Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Sun, 14 Jul 2002 20:07:17 -0700
From: David MacMahon <davidm AT smartsc DOT com>
To: Cygwin <cygwin AT cygwin DOT com>
Subject: Re: cron and NT domains
Message-ID: <20020714200717.A1693@SmartSC.com>
Mail-Followup-To: Cygwin <cygwin AT cygwin DOT com>
References: <20020712091627 DOT B10982 AT cygbert DOT vinschen DOT de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.22.1i

On Fri, Jul 12, 2002 at 09:16:27AM +0200, Corinna Vinschen wrote:
> On Thu, Jul 11, 2002 at 04:48:40PM -0700, David MacMahon wrote:
> > that mkpasswd fails when listing my login domain, but when listing my
> > PC's domain.  When listing my login domain, I get a message something like
> > "mkpasswd: [5] Access is denied."  I'm not at work today, so I can't
> > verify that until tomorrow, but that's the basic concept.

I was able to verify that message.  It appears exactly as shown above.

> Are you able to request just your own account as in
> 
>   mkpasswd -g -u <yourname>?

That command produces no output.  I can run "mkpasswd -d <pc_domain>" and
get a listing of all users in <pc_domain> (which does not include me).  I
cannot run "mkpasswd -d <login_domain> -u <myname>" because I get the
above error (after it displays the "well known" accounts).

> I assume your servers are running a active directory domain?  It's
> possible that your admin(s) did restrict access to the network
> managment functionality so that could be a reason you're unable to
> get that info.

That is certianly possible.

> There are two registry keys begining with S-1-5-21-.  Use the one
> w/o the trailing "_Classes".  Use the last number as uid.

I have created my /etc/passwd and /etc/group files by hand and they work
fine for ntsec and telnet and ftp.  It is only cron that has a problem
and only cron that attempts to switch user context to my domain account
WITHOUT a password.  This is what led me to believe that this is
actually intentional behavior.  It seems to me that without this
behavior, one could easily impersonate another domain user simply by
concocting the proper /etc/passwd entry and creating a crontab job for
that user.

One other slightly odd thing is that my RID (i.e. the last number of my
SID) is greater than 65535.  So in the uid field of /etc/passwd, I have
to put (RID modulo 65536) otherwise things don't work right.  For
example, if I put the larger number (i.e. actual RID) in /etc/passwd as
my uid, doing an 'ls -l' on files I own (as shown by Win2K) doesn't show
my /etc/passwd user name in the owner column, but instead shows that the
owner's uid is the (RID modulo 65536) value.

Thanks for you thoughts,
Dave

-- 
David MacMahon, President
Smart Software Consulting
http://www.smartsc.com

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/