X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=t3colF3F/pE4ccdl2TRecsFgUN8M5MkZD/Hng5OqgACjRFHC38xOd
	gM77DK1A+AcJthm5XUzz21asdNBuJ+PgtBsDdyY9Y7VdEa3WYdUj329E6E4mQAen
	se0T6QGahLoTB5T3KrR0JnB1Bw6Vq0rBkwCBp91oCnFLB5F2QMEluU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=y4pqkRt6qkP8gph2t+xsQuzdGiI=; b=PB6hKQclbO8V53yXTdHAcTkKny2r
	tA9n9xu3W4m34tkb79YWIvwy5kZHV3DyHcFfDC0C56lpoWCliuyR4nAcrWGV45tl
	7tqPZhSsT9/PF/K1zyzyP6Y8kE92hE14W6LHV5U7aK9qCstbD9q0CnStFNGVjzkh
	DZpJEhCYXfY5PiE=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-93.9 required=5.0 tests=BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_PBL,RDNS_DYNAMIC,USER_IN_WHITELIST autolearn=no version=3.3.2 spammy=GID, emailed, SID, Trying
X-HELO: calimero.vinschen.de
Date: Wed, 9 Mar 2016 12:27:50 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: RFC2307 accounts
Message-ID: <20160309112750.GA14733@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <56DFCC21 DOT 8070506 AT studelec-sa DOT com> <56DFE973 DOT 2070406 AT maxrnd DOT com> <56DFFE26 DOT 9080705 AT studelec-sa DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="sdtB3X0nJg68CQEu"
Content-Disposition: inline
In-Reply-To: <56DFFE26.9080705@studelec-sa.com>
User-Agent: Mutt/1.5.24 (2015-08-30)

--sdtB3X0nJg68CQEu
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mar  9 11:42, Marc Rechte wrote:
> Le 09/03/2016 10:14, Mark Geisert a =C3=A9crit :
> >Marc Rechte wrote:
> >>Hello,
> >>
> >>   Trying to set RFC2307 accounts, using unix schema in
> >>/etc/nsswitch.conf.
> >[...]
> >
> >Your original post of this material was answered about 30 minutes after
> >your post.  Kindly follow up there...
> >
> >https://cygwin.com/ml/cygwin/2016-03/msg00076.html
> Sorry, I did not get that answer emailed to me (some confusion during the
> subscription).
>=20
> I am not clear with answer given by Corinna.
>=20
> The idea behind RFC2307, imho is to have a consistent UID/GID between
> systems which have joined a domain. This is what we achieved in our domai=
n,
> where a user login into whatever Linux box, gets the same uid/gid. One wo=
uld
> expect the same behaviour in cygwin (on a joined machine), wouldn't he ?

That's not the idea behind the uid/gid mapping.  You might have noticed
that "unix" is not used as a keyword in the passwd and group settings
in /etc/nsswitch.conf, only in the db_home, db_shell, and db_gecos settings.

Keep in mind that we have two mappings.  The main mapping is the mapping
between Windows SID and a computed uid/gid value used in Cygwin which
allows fast mapping in both directions.  A computed value drops the
requirement to access an LDAP server for the mapping, which is
especially bad when not using AD as mapping server.

Please read https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nfs
and https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba
again.  The RFC 2307 mapping only comes into play when reading meta
information from an NFS or Samba share.  The unix uid/gid values have to
be mapped to a Windows user (better: SID) in the first place, not to the
Cygwin uid/gid values.  The actual uid/gid values are irrelevant.  Worse,
using the RFC 2307 values might collide with other, computed uid/gid
values.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--sdtB3X0nJg68CQEu
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJW4Ai2AAoJEPU2Bp2uRE+gD2cP/idWCKHo15X6uma7AX99j0EB
vhO8k9txXZDsRuQNNImFzmQCuqyiiiOXQ1zbMhkfeT7cHULkQtM3s6jtwzzZHbp/
5KC4PgAlRhXIBKKhqeP3j61J8R5RfopD3BMPAuaUPpsi7QzacXN1PPoSu3OPh3Gm
0XCEtrS2lIunvj2ngyE4HPeiWM/IXvRq6ZZzMEa4sobhnFTRNI6WSJPu7FORGkF0
jzRPyv6dhdzmkM1GzTBFeTgz2g8C8vwdzqkBBND6A0LTWfnCCHYayJ52EdrJQzUY
/aCzSSEAalVt4mp3ob0v7yAliqaLG1s/IkMhljj1+vJt/utoB9+c/1i3hoRaC9uW
gS4y4nqo6Z2ur5uYDSRFol12Ix5StHKc//cO5+t9ig2knTqWp4VswTn88wPGlYq0
GIoA4y9IVDSyQSinA/J948r4DS8EqFrZgiLHk74fJnNkruOcg41gKEphMbCiSysV
MBynM/meqWMqQfP1m+DkixIvhh+FceiYGjHxEpgY5/LPWwIJCMJj6k/f/igP+7Et
2XXAhPd+cD+tzQaJGkD6Q418G9WtEqoUIIHqwNVDoygV2RDBtnPzSy5fjeTyPp5u
UC7Uf3QYCvqvexkwSqMUQiBRZk3XCoJd4mWnaZeVMnXCnwOfS+RMuIb89XzYFQ4D
sdpwR3TPXlD1D5lEq7iP
=YsKV
-----END PGP SIGNATURE-----

--sdtB3X0nJg68CQEu--