This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: gid doesn't display correctly on SAMBA share using AD


On Feb 25 12:26, Len Giambrone wrote:
> 
> On 02/25/2015 12:20 PM, Corinna Vinschen wrote:
> >On Feb 25 11:51, Len Giambrone wrote:
> >>On 02/25/2015 11:18 AM, Corinna Vinschen wrote:
> >>>On Feb 25 11:01, Len Giambrone wrote:
> >>>>[...]
> >>>>The username displays correctly, but the group name does not:
> >>>>
> >>>>$ ls -la foo
> >>>>-rw-rw-r-- 1 build Unix_Group+999 0 Feb 25 10:52 foo
> >>>>
> >>>>And this is confirmed by running getent:
> >>>>
> >>>>$ getent passwd build
> >>>>build:*:1065765:1049089:U-ISCINTERNAL\build,S-1-5-21-112145844-1872675854-1690816760-17189:/home/build:/bin/bash
> >>>>
> >>>>$ getent passwd group
> >>>>
> >>>>I've read
> >>>>https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch-gecos
> >>>>'til I'm blue in the face, and I think this should work.
> >>>>What am I missing?  How can I debug?
> >>>If your admin changed your user account to have a gidNumber 999 only,
> >>>then that won't help,  Consider:  Cygwin tries to find a group with
> >>>gidNumber set to 999.  How is it supposed to evaluate the right
> >>>gidNumber value from some arbitrary user account?
> >>>
> >>>What Cygwin needs to get the right connection between a Windows group
> >>>and a gidNumber value is that the *group* entry in AD itself has the
> >>>gidNumber set to the right value.
> >>>
> >>>I don't know if that's really the problem in your case, but that seems
> >>>the most likely.
> >>>
> >>>Please report back.  I'm excited that I'm not the only one interested
> >>>in getting this connection between unix and windows ids working :)
> >>It worked.  :)  Now I just have to persuade my admin to populate uidNumber
> >>and gidNumber for all our current and new users...
> >I'm glad to read that.  Thanks for your feedback!
> 
> If I can't get my admin to cooperate, then I have to resort to using
> mkpasswd/mkgroup -U.  But this gives output like this:
> 
> $ ls -la foo
> -rw-rw-r-- 1 Unix_User+build Unix_Group+releng 0 Feb 25 10:52 foo
> 
> Is that expected? (The Unix_User+/Unix_Group+ prefix).

Yes, that's expected.  After all, they are users different from your
Windows account, see the SIDs.  If you don't want the prefix, you can
still override this by manually dropping the prefixes, along the lines
of what you could already do in the former implementation.  Should be a
last resort, of course.  The other, better way not restricted to Cygwin
is to install Samba's winbind.  It just doesn't help for existing UNIX
accounts, afaics.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgp_tRLcZsDVB.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]