From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26123 invoked by alias); 28 May 2019 15:15:44 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 26072 invoked by uid 89); 28 May 2019 15:15:39 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-3.1 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 spammy=trusted, SERVICE, H*r:sk:smtp-ou, H*RU:sk:smtp-ou X-HELO: smtp-out-no.shaw.ca Received: from smtp-out-no.shaw.ca (HELO smtp-out-no.shaw.ca) (64.59.134.9) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 28 May 2019 15:15:36 +0000 Received: from [192.168.1.114] ([24.64.172.44]) by shaw.ca with ESMTP id VdozhaVSfsAGkVdp0hMC0b; Tue, 28 May 2019 09:15:26 -0600 Reply-To: Brian.Inglis@SystematicSw.ab.ca Subject: Re: getent doesn't show all domain users To: cygwin@cygwin.com References: <3a2c51fe-894d-8959-70b9-22a9d8f980aa@SystematicSw.ab.ca> From: Brian Inglis Openpgp: preference=signencrypt Message-ID: <7e76691f-5184-fbc6-e6ff-90f5d69b83c2@SystematicSw.ab.ca> Date: Tue, 28 May 2019 15:15:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2019-05/txt/msg00243.txt.bz2 On 2019-05-28 02:36, Maayan Apelboim wrote: >> Systems may have tens to hundreds of local user accounts, and domains may >> have hundreds to hundreds of thousands of user accounts. >> The system probably caches only active users, and getent enumerates those >> if no /etc/passwd file exists, as it was designed to enumerate only a few >> entries from local files. >> As it is, getent will not even enumerate hosts from the local hosts files >> or resolver. >> It appears that mkpasswd enumerates all local and system accounts in the >> Security Accounts Manager file at $SYSTEMROOT/System32/config/SAM loaded >> into /proc/registry/HKEY_LOCAL_MACHINE/SAM/, so it probably does the same >> for domain accounts from Active Directory Domain Service. > Ok, I understand why it won't display all users, but even when I query for > this specific user that exists in the domain - it returns nothing. > It only works when I have /etc/passwd file in place (generated by mkpasswd > -d), but I was told in a previous thread that I should not use mkpasswd -d > anymore, and use getent instead. > Is there something I need to do with getent to get access for all my domain > users? > Should I keep my previous passwd file generated by mkpasswd -d? Does "getent passwd" display any active domain+accounts on your system? If someone is logged on to that system from a domain+account? Check your domain membership: $ echo $USERDOMAIN $USERDOMAIN_ROAMINGPROFILE and any other DOMAIN environment variables you have, and explicitly specify a known account in that domain before the userid using a plus sign "+" separator: $ getent passwd domain+account similar to Trusted Installer: $ getent passwd nt\ service+trustedinstaller NT SERVICE+TrustedInstaller:*:328384:328384:U-NT SERVICE\TrustedInstaller,S-1-5-80-...:/:/sbin/nologin If the account doesn't display, check you are using the correct domain membership using AD DS tools or e.g a PowerShell script. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple