This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 1.7.34-003 (Christmas/New Year release)

On Jan 21 10:37, Corinna Vinschen wrote:
> On Jan 21 02:45, Andrey Repin wrote:
> > Sorry for the holdup, I was trying to crack it by myself.
> > But I was unsuccessful, and have to reach for help.
> > Even the most striped down configuration doesn't produce visible improvements.
> > 
> > The setup: A Win7 machine - member of a NT4-style domain. (No AD yet.)
> > Logged in as domain user with admin rights.
> > Current profile path is C:\Users\<username>.<domainname>
> > group/passwd files are moved away.
> > 
> > Contents of nsswitch.conf (the last, stripped down next to nothing attempt):
> > 
> > passwd: db
> > group: db
> > 
> > db_home: /%H
> > db_shell: /bin/sh
> > 
> > 
> > > set HOME
> > HOMEDRIVE=C:
> > HOMEPATH=\Users\anrdaemon.CCENTER
> > 
> > > getent passwd %USERNAME%
> > anrdaemon:*:1051576:1049089:U-CCENTER\anrdaemon,S-1-5-21-1031481445-3291699540-3997755762-3000:/home/anrdaemon:/bin/bash
> > 
> > If I understand it right, the /%H should always return usable value, so do
> > /bin/sh. But I can't get it to work.
> 
> Weird, really.  I just tried it again myself and it worked immediately.
> 
> What I'm doing is this:
> 
> - I'm *not* running cygserver.
> - Open a mintty.
> - Change the nsswitch.conf settings and save the file.
> - Start another mintty to observe the effect.
> 
> If cygserver is not running, every new mintty session will see the
> latest version of the nsswitch.conf file and create the passwd/group
> entries from there.
> 
> I'm wondering if that's a side effect of using a NT4 domain.  This isn't
> supported in Cygwin anymore for quite some time.  After all AD has
> replaced NT4 15 years ago.  All the LDAP calls to fetch the AD attributes
> won't work in an NT4 domain, for instance.
> 
> But even if all the calls to the DB fail, the /path scheme shouldn't be
> affected.

But it is...  I just inspected the code in CYgwin fetching the extra info
for domain accounts.  Due to the way this works - a single ldap call to
fetch all AD attributes - the evaluation only takes place after the LDAP
call was successful.  This is independent of using non-AD schemes, basically
like this:

   if (is_domain_account)
     {
       [...]
       if (cldap->fetch_ad_account ())
	 {
	   gid = posix_offset + cldap->get_primary_gid ();
	   home = cygheap->pg.get_home (cldap);
	   shell = cygheap->pg.get_shell (cldap);
	   gecos = cygheap->pg.get_gecos (cldap);
	 }

The reason here is that we have to fetch the gid value anyway, so the
code is relying on the ldap call.  The get_home(), get_shell(), get_gecos()
methods get the full content fetched from AD and only then creates the
pw_dir, pw_shell and pw_gecos values based on the content of nsswitch.conf.

So, yes, this is a direct result of not supporting NT4 domains anymore.


Sorry,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpZyM5cZxqwe.pgp
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]