Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Mon, 22 Jul 2002 10:53:36 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: Fwd: Re: cron and NT domains Message-ID: <20020722105336.Y6932@cygbert.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <20020719103925 DOT G6932 AT cygbert DOT vinschen DOT de> <20020721113030 DOT A1686 AT SmartSC DOT com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020721113030.A1686@SmartSC.com> User-Agent: Mutt/1.3.22.1i On Sun, Jul 21, 2002 at 11:30:30AM -0700, David MacMahon wrote: > After reading your reply, I gave the local user the > "Create a token object" privilege. That changed the 1300 error to 1326, Don't do this. It's a dangerous privilege. Let SYSTEM handle that except you really know what you're doing. E. g. using a special user for that purpose which has specific rights... > When running sshd as SYSTEM, I get these errors: 1308, 5, 1326. Error > 5 is "Access Denied". Here is the relevant excerpt from strace... > [...] > 521384 17135790 [main] sshd 1968 seterrno_from_win_error: /netrel/src/cygwin-1.3.12-2/winsup/cygwin/security.cc:297 windows error 5 > 203 17135993 [main] sshd 1968 geterrno_from_win_error: windows error 5 == errno 13 This looks exactly like the problem I told you. You probably don't have permissions to get the group information of a domain user. See the remarks section in http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netmgmt/ntlmapi2_10xf.asp and ask your sysadmin. > One interesting thing, however, is that mkpasswd doesn't handle RIDs > > 65535 too well... > > DM2328:unused_by_nt/2000/xp:213147:10513:DM2328,U-DOMAIN\DM2328,S-1-5-21-DDD > -203147://NTSRV/DM2328$:/bin/bash > > With this passwd entry, the uid gets set to 16539, which is (213147 % > 0x10000L), but there is no uid-to-username mapping for uid 16539 so > things like 'id' and 'ls -l' show only the numeric value for uid (i.e. > 16539). IMHO, until uids are 32 bits, mkpasswd should be changed to use > ((RID+offset) % 0x10000L) as the uid. It will (still) have conflicts if > two users' RIDs differ by a multiple of 65536, but that conflict exists > with the current mkpasswd (it's just not so apparent). > > It would also be nice if mkpasswd could detect the incorrect (though > intuituve, IMHO) syntax that I had been using and print a more > meaningful error message. Patches gratefully accepted, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT cygwin DOT com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/