Cygwin 1.5.18-1 on Windows XP group & passwd problem

Kyle S. Allender
Tue Dec 27 03:39:00 GMT 2005

Igor Peshansky wrote:
> On Fri, 23 Dec 2005, Kyle S. Allender wrote:
>> Igor Peshansky wrote:
>>>> mkpasswd -l -s > /etc/passwd
>>>               ^^
>>> At a guess, here's your problem.  This flag completely omits the SIDs
>>> from /etc/passwd.  When you omit SIDs, there is no way for Cygwin to
>>> map your user id back to Windows security mechanisms, so any attempt
>>> to use ntsec (which is on by default) will fail.  This has nothing to
>>> do with the domain.
>>> Did you mean to use "-d" instead of "-s"?
>> Well, I had actually intended to not use -d as I did want to import the
>> domain users into the file - there are well over 4000 of them, the vast
>> majority of whom I would prefer not have access to my system.
> My main point was about your using the "-s" flag -- the "-d" comment was
> just my guess for a reason you used the flag.  FWIW, you could also use
> the "-u" flag to specify the actual user you want from the domain.
>>>> mkgroup -l > /etc/group
>>>> The passwd file initially contained a pair of the lines from the
>>>> message above when run with mkpasswd -l -d > /etc/passwd, but I'm not
>>>> certain as to why.
>>> Running any Cygwin program (including mkpasswd) would probably result
>>> in the above message if the SIDs are missing.  Just rerun the command,
>>> delete the offending lines, and see if it fixes your problem.
>>> You could try confirming my guess by running "CYGWIN=nontsec bash"
>>> before regenerating /etc/passwd -- if I'm right, you shouldn't see
>>> these messages.
>> Initially, there was no change.  I actually completely removed Cygwin
>> from my system and reinstalled (using the current release, not a
>> snapshot), but the effect upon launching the Cygwin shell was the same -
>> same error message that is.  Opening an xterm with startx resulted in:
>> CreateFileandSetSecurity failed with FALSE (Expected on FAT Partitions) GLE: 32
>> CreateFileandSetSecurity failed with TRUE (not expected) GLE: 32
>> [snip]
> You said you get the same message for a bash shell?  Could you please try
> to capture the output (by opening a CMD.EXE window and typing
> "c:\cygwin\cygwin.bat")?
>> Output of a re-run of the commands is as follows:
>> kallender@nc-dm-dc141 /etc
>> $ mkpasswd -l -d > /etc/passwd
>> mkpasswd (731): [2453] Could not find domain controller for this domain.
> Hmm.  How about "mkpasswd -l -c > /etc/passwd"?
>> kallender@nc-dm-dc141 /etc
>> $ mkgroup -l > /etc/group
>> Contents of the files:
>> passwd:
>> SYSTEM:*:18:544:,S-1-5-18::
>> Administrators:*:544:544:,S-1-5-32-544::
>> Administrator:unused_by_nt/2000/xp:500:513:U-NC-DM-DC141\Administrator,S-1-5-21-1220945662-1547161642-682003330-500:/home/Administrator:/bin/bash
>> Guest:unused_by_nt/2000/xp:501:513:U-NC-DM-DC141\Guest,S-1-5-21-1220945662-1547161642-682003330-501:/home/Guest:/bin/bash
>> HelpAssistant:unused_by_nt/2000/xp:1000:513:Remote Desktop Help Assistant Account,U-NC-DM-DC141\HelpAssistant,S-1-5-21-1220945662-1547161642-682003330-1000:/home/HelpAssistant:/bin/bash
>> SUPPORT_388945a0:unused_by_nt/2000/xp:1002:513:CN=Microsoft Corporation,L=Redmond,S=Washington,C=US,U-NC-DM-DC141\SUPPORT_388945a0,S-1-5-21-1220945662-1547161642-682003330-1002:/home/SUPPORT_388945a0:/bin/bash
> I noticed that the "kallender" user is missing from /etc/passwd.
> According to the "id" output, "kallender" is definitely a domain user.
> Perhaps you need to specify the domain name explicitly (as in "mkpasswd -l
> -u kallender -d DOMAINNAME")?
>> group:
>> CreateFileandSetSecurity failed with FALSE (Expected on FAT Partitions) GLE: 32
>> CreateFileandSetSecurity failed with TRUE (not expected) GLE: 32
> Heh...  You should remove those two lines -- they may be screwing up the
> parsing of /etc/group...
>> SYSTEM:S-1-5-18:18:
>> None:S-1-5-21-1220945662-1547161642-682003330-513:513:
>> Administrators:S-1-5-32-544:544:
>> Backup Operators:S-1-5-32-551:551:
>> Guests:S-1-5-32-546:546:
>> Network Configuration Operators:S-1-5-32-556:556:
>> Power Users:S-1-5-32-547:547:
>> Remote Desktop Users:S-1-5-32-555:555:
>> Replicator:S-1-5-32-552:552:
>> Users:S-1-5-32-545:545:
>> Debugger Users:S-1-5-21-1220945662-1547161642-682003330-1003:1003:
>> HelpServicesGroup:S-1-5-21-1220945662-1547161642-682003330-1001:1001:
>> RS_Query:S-1-5-21-1220945662-1547161642-682003330-1004:1004:
>> A further clue _might_ be this:
>> kallender@nc-dm-dc141 /etc
>> $ ssh -X kylea@
>> CreateFileandSetSecurity failed with FALSE (Expected on FAT Partitions) GLE: 32
>> CreateFileandSetSecurity failed with TRUE (not expected) GLE: 32
>> The authenticity of host ' (' can't be established.
>> RSA key fingerprint is 6d:2d:77:1f:1f:41:04:96:62:f1:5c:76:16:23:b2:2b.
>> Are you sure you want to continue connecting (yes/no)? yes
>> Warning: Permanently added '' (RSA) to the list of known hosts.
>> Password:
>> CreateFileandSetSecurity failed with FALSE (Expected on FAT Partitions) GLE: 32
>> CreateFileandSetSecurity failed with TRUE (not expected) GLE: 32
>> x11_request_forwarding: bad authentication data: with
> How is this a clue?  The above is a one-time message from ssh -- using ssh
> again will not print this.
>> It is almost as if there are permissions on disk that are not correct.
>> The suggested command you provided above does not seem to have helped.
>> What could possibly be causing this?
> Looks like these messages may be caused by something in your bash
> initialization scripts.  If you get this output from a plain bash (by
> running cygwin.bat), here's a suggestion: from a CMD.EXE window, run
> cd c:\cygwin\bat
> .\bash.exe -v --login -i
> And see after what lines the messages appear.
> FWIW, I didn't find any place in the Cygwin sources that prints out the
> above message -- is it even coming from a Cygwin application?
> 	Igor

Have you any further ideas on this?  I did try installing the newer
release of bash this morning, but that has no effect - which seems to
validate my earlier though that the error was happening prior to bash's
initialisation routine's completion.

Kyle Allender
Sr. UNIX Administrator
Mediacom Communications Corporation

Unsubscribe info:
Problem reports:

More information about the Cygwin mailing list