X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; q=dns; s=default; b=hVj93Lg EqvZ0JTnwHUdHOOZtdREkTSIRrue1W7FQKsQ6uZQxxU62dtoJTn8R8ADMv2YnblC pcQa2UavalelpQd/Q9XIeOWGItdsBQfJtLTcF7+IdOOjZdPozsS8H1G3bjy9+qM0 PVF3PShiu9wZzjDMAv8u40wLs9ZycsyIU+iA= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; s=default; bh=+IxSZFGSgNqGa Wrt4Zso80RoLJU=; b=cQ5OnGj8JdMAQwvENi+KjWlt8N00WPPp9OO0AsROnP/99 xCzNlsBgUa7CtN8RJ2UphY/K93YigabNLT5oihnhnEnVTMeB1GzCDm5Blpk+kQ9a 2zT5nnA8sA/xZ2Vn1jyyyz5xm3U/1ugLsCMZKpavzITyumEAI1V+GEbsRdvMAM= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=BAYES_00,FREEMAIL_FROM,KAM_ASCII_DIVIDERS,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=no version=3.3.2 spammy=Hx-languages-length:2908, underneath, states X-HELO: mout.gmx.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com; s=dbd5af2cbaf7; t=1550264401; bh=ytoDJgW3n7l2taYvINaG803ktAJWPIWFr4eHwfPkOzw=; h=X-UI-Sender-Class:References:In-Reply-To:From:Date:Subject:To; b=DownIG0trZU3nA8xuAGpelBmr4PKocsYgCdMHKvcBGE2+20cXm9XhX5boN8YlO9Zs etbRp02Nn05bSdjnmjDHFh9f4f+LC8cidFIlcn2LcZZ6f3Fw2GBKKf0Y+n+O5pr5No SCJ6jxkxFIxe5ckJ4d+WH+fmkOKf/U3KU7zlYQA8= X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79 MIME-Version: 1.0 References: <50cba8d1-4794-8db9-d1f3-ab9476421db7 AT gmx DOT com> <20190215163817 DOT GI2702 AT calimero DOT vinschen DOT de> <20190215202936 DOT GL2702 AT calimero DOT vinschen DOT de> <20190215204326 DOT GO2702 AT calimero DOT vinschen DOT de> In-Reply-To: <20190215204326.GO2702@calimero.vinschen.de> From: Bill Stewart Date: Fri, 15 Feb 2019 13:59:46 -0700 Message-ID: Subject: Re: Windows to Cygwin username mapping: Domain before local account when duplicate name? To: cygwin AT cygwin DOT com Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes On Fri, Feb 15, 2019 at 1:43 PM Corinna Vinschen wrote: > More specific as the original text? I'm hard pressed to accomplish > that. Take note of the "domain member machine" property. I think I see the problem. The list I posted (above the one you are apparently referring to) has the search in a different order. The section that starts with "Let's discuss the SID<=>uid/gid mapping first. Here's how it works." states this order: _________________________________________________________________ * Well-known SIDs in the NT_AUTHORITY domain of the S-1-5-RID type * Other well-known SIDs in the NT_AUTHORITY domain (S-1-5-X-RID) * Other well-known SIDs * Logon SIDs * Accounts from the local machine's user DB (SAM) * Accounts from the machine's primary domain * Accounts from a trusted domain of the machine's primary domain _________________________________________________________________ In this list, local machine accounts are listed before domain accounts. Underneath that, there's a second section with examples that starts with "Now we have a semi-bijective mapping..." that has this order: _________________________________________________________________ * Well-known and builtin accounts will be named as in Windows: "SYSTEM", "LOCAL", "Medium Mandatory Level", ... * If the machine is not a domain member machine, only local accounts can be resolved into names, so for ease of use, just the account names are used as Cygwin user/group names: "corinna", "bigfoot", "None", ... * If the machine is a domain member machine, all accounts from the primary domain of the machine are mapped to Cygwin names without domain prefix: "corinna", "bigfoot", "Domain Users", ... while accounts from other domains are prepended by their domain: "DOMAIN1+corinna", "DOMAIN2+bigfoot", "DOMAIN3+Domain Users", ... * Local machine accounts of a domain member machine get a Cygwin user name the same way as accounts from another domain: The local machine name gets prepended: "MYMACHINE+corinna", "MYMACHINE+bigfoot", "MYMACHINE+None", ... * If LookupAccountSid fails, Cygwin checks the accounts against the known trusted domains. If the account is from one of the trusted domains, an artificial account name is created. It consists of the domain name, and a special name created from the account RID: _________________________________________________________________ In the second list, it says domains are first before the local machine. I was assuming the first section is an orderly sequence of searching, since that's usually how Windows works. The second section with the examples seems to be a different order, and would seems to be the order Cygwin actually uses. I was just wondering if that's by design or by accident, since it's different from the typical order. Regards, Bill -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple