This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: gid doesn't display correctly on SAMBA share using AD


On Feb 25 12:55, Len Giambrone wrote:
> On 02/25/2015 12:34 PM, Corinna Vinschen wrote:
> >On Feb 25 12:26, Len Giambrone wrote:
> >>$ ls -la foo
> >>-rw-rw-r-- 1 Unix_User+build Unix_Group+releng 0 Feb 25 10:52 foo
> >>
> >>Is that expected? (The Unix_User+/Unix_Group+ prefix).
> >Yes, that's expected.  After all, they are users different from your
> >Windows account, see the SIDs.
> 
> That's what I thought.
> 
> >   If you don't want the prefix, you can
> >still override this by manually dropping the prefixes, along the lines
> >of what you could already do in the former implementation.  Should be a
> >last resort, of course.
> 
> I actually tried that; I removed the Unix_User/Group+ prefix from the passwd
> entry to see if it worked.
> It did, but then I couldn't ssh in as that user:
> 
> build@wx64lg /etc
> $ cat /etc/passwd
> lgiambro:*:4278246287:99999:,S-1-22-1-56207::
> 
> build@wx64lg /etc
> $ cat /etc/group
> releng:S-1-22-2-999:4278191079:

Oh, wait.  That's not good.  If you do that you must create *two* entries
in /etc/passwd and /etc/group with the same account names, one of them
being the Windows account, the other being the UNIX account.  The order
is important, too.  The Windows account must preceed the UNIX account,
kind of like this:

  $ mkpasswd -b -c -l my-unix-machine -U corinna
  corinna:*:1049577:1049701:U-VINSCHEN\corinna,S-1-5-21-2913048732-1697188782-3448811101-1001:/home/corinna:/bin/tcsh
  Unix_User+corinna:*:4278190580:99999:,S-1-22-1-500::

Then remove the Unix_User prefix.  It's a bit fragile, that's why
other solutions are better, imho.

> >   The other, better way not restricted to Cygwin
> >is to install Samba's winbind.
> 
> We are running winbind.
> 
> >   It just doesn't help for existing UNIX
> >accounts, afaics.
> 
> I don't know how winbind works.  If it doesn't work with existing UNIX
> accounts, then when _would_ it have an effect?

I don't know exactly how winbind works either.  AFAIK it gets a range of
UNIX uid/gids, e.g 100000-200000, and then it translates any incoming
Windows SID into a Unix uid/gid in that range.  These users are handled
by winbind, but not any other, already existing users like "root" or,
fwiw, any uid/gid outside the range it maintains.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgp4sTqWeBSUb.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]