I'm confused, ... domain vs. local account mappings (why diffs, how to control mappings?)
Sun Jul 24 09:44:00 GMT 2011
Corinna Vinschen wrote:
> On Jul 21 21:38, Linda Walsh wrote:
>> 1) local user 'law', 'root' and 'guest' are all in '513'
>> Sid "S-1-5-21----513" is a "well known sid" for 'Domain Users'
>> (why it shows up as a group labeled 'non' with my local
>> computers id in the computer part, is confusing.
> It's confusing? It's Windows! Every local SAM has a default group with
> RID 513, the name of that group is even (badly) localized. "None" in
> English, "Kein" in German, "Aucun" in French, etc.
Yeah...it's windows...that and my samba install is still
screwy -- just different screwy. I mean before, cygwin couldn't talk
to it at all, (that was the "local device has failed message" (or similar)),
now it contacts it, but it has inconsistent and incomplete information.
So now, it better and worse at the same time!...joy...
>> 2) 'law' is in 'lawgroup' (one good thing!)
>> But Domain user 'root' is in group 10513, which is sorta 'broken'
>> like the local users mapping to 513. It probably should have
>> mapped to '10512'?
> Nope. All users' primary group is "None" or "Domain Users", even for
Not in the domain. Both were != None in my listing.
Maybe not supposed to be that way, Dunno, but domain-law was
in correct group, (lawgroup), though domain-root was in a non-existent group
(but isn't that way on the the server!)... Actually everything
was coherent except cygwin coudln't talk to the server, but all the UID's
matched up in win, and w/file sharing/permissions/acl's, even setting
'priviledges' via the domain controller, and not by putting in a domain-admin
group... was all cool, then I upgraded (?) to 3.6, .. they rehashed the
ID number system again, so my unix uid-> nt-sid db is FUBAR'ed
>> 3) Why 2 Backup Operators? -- Backup Operators mapping
>> correctly from Sid S---551->551.
>> but 'builtin\backup operators, (also 512, mapping to a different
>> domain-mapped UID on the local machine).
> One hes been returned by the local SAM group listing function,
> one by the domain group listing function. For all practical
> purposes it's the same group. You should not call `mkgroup -l' and then
> `mkgroup -D'. Call `mkgroup -l -D' in one go and the confusing double
> groups will disappear.
It didn't.... there were actually '3',
Two that did merge, 'backup operators' -- both mapped to a well-known-SID,
but the one with the 'oddname' 'BUILTIN/backup operators' is still the odd
I'm sure I need to fix or rebuild my uid db on the server. I'm
guessing it's pretty well hosed. I will probably drop back to 3.5.x, since,
there've been lots of problems with 3.6 in performance -- especially AV
performance. Before, explorer used 'share' the net connect more, but with
SMB2, it hogs it, and AV drops out horribly.
Tried all sorts of buffer reducing, and even turning on QOS..no
luck yet, but maybe all the authentication probs are causing excess
Anyway Thanks VERY MUCH for the response -- it made it more clear about
how I should be using the program (for some reason I always thought I
had to merge them -- )... ;-)...
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin