X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-1.7 required=5.0	tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RP_MATCHES_RCVD,TW_MK
X-Spam-Check-By: sourceware.org
X-DKIM: Sendmail DKIM Filter v2.8.3 mux1.uit.no p9H8OfRQ086958
Message-ID: <1318839873.3370.14.camel@kare-desktop>
Subject: Re: Problems with mkpasswd and mkgroup
From: =?ISO-8859-1?Q?K=E5re?= Edvardsen <kare DOT edvardsen AT uit DOT no>
Reply-To: <kare DOT edvardsen AT uit DOT no>
To: <cygwin AT cygwin DOT com>
CC: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
Date: Mon, 17 Oct 2011 10:24:33 +0200
In-Reply-To: <20111014082932.GA12878@calimero.vinschen.de>
References: <20111014082932 DOT GA12878 AT calimero DOT vinschen DOT de>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On fr., 2011-10-14 at 10:29 +0200, Corinna Vinschen wrote:
> On Oct 14 07:39, Edvardsen Kåre wrote:
> > 
> > > What is the contents of the "/etc/password" and "/etc/group" files
> > > after you run the "mkpasswd/mkgroup" commands (as administrator)?
> > 
> > > What user can log in, but isn't in the password file?
> > 
> > > Is that user local or a domain user?
> > 
> > The Windows account name with FULL admin privileges is "servicekonto" and cygwin was installed from this account which is locally on this client and NOT a domain user.
> > "kae026" is the user who can log in, but isn't in the password file. 
> > "kae026" is a domain user.
> > 
> > As admnistrator:
> > 
> > $ mkpasswd -l -d > /etc/passwd
> > mkpasswd (427): [5] Access is denied.
> > [...]
> > $ mkgroup -l -d > /etc/group
> > mkgroup (369): [5] Access is denied.
> 
> That's kind of clue, isn't it?  You local administrator account
> doesn't have the permissions to enumerate the accounts in AD.
> Add the machine to the domain if you haven't done so already,
> log in with a domain account and call `mkpasswd -d >> /etc/passwd'
> and `mkgroup -d >> /etc/group'.  Note that, depending on the
> security settings of your AD, not all domain users might have
> the permissions to enumerate domain accounts.  If you login
> with a domain admin account, you should have no problem, though.
> 
> 
> Corinna
> 

What does it mean to enumerate an account in AD? (or what happens?)

I guess it's a bad circle if my local admin account doesn't have the
permissions to enumerate the accounts in AD , and my domain account
doesn't have the permissions to install cygwin on the machine...if I
understand this right?

Kåre


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple