X-Spam-Check-By: sourceware.org
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao8CAKxil0arR7PD/2dsb2JhbAA
X-IronPort-AV: i="4.16,537,1175497200";     d="scan'208"; a="8501254:sNHT59522192754"
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; 	charset="us-ascii"
Subject: RE: Non-trusted domain user causes mkpasswd and mkgroup to fail
Date: Fri, 13 Jul 2007 11:35:51 -0700
Message-ID: <70952A932255A2489522275A628B97C304C130C5@xmb-sjc-233.amer.cisco.com>
In-Reply-To: <015b01c7c567$6f21fbf0$2e08a8c0@CAM.ARTIMI.COM>
References: <015b01c7c567$6f21fbf0$2e08a8c0 AT CAM DOT ARTIMI DOT COM>
From: "Matt Seitz \(matseitz\)" <matseitz AT cisco DOT com>
To: "Dave Korn" <dave DOT korn AT artimi DOT com>, <cygwin AT cygwin DOT com>
Authentication-Results: sj-dkim-3; header.From=matseitz AT cisco DOT com; dkim=pass ( 	sig from cisco.com/sjdkim3002 verified; );
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id l6DIaU7q014211

From: Dave Korn [mailto:dave DOT korn AT artimi DOT com] 
> 
>   Let me repeat myself:
> 
> >> If you aren't
> >> logged into the domain
>    ^^^^^^^^^^^^^^^^^^^^^^
> 
>   Logging into the local machine and logging into the domain 
> are two different
> things.  When you are not logged in to the domain, it would 
> be very very wrong
> for the domain controller to send you any information about 
> the domain.[*]

Sorry, I guess I'm still not being clear.  When I did "runas /netonly
/user:machine\user" followed by "mkpasswd -d machine -u user", I was
trying to create a "passwd" entry for a user account that was local to
the server named "machine".  In other words, I was trying to access
information about the "machine\user" local user account.  I was not
trying to access information about a domain user account.

Perhaps I'm confusing things by using the example name "user" in both
cases.  Let me try restating it:

"runas /netonly /user:domain1\userA" followed by "mkpasswd -d domain1 -u
userA":  works
"runas /netonly /user:machine2\userB" followed by "mkpasswd -d machine2
-u userB":  fails

--
Matt Seitz
Manager, File System Virtualization
Cisco Systems, Inc.
.:|:.:|:.  

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/