This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Windows to Cygwin username mapping: Domain before local account when duplicate name?
- From: Bill Stewart <bstewart at iname dot com>
- To: cygwin at cygwin dot com
- Date: Fri, 15 Feb 2019 12:14:07 -0700
- Subject: Re: Windows to Cygwin username mapping: Domain before local account when duplicate name?
- References: <CANV9t=SNfgP-CA32yfPwLv2=d0F8xtpdCT4o_wwGFGE+F3SEuA@mail.gmail.com> <50cba8d1-4794-8db9-d1f3-ab9476421db7@gmx.com> <CANV9t=QQ1higAt1qeDF4fckkz_6eqQJtdhau8+uhrAvGtWUK_A@mail.gmail.com> <20190215163817.GI2702@calimero.vinschen.de>
On Fri, Feb 15, 2019 at 9:38 AM Corinna Vinschen wrote:
> There's a documented ruleset which is strictly followed
> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-how:
>From that reference, we have the following order:
* Well-known SIDs in the NT_AUTHORITY domain of the S-1-5-RID type
* Other well-known SIDs in the NT_AUTHORITY domain (S-1-5-X-RID)
* Other well-known SIDs
* Logon SIDs
* Accounts from the local machine's user DB (SAM)
* Accounts from the machine's primary domain
* Accounts from a trusted domain of the machine's primary domain
This listing suggests to me that local accounts would be returned
before domain accounts. This is sensible because you wouldn't want to
search the domain before searching the local machine first
(performance).
So the scenario I am talking about is there is testuser in local SAM,
and testuser in computer's domain.
'getend passwd testuser' returns the domain account. Based on the
above, I was expecting the local account to be returned first.
What am I missing?
Bill
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple