X-Recipient: archive-cygwin@delorie.com
X-Spam-Check-By: sourceware.org
Date: Fri, 14 Oct 2011 10:29:32 +0200
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Problems with mkpasswd and mkgroup
Message-ID: <20111014082932.GA12878@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <CAG_2cTmSi_uOSEszfLHLy_W5u+AedYr+f0xU_+XqYczWH9cCHA@mail.gmail.com> <F76C4AF28D3313439C4ABAFF8A4C3B88200DF047@mbs01.uit.no>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <F76C4AF28D3313439C4ABAFF8A4C3B88200DF047@mbs01.uit.no>
User-Agent: Mutt/1.5.21 (2010-09-15)
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

On Oct 14 07:39, Edvardsen Kåre wrote:
> 
> > What is the contents of the "/etc/password" and "/etc/group" files
> > after you run the "mkpasswd/mkgroup" commands (as administrator)?
> 
> > What user can log in, but isn't in the password file?
> 
> > Is that user local or a domain user?
> 
> The Windows account name with FULL admin privileges is "servicekonto" and cygwin was installed from this account which is locally on this client and NOT a domain user.
> "kae026" is the user who can log in, but isn't in the password file. 
> "kae026" is a domain user.
> 
> As admnistrator:
> 
> $ mkpasswd -l -d > /etc/passwd
> mkpasswd (427): [5] Access is denied.
> [...]
> $ mkgroup -l -d > /etc/group
> mkgroup (369): [5] Access is denied.

That's kind of clue, isn't it?  You local administrator account
doesn't have the permissions to enumerate the accounts in AD.
Add the machine to the domain if you haven't done so already,
log in with a domain account and call `mkpasswd -d >> /etc/passwd'
and `mkgroup -d >> /etc/group'.  Note that, depending on the
security settings of your AD, not all domain users might have
the permissions to enumerate domain accounts.  If you login
with a domain admin account, you should have no problem, though.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple