On Jan 10, 2019, at 12:57 PM, Corinna Vinschen > wrote: Well, it should. What happens is this: After asking the non-AD LDAP server for the account name, it asks the account fetching algorithm for that name from scratch. This depends on the /etc/nsswitch.conf settings, of course (*). Assuming "passwd: files db", it first checks the local /etc/passwd file for a matching entry for that account name, then the OS, preferring AD on an AD member machine, then local SAM. In my scenario there’s nothing in /etc/passwd, AD, or SAM for most users, but they are all available from LDAP. I’d like it to act as if there was something in /etc/passwd. It’s got all the information it needs to generate an /etc/passwd entry from LDAP. nsswitch is files db, or missing, which should default to files db. ТÒÐÐ¥&ö&ÆVÒ&W÷'G3¢‡GG¢òö7–wv–âæ6öÒ÷&ö&ÆV×2æ‡FÖÀФd¢‡GG¢òö7–wv–âæ6öÒöfðФFö7VÖVçFF–ö㢇GG¢òö7–wv–âæ6öÒöFö72æ‡FÖÀÐ¥Vç7V'67&–&R–æfó¢‡GG¢òö7–wv–âæ6öÒöÖÂò7Vç7V'67&–&R×6–×ÆPРÐ