| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-Spam-Check-By: | sourceware.org |
| To: | cygwin AT cygwin DOT com |
| From: | Andrew DeFaria <Andrew AT DeFaria DOT com> |
| Subject: | Re: Mapping of Windows Domains? |
| Date: | Wed, 23 Jul 2008 21:31:03 -0700 |
| Lines: | 35 |
| Message-ID: | <g690i7$eam$1@ger.gmane.org> |
| References: | <C5DEB10AA328412F936E383D23016DBF AT Wampum> |
| Mime-Version: | 1.0 |
| User-Agent: | Thunderbird 2.0.0.14 (Windows/20080421) |
| In-Reply-To: | <C5DEB10AA328412F936E383D23016DBF@Wampum> |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
Ken Turner wrote: > I've posted on this problem before > (http://www.cygwin.com/ml/cygwin/2006-11/msg00568.html) but now have a > better idea of what's going wrong. (I haven't supplied "cygcheck" > output as my question > is generic.) > > Our Unix file server uses the TAS program to deliver files via SMB to > Windows clients. Up to CygWin 1.5.18-1 this worked just fine. All > versions of CygWin since then give "permission denied" when trying to > read these files. Changing CygWin options (e.g. "nontsec", "nontea", > "nosmbntsec", "notraverse") doesn't help. Trying to set domain details > in /etc/passwd doesn't help. I think the problem is that CygWin after > 1.5.18-1 got a lot stricter about checking domains when checking > permissions. > > It turns out that these files are being served up with a fake domain > name "D1" (because our Unix server isn't part of a Windows domain). > When I log in I am authenticated against a real domain "D2". As a > result, "D2\kjt" cannot access files whose permissions are set for > "D1\kjt". There doesn't seem to be any way of influencing the choice > of fake domain name "D1", so I need a client-side solution. > > Is there any way to get CygWin or Windows to map domains (e.g. to > treat "D1" as equivalent to "D2")? It's called trusts (http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/deploy/dgbe_sec_ztsn.mspx?mfr=true). You need to get the Windows administrator for D1 to establish a trust relationship with D2. Oh and you really should get the Unix admin to have the Unix system participate fully in the Windows domains scheme too. -- Andrew DeFaria <http://defaria.com> Would a fly without wings be called a walk? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |