I'm confused, ... domain vs. local account mappings (why diffs, how to control mappings?)

Linda Walsh cygwin@tlinx.org
Sun Jul 24 09:44:00 GMT 2011

Corinna Vinschen wrote:
> On Jul 21 21:38, Linda Walsh wrote:
>> 1) local user 'law', 'root' and 'guest' are all in '513'
>> Sid  "S-1-5-21----513" is a "well known sid" for 'Domain Users'
>> (why it shows up as a group labeled 'non' with my local
>> computers id in the computer part, is confusing.
> It's confusing?  It's Windows!  Every local SAM has a default group with
> RID 513, the name  of that group is even (badly) localized.  "None" in
> English, "Kein" in German, "Aucun" in French, etc.
	Yeah...it's windows...that and my samba install is still
screwy -- just different screwy.  I mean before, cygwin couldn't talk
to it at all, (that was the "local device has failed message" (or similar)),
now it contacts it, but it has inconsistent and incomplete information.

	So now, it better and worse at the same time!...joy...

>> 2) 'law' is in 'lawgroup' (one good thing!)
>> But Domain user 'root' is in group 10513, which is sorta 'broken'
>> like the local users mapping to 513.  It probably should have
>> mapped to '10512'?
> Nope.  All users' primary group is "None" or "Domain Users", even for
> admins.
	Not in the domain.   Both were != None in my listing.

	Maybe not supposed to be that way, Dunno, but domain-law was
in correct group, (lawgroup), though domain-root was in a non-existent group
(but isn't that way on the the server!)...   Actually everything
was coherent except cygwin coudln't talk to the server, but all the UID's
matched up in win, and w/file sharing/permissions/acl's, even setting
'priviledges' via the domain controller, and not by putting in a domain-admin
group...  was all cool, then I upgraded (?) to 3.6, .. they rehashed the
ID number system again, so my unix uid-> nt-sid db is FUBAR'ed

>> 3) Why 2 Backup Operators? -- Backup Operators mapping
>> correctly from Sid S---551->551.
>>   but 'builtin\backup operators, (also 512, mapping to a different
>> domain-mapped UID on the local machine).
> One hes been returned by the local SAM group listing function,
> one by the domain group listing function.  For all practical
> purposes it's the same group.  You should not call `mkgroup -l' and then
> `mkgroup -D'.  Call `mkgroup -l -D' in one go and the confusing double 
> groups will disappear.
	It didn't.... there were actually '3',
Two that did merge, 'backup operators' -- both mapped to a well-known-SID,
but the one with the 'oddname' 'BUILTIN/backup operators' is still the odd
guy out.

	I'm sure I need to fix or rebuild my uid db on the server. I'm
guessing it's pretty well hosed.  I will probably drop back to 3.5.x, since,
there've been lots of problems with 3.6 in performance -- especially AV
performance.  Before, explorer used 'share' the net connect more, but with
SMB2, it hogs it, and AV drops out horribly.

	Tried all sorts of buffer reducing, and even turning on QOS..no
luck yet, but maybe all the authentication probs are causing excess
bandwidth probs...dunno.

Anyway  Thanks VERY MUCH for the response -- it made it more clear about
how I should be using the program (for some reason I always thought I
had to merge them -- )...  ;-)...


Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list