Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Thu, 14 Mar 2002 21:50:59 +0100
From: Corinna Vinschen <cygwin AT cygwin DOT com>
To: cygwin <cygwin AT cygwin DOT com>
Subject: Re: Having problems with sshd and user accounts?  1.3.10 appears to be broken, 1.3.9 fixed it...
Message-ID: <20020314215059.A31148@cygbert.vinschen.de>
Mail-Followup-To: cygwin <cygwin AT cygwin DOT com>
References: <D143FBF049570C4BB99D962DC25FC2D203B91B AT freedom DOT icomedias DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <D143FBF049570C4BB99D962DC25FC2D203B91B@freedom.icomedias.com>
User-Agent: Mutt/1.3.22.1i

On Thu, Mar 14, 2002 at 07:10:55PM +0100, Martin Bene wrote:
> Given: cygwin on a W2k Primary domain controller.
> 
> When running mkpasswd -l and mkgroup -l, you get primary group 513 in passwd, and no mention of either 513 or 10513 in group file.

Ok, I've found the reason, probably.

Basically the SID for group 513 in `-l' mode is retrieved by performing
the following action:

  1. Get the computers name.
  2. Get the SID of the computer by it's name.
  3. Append the id 513 to the computers SID.
  4. Get the name of that SID.
  5. Create the group entry with the name from 4 and the SID from 3.

Unfortunately, this doesn't work on domain controllers.  The reason is
that when the domain has been created, the SID of the computer is used
as the SID of the domain.  This means in full consequence that the
computer has *no* own SID anymore!  It's SID is exclusively used as the
SID of the domain now.  The result is that in the above step 2, when
asking for the SID of the computer, Windows returns an error 1332,
"No mapping between account names and security IDs was done." which
in turn results in not being able to retrieve the name of the local
group 513.

I've checked in a fix to mkgroup which changes the above list of actions
to:

  1. Get the computers name.
  2. Get the SID of the computer by it's name.
  3. If that fails, use the SID of the current user and strip the user's
     RID.
  4. Append the id 513 to the SID from 2 or 3.
  5. Get the name of that SID.
  6. Create the group entry with the name from 5 and the SID from 4.

I tested it on a W2K domain controller and it worked fine.  I'd like
to ask people having the problem that `mkgroup -l' doesn't print the
group 513 to test, if that patch solves that problem on their computers.

Please test mkgroup.exe from the next developers snapshot.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/