYIACYWIQTG63sbl+cr2nyOuZiK vQKcH1E27wUCXopx9AIbDAUJCWYBgAAKCRCKvQKcH1E27+zoAP4u2ivMQBAqaMeLOilqRWgy nV2ATImz1p2v1H5P4kBiDwD3caPK1cxU5lijzuSDCjgtIpgF/avHbjA32fxJdIRwAA== Organization: Systematic Software In-Reply-To: X-Rspamd-Queue-Id: 8F3772000D X-Rspamd-Server: rspamout05 X-Stat-Signature: w9zwaaayxto8zxwmc5udx1pr7gb6g93m X-Session-Marker: 427269616E2E496E676C69734053797374656D6174696353572E61622E6361 X-Session-ID: U2FsdGVkX1+x3m0O69f748XZsd1b/kUhbzPM4zlKfeo= X-HE-Tag: 1733865757-778376 X-HE-Meta: U2FsdGVkX19kVU9PFlTg65lVUhxDK1qT21FCwy1gwCN+3jTi8xJEqdf3g1s0TrGgNRhlSuDT7zwMOlZ1G8u4zHbUW12k9PQJ0QN1A2HBd0lALY3Es5c2N2G7i8uYhEAEDfo13Zr6bBpHu/yJotMdTZF8gmZyMsLjP1CBvQef5rHT6s13uUnKekse0+lXPPqgyytHB2uY99tqVxez92+vmANEVFK58XLFHmYslq9+QG8cX/tMTX0jvuz/Oey4KbhiQIFYwPWiKLyXwG5dKLLpd9pGQRSLQATiMLxotUYgvlC9tr1WVIumMDAhjtcpSRbfLcxr51DC+xFcFDCTF/rvVE0V82FUzKTmztEXoPcQn3LOb9LR7qci73jnnZ+6mqtYwmOzFeFZkpYUs+2m+Gt5tw== X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Brian Inglis via Cygwin Reply-To: cygwin AT cygwin DOT com Cc: Brian Inglis Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 4BALNNZr1306249 On 2024-12-10 06:35, Cedric Blancher via Cygwin wrote: > Good afternoon! > > We have a Win10 env with mixed local and domain accounts. > We cannot lookup up local AND domain users with just the plain > username from Windows. Instead we have to do lookups twice: > > 1. Configuration: > $ hostname > LAB14 > $ getent passwd > LAB14+SW-Install:*:197611:197121:U-LAB14\SW-Install,S-1-5-21-521464686-2813731464-1693715110-1003:/home/SW-Install:/bin/bash > > 2. Looking up user by plain Windows user name fails: > $ getent passwd 'SW-Install' || echo fail > fail > > 3. Looking up user by Hostname plus Windows user name works: > $ getent passwd 'LAB14+SW-Install' || echo fail > LAB14+SW-Install:*:197611:197121:U-LAB14\SW-Install,S-1-5-21-521464686-2813731464-1693715110-1003:/home/SW-Install:/bin/bash > > But I cannot lookup domain users with getent passwd > "${domainname}+${winusername}" or getent passwd > "${hostname}+${winusername}"; only getent passwd "${winusername}" > works. > > How can I lookup the passwd entries by plain unprefixed Windows user > name, for both local and domain users, without editing > /etc/nfsswitch.conf (IT policy says we are NOT to touch that file!!) ^ NFS on the brain? ;^> Your IT policy is probably limiting what you can and have to do! What does /etc/nsswitch.conf contain, as that will affect how and what is looked up by default, and is cygserver running to cache and share lookups? For example, you may not want getent passwd to fetch and dump all your AD entries, but having some easily available and cached would speed up a lot of operations, eliminate AD refetches, and some long slow AD searches. Default /etc/nsswitch.conf does not include local SAM, /etc/ files, or AD: # db_enum: cache builtin # db_enum - getpwent or getgrent database search depth # db_enum: source1 source2 ... # Sources: # none No output from getpwent/getgrent at all. # all The opposite. Enumerates accounts from all known sources, # including all trusted domains. # cache Enumerate all accounts currently cached in memory. # builtin # Enumerate the predefined builtin accounts for backward compatibility. # These are five passwd accounts (SYSTEM, LocalService, NetworkService, # Administrators, TrustedInstaller) # and two group accounts (SYSTEM and TrustedInstaller). # files Enumerate the accounts from /etc/passwd or /etc/group. # local Enumerate all accounts from the local SAM. # primary # Enumerate all accounts from the primary domain. # alltrusted # Enumerate all accounts from all trusted domains. # some.domain # Enumerate all accounts from the trusted domain some.domain. # Examples: # db_enum: none # No output from getpwent/getgrent at all. # db_enum: cache files # Enumerate all accounts cached by the current process, # plus all entries from either the /etc/passwd or /etc/group file. # db_enum: cache local primary # Enumerate all accounts cached by the current process, # all accounts from the SAM of the local machine, # and all accounts from the primary domain of the machine. # db_enum: local primary alltrusted # Enumerate the accounts from the machine's SAM, # from the primary domain of the machine, and from all trusted domains. # db_enum: primary domain1.corp sub.domain.corp domain2.net # Enumerate the accounts from the primary domain and from the domains # domain1.corp, sub.domain.corp and domain2.net. # db_enum: all # Enumerate everything and the kitchen sink. -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple