This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Having problems with sshd and user accounts? 1.3.10 appears to be broken, 1.3.9 fixed it...


On Thu, Mar 14, 2002 at 07:10:55PM +0100, Martin Bene wrote:
> Given: cygwin on a W2k Primary domain controller.
> 
> When running mkpasswd -l and mkgroup -l, you get primary group 513 in passwd, and no mention of either 513 or 10513 in group file.

Ok, I've found the reason, probably.

Basically the SID for group 513 in `-l' mode is retrieved by performing
the following action:

  1. Get the computers name.
  2. Get the SID of the computer by it's name.
  3. Append the id 513 to the computers SID.
  4. Get the name of that SID.
  5. Create the group entry with the name from 4 and the SID from 3.

Unfortunately, this doesn't work on domain controllers.  The reason is
that when the domain has been created, the SID of the computer is used
as the SID of the domain.  This means in full consequence that the
computer has *no* own SID anymore!  It's SID is exclusively used as the
SID of the domain now.  The result is that in the above step 2, when
asking for the SID of the computer, Windows returns an error 1332,
"No mapping between account names and security IDs was done." which
in turn results in not being able to retrieve the name of the local
group 513.

I've checked in a fix to mkgroup which changes the above list of actions
to:

  1. Get the computers name.
  2. Get the SID of the computer by it's name.
  3. If that fails, use the SID of the current user and strip the user's
     RID.
  4. Append the id 513 to the SID from 2 or 3.
  5. Get the name of that SID.
  6. Create the group entry with the name from 5 and the SID from 4.

I tested it on a W2K domain controller and it worked fine.  I'd like
to ask people having the problem that `mkgroup -l' doesn't print the
group 513 to test, if that patch solves that problem on their computers.

Please test mkgroup.exe from the next developers snapshot.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]