X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-1.6 required=5.0	tests=AWL,BAYES_00,RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Message-ID: <4E2BE957.5010309@tlinx.org>
Date: Sun, 24 Jul 2011 02:43:51 -0700
From: Linda Walsh <cygwin AT tlinx DOT org>
Reply-To: Linda Walsh <cygwin AT tlinx DOT org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.24) Gecko/20100228 Thunderbird/2.0.0.24 Mnenhy/0.7.6.666
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: I'm confused, ... domain vs. local account mappings (why diffs, how to control mappings?)
References: <4E28FEDC DOT 5080306 AT tlinx DOT org> <20110722071655 DOT GZ15150 AT calimero DOT vinschen DOT de>
In-Reply-To: <20110722071655.GZ15150@calimero.vinschen.de>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Corinna Vinschen wrote:
> On Jul 21 21:38, Linda Walsh wrote:
>> 1) local user 'law', 'root' and 'guest' are all in '513'
>> Sid  "S-1-5-21----513" is a "well known sid" for 'Domain Users'
>> (why it shows up as a group labeled 'non' with my local
>> computers id in the computer part, is confusing.
> 
> It's confusing?  It's Windows!  Every local SAM has a default group with
> RID 513, the name  of that group is even (badly) localized.  "None" in
> English, "Kein" in German, "Aucun" in French, etc.
---
	Yeah...it's windows...that and my samba install is still
screwy -- just different screwy.  I mean before, cygwin couldn't talk
to it at all, (that was the "local device has failed message" (or similar)),
now it contacts it, but it has inconsistent and incomplete information.

	So now, it better and worse at the same time!...joy...



>> 2) 'law' is in 'lawgroup' (one good thing!)
>> But Domain user 'root' is in group 10513, which is sorta 'broken'
>> like the local users mapping to 513.  It probably should have
>> mapped to '10512'?
> 
> Nope.  All users' primary group is "None" or "Domain Users", even for
> admins.
-----
	Nep.
	Not in the domain.   Both were != None in my listing.

	Maybe not supposed to be that way, Dunno, but domain-law was
in correct group, (lawgroup), though domain-root was in a non-existent group
(but isn't that way on the the server!)...   Actually everything
was coherent except cygwin coudln't talk to the server, but all the UID's
matched up in win, and w/file sharing/permissions/acl's, even setting
'priviledges' via the domain controller, and not by putting in a domain-admin
group...  was all cool, then I upgraded (?) to 3.6, .. they rehashed the
ID number system again, so my unix uid-> nt-sid db is FUBAR'ed


> 
>> 3) Why 2 Backup Operators? -- Backup Operators mapping
>> correctly from Sid S---551->551.
>>   but 'builtin\backup operators, (also 512, mapping to a different
>> domain-mapped UID on the local machine).
> 
> One hes been returned by the local SAM group listing function,
> one by the domain group listing function.  For all practical
> purposes it's the same group.  You should not call `mkgroup -l' and then
> `mkgroup -D'.  Call `mkgroup -l -D' in one go and the confusing double 
> groups will disappear.
----
	It didn't.... there were actually '3',
Two that did merge, 'backup operators' -- both mapped to a well-known-SID,
but the one with the 'oddname' 'BUILTIN/backup operators' is still the odd
guy out.

	I'm sure I need to fix or rebuild my uid db on the server. I'm
guessing it's pretty well hosed.  I will probably drop back to 3.5.x, since,
there've been lots of problems with 3.6 in performance -- especially AV
performance.  Before, explorer used 'share' the net connect more, but with
SMB2, it hogs it, and AV drops out horribly.

	Tried all sorts of buffer reducing, and even turning on QOS..no
luck yet, but maybe all the authentication probs are causing excess
bandwidth probs...dunno.

Anyway  Thanks VERY MUCH for the response -- it made it more clear about
how I should be using the program (for some reason I always thought I
had to merge them -- )...  ;-)...

Thanks,
Linda

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple