On 2024-12-10 06:35, Cedric Blancher via Cygwin wrote:
Good afternoon!
We have a Win10 env with mixed local and domain accounts.
We cannot lookup up local AND domain users with just the plain
username from Windows. Instead we have to do lookups twice:
1. Configuration:
$ hostname
LAB14
$ getent passwd
LAB14+SW-Install:*:197611:197121:U-LAB14\SW-Install,S-1-5-21-521464686-2813731464-1693715110-1003:/home/SW-Install:/bin/bash
2. Looking up user by plain Windows user name fails:
$ getent passwd 'SW-Install' || echo fail
fail
3. Looking up user by Hostname plus Windows user name works:
$ getent passwd 'LAB14+SW-Install' || echo fail
LAB14+SW-Install:*:197611:197121:U-LAB14\SW-Install,S-1-5-21-521464686-2813731464-1693715110-1003:/home/SW-Install:/bin/bash
But I cannot lookup domain users with getent passwd
"${domainname}+${winusername}" or getent passwd
"${hostname}+${winusername}"; only getent passwd "${winusername}"
works.
How can I lookup the passwd entries by plain unprefixed Windows user
name, for both local and domain users, without editing
/etc/nfsswitch.conf (IT policy says we are NOT to touch that file!!)
^ NFS on the brain? ;^>
Your IT policy is probably limiting what you can and have to do!
What does /etc/nsswitch.conf contain, as that will affect how and what is looked
up by default, and is cygserver running to cache and share lookups?
For example, you may not want getent passwd to fetch and dump all your AD
entries, but having some easily available and cached would speed up a lot of
operations, eliminate AD refetches, and some long slow AD searches.
Default /etc/nsswitch.conf does not include local SAM, /etc/ files, or AD:
# db_enum: cache builtin
# db_enum - getpwent or getgrent database search depth
# db_enum: source1 source2 ...
# Sources:
# none No output from getpwent/getgrent at all.
# all The opposite. Enumerates accounts from all known sources,
# including all trusted domains.
# cache Enumerate all accounts currently cached in memory.
# builtin
# Enumerate the predefined builtin accounts for backward compatibility.
# These are five passwd accounts (SYSTEM, LocalService, NetworkService,
# Administrators, TrustedInstaller)
# and two group accounts (SYSTEM and TrustedInstaller).
# files Enumerate the accounts from /etc/passwd or /etc/group.
# local Enumerate all accounts from the local SAM.
# primary
# Enumerate all accounts from the primary domain.
# alltrusted
# Enumerate all accounts from all trusted domains.
# some.domain
# Enumerate all accounts from the trusted domain some.domain.
# Examples:
# db_enum: none
# No output from getpwent/getgrent at all.
# db_enum: cache files
# Enumerate all accounts cached by the current process,
# plus all entries from either the /etc/passwd or /etc/group file.
# db_enum: cache local primary
# Enumerate all accounts cached by the current process,
# all accounts from the SAM of the local machine,
# and all accounts from the primary domain of the machine.
# db_enum: local primary alltrusted
# Enumerate the accounts from the machine's SAM,
# from the primary domain of the machine, and from all trusted domains.
# db_enum: primary domain1.corp sub.domain.corp domain2.net
# Enumerate the accounts from the primary domain and from the domains
# domain1.corp, sub.domain.corp and domain2.net.
# db_enum: all
# Enumerate everything and the kitchen sink.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
