When nss_winbind is configured and getpwent() is called for domain users, winbind fills NULL in GECOS user's field. This behavior is observed in samba-3.0, configured with SECURITY = DOMAIN model. For the same configuration samba-2.2.8 works fine. When using samba-3.0 with SECURITY = ADS, the GECOS (fullname) field is filled OKay. Below is the part of winbindd logfile which shows that there is NULL returned in uni_full_name. [2003/10/10 18:52:27, 6] rpc_parse/parse_prs.c:prs_debug(81) 0000e6 smb_io_unistr2 - NULL uni_full_name [2003/10/10 18:52:27, 6] rpc_parse/parse_prs.c:prs_debug(81) 0000e6 smb_io_unistr2 - NULL uni_logon_script [2003/10/10 18:52:27, 6] rpc_parse/parse_prs.c:prs_debug(81) 0000e6 smb_io_unistr2 - NULL uni_profile_path [2003/10/10 18:52:27, 6] rpc_parse/parse_prs.c:prs_debug(81) 0000e6 smb_io_unistr2 - NULL uni_home_dir
I think this is actually a caching issue. Can you remove the netsamlogon_cache.tdb and retry this? I just tried it on a Samba PDC running winbindd and it worked as expected. But if the DC is returning NULL for the full name, there's nothing we can do.
Note that my PDC is Windows 2000 PDC in mixed mode. I've removed netsamlogon_cache.tdb and retried; it works but partially. For example, the command getent passwd sibron\\rvs gives correct results (GECOS present) SIBRON\rvs:x:45096:45001:User name for RVS:/nonexist:/nonexist But the "enumerator" command getent passwd gives GECOS only for UNIX users, and then successfully enumerates Windows users but doesn't provide GECOS: lp:x:71:8:Line Printer Admin:/usr/spool/lp: [SEVERAL LINES SUPPRESSED] SIBRON\Administrator:x:45000:45001::/nonexist:/nonexist SIBRON\Guest:x:45001:45001::/nonexist:/nonexist SIBRON\rvs:x:45002:45001::/nonexist:/nonexist [SEVERAL LINES SUPPRESSED]
confirmed against NT4 PDC as well
The way to fix this in winbindd_rpc.c is to change the query_user_list() call to use samr_query_disp_info(level==1).
Created attachment 272 [details] get full name when enumerating users
this patch is a start. It's only applies when using RPC to enumerate users (e.g. security = domain or non-native AD trusted domains). We'll probably need to do the same for groups and I need to test this against large numbers of users/groups. Please let me know if this helps your setup.
Checked in the fix for 3.0.1
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
database cleanup