Mail Archives: cygwin/2018/04/22/03:26:03

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2018/04/22/03:26:03

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:to:subject:references:date:in-reply-to

:message-id:mime-version:content-type; q=dns; s=default; b=KAhOz

frl1R1R08kvXY2tdJcCk/5CAlA5M+zsv7NWOfNyk35eT9NAfpiU2iM6n8aiTKoJh

1WUPqsG3gVwZTa9Y1dSb/wdWirxVFE4uprZEdxv02KeON9CMNjui6kMLjFjtwQq0

gy6hGZMRzeMrxeTDnUJrBHXaTh3+4EwGquoklY=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:to:subject:references:date:in-reply-to

:message-id:mime-version:content-type; s=default; bh=WnkKWbiUFC3

zBrYSUsP5gU4Q9WU=; b=cM86fmKDKZBNjhF4tp5WTsTHxKRghZvnKQACF8nuPIW

onc5+FTc7yvs2JxJ5CypBiuqKzHAIlXqphUtHcW76kA+cHUujyfhSjKXbZ4zNV6g

hoUcC4IYlqlfqolrEGU5Q9cG+EVs0J/grdoDzlxLNW/F5xU23kiMyo00HSrAhsZI

=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=validity, replicated, audience, forest

X-HELO: vsmx009.vodafonemail.xion.oxcs.net

From: Achim Gratz <Stromeko AT nexgo DOT de>

To: cygwin AT cygwin DOT com

Subject: Re: [Bug] File permissions across domains

References: <874lkjt3dw DOT fsf AT Rainer DOT invalid> <20180411070312 DOT GK29703 AT calimero DOT vinschen DOT de> <20180411093443 DOT GM29703 AT calimero DOT vinschen DOT de> <87r2nlwtln DOT fsf AT Rainer DOT invalid> <20180412073805 DOT GS29703 AT calimero DOT vinschen DOT de> <87bmeo8cc7 DOT fsf AT Rainer DOT invalid> <20180413122959 DOT GB27440 AT calimero DOT vinschen DOT de> <87sh7y52fe DOT fsf AT Rainer DOT invalid>

Date: Sun, 22 Apr 2018 09:25:42 +0200

In-Reply-To: <87sh7y52fe.fsf@Rainer.invalid> (Achim Gratz's message of "Fri, 13 Apr 2018 21:31:01 +0200")

Message-ID: <878t9f66tl.fsf@Rainer.invalid>

User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)

MIME-Version: 1.0

X-VADE-STATUS: LEGIT

Achim Gratz writes:
>> I don't understand what you're trying to say here.  Are there
>> differences or not?
>
> You're on to something.  I have over 500 groups in my token in the old
> domain, but only half of those end up in the token when I'm logged in on
> the machine in the new domain (at least as far as Cygwin is concerned as
> obviously I can still access the files when I'm actually trying).  I
> scheduled an audience with one of the AD guys some time next week, he
> thinks he can explain why that happens and hopefully it's something that
> can be fixed on the AD side.

Here's what I understood of that: The problem was how the group that was
supposed to give me access was set up in AD a long time ago.  Apparently
when you have an AD forest or a federation you can separately flag if
the groups are visible or valid outside the defining domain and it had
been set up to have restricted validity, while still being visible in
all domains.  Only when both these flags are set will the group actually
be in your AuthZ token ("universal group").  Actual file access still
worked since the access was checked on the file server which was in the
"home" domain.  So, the group got converted to a universal one and the
problem went away after that change had replicated to all DC.

Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptation for Waldorf Blofeld V1.15B11:
http://Synth.Stromeko.net/Downloads.html#WaldorfSDada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; q=dns; s=default; b=KAhOz
	frl1R1R08kvXY2tdJcCk/5CAlA5M+zsv7NWOfNyk35eT9NAfpiU2iM6n8aiTKoJh
	1WUPqsG3gVwZTa9Y1dSb/wdWirxVFE4uprZEdxv02KeON9CMNjui6kMLjFjtwQq0
	gy6hGZMRzeMrxeTDnUJrBHXaTh3+4EwGquoklY=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; s=default; bh=WnkKWbiUFC3
	zBrYSUsP5gU4Q9WU=; b=cM86fmKDKZBNjhF4tp5WTsTHxKRghZvnKQACF8nuPIW
	onc5+FTc7yvs2JxJ5CypBiuqKzHAIlXqphUtHcW76kA+cHUujyfhSjKXbZ4zNV6g
	hoUcC4IYlqlfqolrEGU5Q9cG+EVs0J/grdoDzlxLNW/F5xU23kiMyo00HSrAhsZI
	=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.9 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=validity, replicated, audience, forest
X-HELO:	vsmx009.vodafonemail.xion.oxcs.net
From:	Achim Gratz <Stromeko AT nexgo DOT de>
To:	cygwin AT cygwin DOT com
Subject:	Re: [Bug] File permissions across domains
References:	<874lkjt3dw DOT fsf AT Rainer DOT invalid> <20180411070312 DOT GK29703 AT calimero DOT vinschen DOT de> <20180411093443 DOT GM29703 AT calimero DOT vinschen DOT de> <87r2nlwtln DOT fsf AT Rainer DOT invalid> <20180412073805 DOT GS29703 AT calimero DOT vinschen DOT de> <87bmeo8cc7 DOT fsf AT Rainer DOT invalid> <20180413122959 DOT GB27440 AT calimero DOT vinschen DOT de> <87sh7y52fe DOT fsf AT Rainer DOT invalid>
Date:	Sun, 22 Apr 2018 09:25:42 +0200
In-Reply-To:	<87sh7y52fe.fsf@Rainer.invalid> (Achim Gratz's message of "Fri, 13 Apr 2018 21:31:01 +0200")
Message-ID:	<878t9f66tl.fsf@Rainer.invalid>
User-Agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
MIME-Version:	1.0
X-VADE-STATUS:	LEGIT