X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:subject:from:to:mime-version:content-type :content-transfer-encoding:message-id; q=dns; s=default; b=Th4f4 KDHDjO25+87fzWL4KsUbSzFJ4JOjkFTnts83O9aSKFMcP0pGp9ZsLsSECgoAo1uo GJzdpgaW1pS2olXu3+lbh/wY3cWS/RMbTIx+KKjIn3JK42HncDk53lYK7kB6Sbcj 6KlhxbNqRbkKp4vfNbCiZ9BqA4g7bAKCp8g9co= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:subject:from:to:mime-version:content-type :content-transfer-encoding:message-id; s=default; bh=5Fwl2pyV2Xf l9FbEfe03x1zyAFM=; b=SbiRd1TtDYxhYSyLnsto2OfrU5psj4Bhjfv0dAr9Swt dybz1Fx5ZI6gGgrl+t5PvzO8irUN4tnBB/uNZ5ek8MgDB6v5E6iPQpjLBuD6+ZkS GLdzSwNOehW+mSWvR5YLYSxNcAqeFvdSadChvloVEW2oo6vzSRjjNpsfY3Wgbxls = Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.6 required=5.0 tests=BAYES_50,KAM_ASCII_DIVIDERS,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=station, 15th, shut, Qualified X-HELO: smtp66.iad3a.emailsrvr.com X-SMTPDoctor-Processed: csmtpprox beta X-Sender-Id: rmora AT aboutgolf DOT com Date: Tue, 2 Aug 2016 12:54:30 -0400 (EDT) Subject: Re: /dev/ptmx fails with Azure accounts From: "rmora AT aboutgolf DOT com" To: cygwin AT cygwin DOT com MIME-Version: 1.0 Content-Type: text/plain;charset=UTF-8 X-Type: plain X-Auth-ID: rmora AT aboutgolf DOT com Message-ID: <1470156870.684316691@apps.rackspace.com> X-IsSubscribed: yes Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id u72GstoP015572 [I'm so sorry I'm messing up the mailing list by not replying to the proper email.... I only just got it through my thick skull now to subscribe to the mailing list. I think my brain is on vacation already....] Unfortunately your prediction was correct - RunAs Administrator CMD gives this: C:\WINDOWS\system32>whoami azuread\russellmora C:\WINDOWS\system32>whoami /all USER INFORMATION ---------------- User Name SID =================== =================================================== azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282 GROUP INFORMATION ----------------- Group Name Type SID Attributes ========================================= ================ ==================================================== =============================================================== Mandatory Label\High Mandatory Level Label S-1-16-12288 Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36 Mandatory group, Enabled by default, Enabled group PRIVILEGES INFORMATION ---------------------- Privilege Name Description State =============================== ========================================= ======== SeLockMemoryPrivilege Lock pages in memory Disabled SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled SeSecurityPrivilege Manage auditing and security log Disabled SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled SeLoadDriverPrivilege Load and unload device drivers Disabled SeSystemProfilePrivilege Profile system performance Disabled SeSystemtimePrivilege Change the system time Disabled SeProfileSingleProcessPrivilege Profile single process Disabled SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled SeCreatePagefilePrivilege Create a pagefile Disabled SeBackupPrivilege Back up files and directories Disabled SeRestorePrivilege Restore files and directories Disabled SeShutdownPrivilege Shut down the system Disabled SeDebugPrivilege Debug programs Disabled SeSystemEnvironmentPrivilege Modify firmware environment values Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled SeUndockPrivilege Remove computer from docking station Disabled SeManageVolumePrivilege Perform volume maintenance tasks Disabled SeImpersonatePrivilege Impersonate a client after authentication Enabled SeCreateGlobalPrivilege Create global objects Enabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled SeCreateSymbolicLinkPrivilege Create symbolic links Disabled C:\WINDOWS\system32> -----Original Message----- From: "rmora AT aboutgolf DOT com" Sent: Tuesday, August 2, 2016 11:44 To: corinna-cygwin AT cygwin DOT com, cygwin AT cygwin DOT com Cc: towo AT towo DOT net Subject: Re: /dev/ptmx fails with Azure accounts Though I am going on vacation in a couple of days until the 15th.... C:\Users\RussellMora>whoami azuread\russellmora C:\Users\RussellMora>whoami /fqdn ERROR: Unable to get Fully Qualified Distinguished Name (FQDN) as the current logged-on user is not a domain user. C:\Users\RussellMora>whoami /all USER INFORMATION ---------------- User Name SID =================== =================================================== azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282 GROUP INFORMATION ----------------- Group Name Type SID Attributes ========================================= ================ ==================================================== ================================================== Mandatory Label\Medium Mandatory Level Label S-1-16-8192 Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny only BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36 Mandatory group, Enabled by default, Enabled group PRIVILEGES INFORMATION ---------------------- Privilege Name Description State ============================= ==================================== ======== SeShutdownPrivilege Shut down the system Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeUndockPrivilege Remove computer from docking station Disabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled C:\Users\RussellMora> On Aug 1 22:24, Thomas Wolff wrote: > For Azure Domain users (and I do not really know what that means), > pts handling does not seem to work, at least not for mintty, where forkpt= y() > fails. > Please check https://github.com/mintty/mintty/issues/563 for a discussion, > and my comment > https://github.com/mintty/mintty/issues/563#issuecomment-235310199 >=20 > Also, there has been a similar report here: > https://sourceware.org/ml/cygwin/2016-02/msg00046.html >=20 > I have no idea how to establish a working startup of mintty for those use= rs. The problem here is that it's impossible to generate access permissions for the pty with those weird accounts. I like it how Microsoft screws up otherwise working software with this strange domain handling. To fix this we have to be able to come up with a working user and group account for these cases. For that I need at least output from `whoami /all'. I wonder why supposedly nobody tried that after /fqdn didn't work. This may be fixable by somebody with such an account and willing to hack on the Cygwin function pwdgrp::fetch_account_from_windows(). There's already some code for the so-called "Windows accounts" which seem to work in a similar fashion (albeit in this case the user has a local account SID). Alternatively I need at least a guinea pig with such an account, Corinna -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple