[Samba] getent and wbinfo not returning expected results?
Mike Partyka
For some time now have been trying to connect a Samba-3.0.14a-0.4
server running on SuSE Ent 9 linux server to our Exchange 2003
(running on Server 2003 Std w/ SP1) server which is also the AD
server for our domain.
I can connect to the shares using the AD as the authentication
source, so the basic functionality is there but some command output
does not show in the way i expect it to.
Such as the "getent passwd" command should return a listing of the
local passwd file with the Active Directory users appended to it, but
it only lists the local passwd file.
I can have checked the kerberos ticket to make sure it's still valid,
here is the output:
>
> Credentials cache: FILE:/tmp/krb5cc_0
> Principal: Admini...@DOMAIN.COM
>
> Issued Expires Principal
> Sep 16 11:44:08 Sep 16 21:44:08 krbtgt/DOMAI...@DOMAIN.COM
And i test the join and it is valid, here is the output:
> Join is OK
Some commands work but not the way i would expect them to, such as
"wbinfo -u". This command comes back with a list of users from the AD
but the domain name is not prepended as i would expect with the
domain separator value between the domain name and the username.
"wbinfo -g" is exactly the same, it comes back with a list of AD
groups but the domain is not prepended, what would cause this behavior?
Here is the global section of my smb.conf, maybe i am missing
something that will be obvious to users on this list.
> [global]
> workgroup = domain
> netbios name = mps1intmx01
> server string = SMB %v for domain.com
> security = ADS
> encrypt passwords = Yes
> template shell = /bin/bash
> realm = DOMAIN.COM
>
> # Winbind settings
> idmap backend = idmap_rid:DOMAIN=500-5000
> idmap uid = 500-1000
> idmap gid = 500-1000
> winbind separator = /
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind nested groups = Yes
> allow trusted domains = No
>
> preferred master = No
> local master = No
> wins server = msp1intmx02.domain.com
>
> log level = 10
TIA!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Doug Sampson
Remove 'winbind use default domain = Yes' from smb.conf and you'll see the
domain name prepended to the output from 'wbinfo -u' & 'wbinfo -g' commands.
~Doug
Doug Sampson
> passwd OR group, is still only listing the local users and groups
<sigh> According to the Samba docs, it's either the NSS switch or the PAM
modules or both that appear to be preventing the enumeration of
users/groups. I have on hand TOSHARG and the 'Samba-3 By Examples' books.
Check page 228 section 12 in 'Samba-3 by Examples' and you will see what I
am referring to.
I'm using FreeBSD and their NSS libraries are different from Linux's and I'm
wondering if that is the cause. FreeBSD uses nss_winbind.so.1 whereas there
are numerous references to libnss_winbind.so.2 in TOSHARG which is based on
Linux. I fear FreeBSD's GCC compiler is either older and/or different than
Linux's. What distro are you using?
> Yes this is sound advice i was playing around with some others like the
> + , which seems to be a common choice but testparm complained about it
> so i changed it to what you see.
Yeah. The separator isn't the real cause behind your woes though.
Let me know what you come up with.
John H Terpstra
> > I did and this did address the wbinfo -u OR -g output but the getent
> > passwd OR group, is still only listing the local users and groups
>
> <sigh> According to the Samba docs, it's either the NSS switch or the PAM
> modules or both that appear to be preventing the enumeration of
> users/groups. I have on hand TOSHARG and the 'Samba-3 By Examples' books.
> Check page 228 section 12 in 'Samba-3 by Examples' and you will see what I
> am referring to.
If 'wbinfo -u' returns the domain user list, but 'getent passwd' does not,
this means that NSS is not working. It has nothing to do with PAM.
>
> I'm using FreeBSD and their NSS libraries are different from Linux's and
> I'm wondering if that is the cause. FreeBSD uses nss_winbind.so.1 whereas
> there are numerous references to libnss_winbind.so.2 in TOSHARG which is
> based on Linux. I fear FreeBSD's GCC compiler is either older and/or
> different than Linux's. What distro are you using?
Have you joined the Samba server to the domain?
What do 'net rpc info' and 'net ads info' report?
Is winbindd running?
Did you rename the libnss_winbind.so.2 file to nss_winbind.so.1?
Did you locate this in the /lib or the /usr/lib directory?
What error logs are you seeing in /var/adm/messages?
> > Yes this is sound advice i was playing around with some others like the
> > + , which seems to be a common choice but testparm complained about it
> > so i changed it to what you see.
>
> Yeah. The separator isn't the real cause behind your woes though.
It certainly sounds more like a basic software installation and configuration
issue.
- John T.
> Let me know what you come up with.
>
> ~Doug
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.
Mike Partyka
net rpc info returns nothing
net ads info, returns:
msp1intmx01:~ # net ads info
LDAP server: 71.4.126.89
LDAP server name: msp1intmx02
Realm: DOMAIN.COM
Bind Path: dc=DOMAIN,dc=COM
LDAP port: 389
Server time: Fri, 16 Sep 2005 14:17:38 GMT
KDC server: 71.4.126.89
Server time offset: 0
I didn't think i was using ldap to store the idmap values for users,
i thought the smb.conf setting idmap backend=idmap_rid
>
> Is winbindd running?
Yes
>
> Did you rename the libnss_winbind.so.2 file to nss_winbind.so.1?
No, i did not see that step in any of the documentation i have used.
I did this and restarted winbind but it seemed to have no effect.
> Did you locate this in the /lib or the /usr/lib directory?
in the /lib directory only
>
> What error logs are you seeing in /var/adm/messages?
I am seeing a number of messages like this:
Sep 16 14:21:17 msp1intmx01 winbindd[23202]:
rid_idmap_get_id_from_sid: rid: 1157 (UID: 1657) too high
for mapping of domain: JUMPNODE (500-1000)
Which i assume is related to the fact that i changed the
idmap_backend setting earlier this morning in the smb.conf file.
Here is what it currently set to:
idmap backend = idmap_rid:JUMPNODE=500-1000
idmap uid = 500-1000
idmap gid = 500-1000
This morning the idmap_backend had a range of 500-5000 but then i ran
winbindd -i -d3 and i saw winbind complaining about the range being
set too high, and i adjusted it down. Is there someplace i need to
clear the old values from? I have since restarted winbind several
times but that does not seem to be sufficient.
Thank You,
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
>
> Author:
> The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
> Samba-3 by Example, 2 Ed., ISBN: 0131882221X
> Hardening Linux, ISBN: 0072254971
> Other books in production.
>
Mike Partyka
Jumpnode Systems, LLC
Systems Administrator
(612)605-5056 Desk
(612)605-5099 Fax
John H Terpstra
ADS uses LDAP. The user and group account info when Samba is an ADS domain
member is obtained from the LDAP service that is part of ADS. The IDMAP
backend defines how the user and group SIDs are handled. The idmap_rid tool
uses the value of the relative identifier (RID) part of the user SID as the
UID. The RID can have any value from 1000 up to 4294967295. Typically the RID
is allocated sequentially starting at 1000, but this appears not always to be
the case.
>
> > Is winbindd running?
>
> Yes
>
> > Did you rename the libnss_winbind.so.2 file to nss_winbind.so.1?
>
> No, i did not see that step in any of the documentation i have used.
For months I asked for review and feedback from Samba mailing list users. All
feedback that I received was adopted. Samba is user supported software. The
more people who provide documentation feedback, the better to documentation
becomes.
> I did this and restarted winbind but it seemed to have no effect.
>
> > Did you locate this in the /lib or the /usr/lib directory?
>
> in the /lib directory only
It needs to be in the same directory that the other nss_*.so* files are in.
The version number may need to be .1 or .2 - I am not sure.
>
> > What error logs are you seeing in /var/adm/messages?
>
> I am seeing a number of messages like this:
>
> Sep 16 14:21:17 msp1intmx01 winbindd[23202]:
> rid_idmap_get_id_from_sid: rid: 1157 (UID: 1657) too high
> for mapping of domain: JUMPNODE (500-1000)
The system accounts will use values of 500-1000, user acconts always above
999. i.e.: starting at 1000.
>
> Which i assume is related to the fact that i changed the
> idmap_backend setting earlier this morning in the smb.conf file.
If you change the settings you must delete the winbind_idmap.tdb and
winbind_cache.tdb files before restarting smbd and winbind.
> Here is what it currently set to:
>
> idmap backend = idmap_rid:JUMPNODE=500-1000
> idmap uid = 500-1000
> idmap gid = 500-1000
>
The upper-bound of the uid and gid ranges are much too low. Follow the
examples I gave in the book.
> This morning the idmap_backend had a range of 500-5000 but then i ran
> winbindd -i -d3 and i saw winbind complaining about the range being
> set too high, and i adjusted it down. Is there someplace i need to
> clear the old values from? I have since restarted winbind several
> times but that does not seem to be sufficient.
Remove the winbind*tdb files and restart winbindd.
- John T.
Mike Partyka
On Sep 16, 2005, at 2:57 PM, John H Terpstra wrote:
>>> Did you rename the libnss_winbind.so.2 file to nss_winbind.so.1?
>>>
>>
>> No, i did not see that step in any of the documentation i have used.
>>
>
> For months I asked for review and feedback from Samba mailing list
> users. All
> feedback that I received was adopted. Samba is user supported
> software. The
> more people who provide documentation feedback, the better to
> documentation
> becomes.
that to be an excuse, i will do better going forward.
> The system accounts will use values of 500-1000, user acconts
> always above
> 999. i.e.: starting at 1000.
>
> Remove the winbind*tdb files and restart winbindd.
I adjusted this range up much higher (1000000-5000000)
I then deleted these files as John recommended and the restarted
winbind and smb.
Amazingly, now "getent passwd" returns the local user list with the
domain users appended to it, W00T!
PS-The community effort that many people put into the lists as far as
helping other users is always impressive to me and it's really
something to admire but this afternoon topped all when i got a long
distance call from John Terpstra, whose book i have sitting on my
desk at home, and who wrote the Samba documentation that many of us
use so frequently, the experience I have to say was a little intense.
60 seconds into the call John stated rather than asked, "Your really
new to Samba aren't you?", I can only laugh when thinking about it.
John, Doug, Thanks for your help!
>
> - John T.
>
Mike Partyka
Jumpnode Systems, LLC
Systems Administrator
(612)605-5056 Desk
(612)605-5099 Fax
John H Terpstra
> On Sep 16, 2005, at 2:57 PM, John H Terpstra wrote:
> >>> Did you rename the libnss_winbind.so.2 file to nss_winbind.so.1?
> >>
> >> No, i did not see that step in any of the documentation i have used.
> >
> > For months I asked for review and feedback from Samba mailing list
> > users. All
> > feedback that I received was adopted. Samba is user supported
> > software. The
> > more people who provide documentation feedback, the better to
> > documentation
> > becomes.
>
> I was not active in this mailing list at that time but don't mean
> that to be an excuse, i will do better going forward.
>
> > The system accounts will use values of 500-1000, user acconts
> > always above
> > 999. i.e.: starting at 1000.
> >
> > Remove the winbind*tdb files and restart winbindd.
>
> I adjusted this range up much higher (1000000-5000000)
Suggest you consider 500-40000000 so that all RIDs can be accomodated.
>
> I then deleted these files as John recommended and the restarted
> winbind and smb.
>
> Amazingly, now "getent passwd" returns the local user list with the
> domain users appended to it, W00T!
>
> PS-The community effort that many people put into the lists as far as
> helping other users is always impressive to me and it's really
> something to admire but this afternoon topped all when i got a long
> distance call from John Terpstra, whose book i have sitting on my
> desk at home, and who wrote the Samba documentation that many of us
> use so frequently, the experience I have to say was a little intense.
I hope not too intense! :-)
> 60 seconds into the call John stated rather than asked, "Your really
> new to Samba aren't you?", I can only laugh when thinking about it.
There is nothing wrong with being new to Samba - in fact, there ought to be
more if it. ;-)
- John T.
> John, Doug, Thanks for your help!
>
> > - John T.
>
> Mike Partyka
> Jumpnode Systems, LLC
> Systems Administrator
> (612)605-5056 Desk
> (612)605-5099 Fax
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.
Doug Sampson
> passwd' does not,
> this means that NSS is not working. It has nothing to do with PAM.
>
> >
> > I'm using FreeBSD and their NSS libraries are different
> from Linux's and
> > I'm wondering if that is the cause. FreeBSD uses
> nss_winbind.so.1 whereas
> > there are numerous references to libnss_winbind.so.2 in
> TOSHARG which is
> > based on Linux. I fear FreeBSD's GCC compiler is either older and/or
> > different than Linux's. What distro are you using?
>
> Have you joined the Samba server to the domain?
> What do 'net rpc info' and 'net ads info' report?
aries-root@/usr/local/etc: net rpc info
Domain Name: DSP
Domain SID: S-1-5-21-2008768363-1786319642-1659389152
Sequence number: 15618
Num users: 124
Num domain groups: 16
Num local groups: 1
> Is winbindd running?
aries-root@/usr/local/etc: ps aux | grep winbind
root 8276 0.0 0.3 4644 2884 ?? Ss 12:26PM 0:00.01 winbindd -d4
root 8277 0.0 0.3 4584 2836 ?? I 12:26PM 0:00.01 winbindd -d4
>
> Did you rename the libnss_winbind.so.2 file to nss_winbind.so.1?
> Did you locate this in the /lib or the /usr/lib directory?
>
> What error logs are you seeing in /var/adm/messages?
On my FreeBSD machine, the log is located at /var/log/messages:
Sep 16 12:26:21 aries winbindd[8277]: [2005/09/16 12:26:21, 0]
rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700)
Sep 16 12:26:21 aries winbindd[8277]: rpc_pipe_bind failed
Sep 16 12:26:25 aries nmbd[8278]: [2005/09/16 12:26:25, 0]
nmbd/nmbd.c:main(737)
Sep 16 12:26:25 aries nmbd[8278]: standard input is not a socket, assuming
-D option
Sep 16 12:26:25 aries smbd[8280]: [2005/09/16 12:26:25, 0]
passdb/pdb_tdb.c:tdbsam_tdbopen(195)
Sep 16 12:26:25 aries smbd[8280]: Unable to open/create TDB passwd
Sep 16 12:26:25 aries smbd[8280]: [2005/09/16 12:26:25, 0]
passdb/pdb_tdb.c:tdbsam_getsampwrid(488)
Sep 16 12:26:25 aries smbd[8280]: pdb_getsampwrid: Unable to open TDB rid
database!
Sep 16 12:26:25 aries smbd[8280]: NSSWITCH(nsparser): /etc/nsswitch.conf
line 1: 'compat' used with other sources
Sep 16 12:26:25 aries smbd[8280]: NSSWITCH(nsparser): /etc/nsswitch.conf
line 2: 'compat' used with other sources
Sep 16 12:26:25 aries smbd[8280]: NSSWITCH(nss_load_module): wins, Undefined
symbol "nss_module_register"
Sep 16 12:26:25 aries smbd[8280]: [2005/09/16 12:26:25, 0]
smbd/server.c:main(839)
Sep 16 12:26:25 aries smbd[8280]: standard input is not a socket, assuming
-D option
Sep 16 12:26:29 aries ps: NSSWITCH(nsparser): /etc/nsswitch.conf line 1:
'compat' used with other sources
Sep 16 12:26:29 aries ps: NSSWITCH(nsparser): /etc/nsswitch.conf line 2:
'compat' used with other sources
Sep 16 12:26:29 aries ps: NSSWITCH(nss_load_module): wins, Undefined symbol
"nss_module_register"
Sep 16 12:26:51 aries getent: NSSWITCH(nsparser): /etc/nsswitch.conf line 1:
'compat' used with other sources
Sep 16 12:26:51 aries getent: NSSWITCH(nsparser): /etc/nsswitch.conf line 2:
'compat' used with other sources
Sep 16 12:26:51 aries getent: NSSWITCH(nss_load_module): wins, Undefined
symbol "nss_module_register"
Sep 16 13:00:00 aries newsyslog: NSSWITCH(nsparser): /etc/nsswitch.conf line
1: 'compat' used with other sources
Sep 16 13:00:00 aries newsyslog: NSSWITCH(nsparser): /etc/nsswitch.conf line
2: 'compat' used with other sources
Sep 16 13:00:00 aries newsyslog: NSSWITCH(nss_load_module): wins, Undefined
symbol "nss_module_register"
Sep 16 13:06:07 aries ls: NSSWITCH(nsparser): /etc/nsswitch.conf line 1:
'compat' used with other sources
Sep 16 13:06:07 aries ls: NSSWITCH(nsparser): /etc/nsswitch.conf line 2:
'compat' used with other sources
Sep 16 13:06:07 aries ls: NSSWITCH(nss_load_module): wins, Undefined symbol
"nss_module_register"
Sep 16 13:07:08 aries ls: NSSWITCH(nsparser): /etc/nsswitch.conf line 1:
'compat' used with other sources
Sep 16 13:07:08 aries ls: NSSWITCH(nsparser): /etc/nsswitch.conf line 2:
'compat' used with other sources
Sep 16 13:07:08 aries ls: NSSWITCH(nss_load_module): wins, Undefined symbol
"nss_module_register"
Sep 16 13:26:32 aries ps: NSSWITCH(nsparser): /etc/nsswitch.conf line 1:
'compat' used with other sources
Sep 16 13:26:32 aries ps: NSSWITCH(nsparser): /etc/nsswitch.conf line 2:
'compat' used with other sources
Sep 16 13:26:32 aries ps: NSSWITCH(nss_load_module): wins, Undefined symbol
"nss_module_register"
aries-root@/usr/local/etc: ll /usr/local/lib/*win*
lrwxr-xr-x 1 root wheel 31 Sep 15 12:27
/usr/local/lib/libnss_winbind.so -> /usr/local/lib/nss_winbind.so.1
lrwxr-xr-x 1 root wheel 14 Sep 15 13:29
/usr/local/lib/libnss_winbind.so.1 -> nss_winbind.so
lrwxr-xr-x 1 root wheel 14 Sep 15 13:30
/usr/local/lib/libnss_winbind.so.2 -> nss_winbind.so
lrwxr-xr-x 1 root wheel 11 Sep 15 13:30
/usr/local/lib/libnss_wins.so.1 -> nss_wins.so
lrwxr-xr-x 1 root wheel 11 Sep 15 13:30
/usr/local/lib/libnss_wins.so.2 -> nss_wins.so
-rwxr-xr-x 1 root wheel 23057 Sep 15 13:28 /usr/local/lib/nss_winbind.so
lrwxr-xr-x 1 root wheel 14 Sep 15 13:29
/usr/local/lib/nss_winbind.so.1 -> nss_winbind.so
lrwxr-xr-x 1 root wheel 14 Sep 15 13:30
/usr/local/lib/nss_winbind.so.2 -> nss_winbind.so
-rwxr-xr-x 1 root wheel 813451 Sep 15 13:28 /usr/local/lib/nss_wins.so
lrwxr-xr-x 1 root wheel 11 Sep 15 13:30 /usr/local/lib/nss_wins.so.1
-> nss_wins.so
lrwxr-xr-x 1 root wheel 11 Sep 15 13:30 /usr/local/lib/nss_wins.so.2
-> nss_wins.so
-r-xr-xr-x 1 root wheel 15164 Sep 15 10:03 /usr/local/lib/pam_winbind.so
Does NSSWITCH follow symlinks?
Side note: Following a post in which a poster complained that when upgrading
Samba, his libraries weren't updated correctly so he has since then decided
to manually copy his libraries from the source directory to the library
path, I decided to do likewise. thus you are seeing files ending in .so as
source and links made to these source files. Perhaps that may have something
to do with the problems I am having with?
~Doug
Doug Sampson
> > passwd' does not,
> > this means that NSS is not working. It has nothing to do with PAM.
Taking a cue from above, I edited nsswitch.conf to reflect your recommended
nsswitch.conf settings as follows:
passwd: files winbind
group: files winbind
hosts: files winbind dns
networks: files
shells: files
wbinfo -u, wbinfo -g, getent passwd, and getent group now properly presents
local & domain users!!!!!!!!!!!!!! Egads! I need to be careful with what I
leave in nsswitch.conf! I'm so thrilled to get the enumeration stuff working
now!
One more thing: The getent passwd produces as follows:
aries-root@/usr/local/lib/OLD: /usr/local/sbin/getent passwd
root:$1$nKq6XJlA$znAgh1MrkzByxA6/HDuah1:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission
User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP
pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
dougs:$1$EKEN2gSO$kXpBoFW5qfpDq3KF0ODT91:1001:1001:Doug
Sampson:/home/dougs:/bin/sh
beckyr:$1$deELUVIF$rHMoGndIAUOqUTfLFQnxR.:1002:1002:Becky
Ryan:/home/beckyr:/bin/sh
alfredos:$1$SxjkDe4a$wib3bY8ugKZy.gRPnjJ2r0:1003:1003:Alfredo
Sierra:/home/alfredos:/bin/sh
michaelm:$1$bSVPy645$N02/WIbak.fLIxShs3JcT1:1004:1004:Michael
MacAulay:/home/michaelm:/bin/sh
DSP-adrianp:x:15000:15000:Adrian Pearson:/usr/home/DSP/adrianp:/bin/bash
DSP-alfredo:x:15001:15000:Alfredo Sierra:/usr/home/DSP/alfredo:/bin/bash
DSP-barry:x:15002:15000:Barry Howland:/usr/home/DSP/barry:/bin/bash
DSP-becky:x:15003:15000:Rebecca L. Ryan:/usr/home/DSP/becky:/bin/bash
DSP-benb:x:15004:15000:Ben Bahan:/usr/home/DSP/benb:/bin/bash
<...snip...>
whereas getent group produces the following:
aries-root@/usr/local/lib/OLD: /usr/local/sbin/getent group
wheel:*:0:root,dougs
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
staff:*:20:
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:
bind:*:53:
proxy:*:62:
authpf:*:63:
_pflogd:*:64:
uucp:*:66:
dialer:*:68:
network:*:69:
www:*:80:
nogroup:*:65533:
nobody:*:65534:
dougs:*:1001:
beckyr:*:1002:
alfredos:*:1003:
michaelm:*:1004:
production:*:10000:dougs,beckyr,alfredos,michaelm
DSP-CUSTSVC:x:15001:DSP-Barry,DSP-denise,DSP-susan,DSP-heatherq,DSP-GIGI,DSP
-moniqueb,DSP-TAMI,DSP-ChrisM,DSP-Leigh,DSP-Maryann,DSP-JoeS
DSP-Domain
Admins:x:15002:DSP-DSPAdmin,DSP-Tom,DSP-root,DSP-Robot,DSP-smtp2pop3,DSP-DSP
ADMIN1,DSP-Doug,DSP-Tom2
DSP-Domain Guests:x:15003:
<...snip...>
DSP-Dynamics:x:15005:DSP-Jared,DSP-Tom,DSP-Kris,DSP-Tom2
DSP-FINANCE:x:15006:DSP-DANNIS,DSP-GIGI,DSP-TAMI,DSP-Tom2,DSP-Tom,DSP-Doug,D
SP-dahmian,DSP-Jared,DSP-Holly,DSP-Lynne,DSP-boe
DSP-Management:x:15007:DSP-DANNIS,DSP-Joe,DSP-GIGI,DSP-TAMI,DSP-TJ,DSP-Tom,D
SP-Becky,DSP-Barry,DSP-Maryann,DSP-Tom2,DSP-Jon,DSP-Jared
DSP-MARKETING:x:15008:DSP-JoeS,DSP-GIGI,DSP-Becky,DSP-Barry,DSP-Leslie
Why is the prepended domain username in lower case in getent passwd but not
with getent group? Will this create problems?