This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Unknown+User Unix_Group+505 on smb shares in a domian

On Sun, Oct 02, 2016 at 04:43:42PM -0700, Linda Walsh wrote:
> Wayne Porter wrote:
> > > 	Essentially you have a bunch of users on different machines that aren't
> > > sharing their files under any common (or shared) security authority
> > > (like a single domain).  Until you persuade the owners of those linux machines
> > > to move the linux machines under a common security authority (like a windows
> > > domain) and moving the user accounts into the domain.  Each local account
> > > would have to be moved to a domain account with the files under each
> > > machine-local account being moved (or "chown'ed") to the new, corresponding
> > > domain account).
> > 
> > The shares are mapped and working just fine in Windows. To IT, there isn't
> > anything that needs to be done. It just happens that Cygwin, which I'm the only
> > one using, maps the Windows mapped drives to an unknown user account and makes
> > using it difficult.
> ---
> 	Working in windows where?  What does "working just fine in Windows" mean?
> That people in explorer on your machine have read+write access to the linux-shares?
> 	Or do you have domain access to the machines running Windows?
> Are those machine in your Domain or are they outside your domain like the linux
> machines?

If I open the W:\ drive in Windows, I have full read/write access. This
is established via NET USE commands at boot. Then when I open Cygwin and
navigate to the same location, which has been mapped by Cygwin to
/cygdrive/w/ the user permissions appear as in my first email. Even
though it says I have read-only access, I have full read/write ability.

> > 
> > > 	This is an organizational problem that has nothing to do with
> > > cygwin, but whether windows and linux machines are using domain or machine-local
> > > security.  Until your linux machines and their local user become part of the
> > > domain, you can't expect any "write" privileges granted to you under the
> > > domain to work on the linux machines.
> > > 
> > 
> > I have write permissions on those machines from Windows. Cygwin thinks I don't so
> > files are opened in read-only mode but when I force them to be written, it works.
> > I'm not sure if maybe I left this out of my initial information, but these are
> > shares that are mapped in Windows on login and there are no issues there, but once
> > I open Cygwin, I don't appear to have write access even though I do.
> ---
> 	If you have write access, then you are saying the permission are not displaying
> properly in Cygwin.  So do you have the same, *actual* access in Cygwin as
> windows (ignoring what permissions may be displayed)?  It could be that you
> have domain-admin
> access and are overriding listed permissions on remote machines.  If it's the case
> that your user doesn't have R+W access, but you are a domain admin, you might just
> be overriding the write-restrictions in windows as well as cygwin.

Yes, I have the same permissions, Cygwin is just displaying the wrong

> > When mapping the drives in Windows, a username and password are given. Is there no
> > way to let Cygwin know about that username without joining the servers to the domain?
> > I know that this setup isn't ideal, which is why I'm trying to find a work-around.
> ---
> 	Bingo!  You need to try something like
> "runas [alternate credentials + alternate password] net use W: ..."
> That might work... but is really icky, since you can't easily automate that
> without storing the password in clear-text in some file in your profile... that's
> not a good solution.

There are many things currently wrong with our setup and passwords in
clear-text wouldn't be anything out of the ordinary, I'm afraid. The
script that maps these shares with NET USE already have them in it and
load on boot, so I just need to adjust them to use "runas" instead of
the current way, which is just to specify the username and password in
the command? If you look at the info I provided in my first message, the
NET USE script I use is there, with the username and passwords redacted.

Attachment: signature.asc
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]