gid doesn't display correctly on SAMBA share using AD

Len Giambrone Leonard.Giambrone@intersystems.com
Wed Feb 25 17:20:00 GMT 2015 

On 02/25/2015 11:18 AM, Corinna Vinschen wrote:
> On Feb 25 11:01, Len Giambrone wrote:
>> Using the latest cygwin:
>>
>> $ cygcheck -c cygwin
>> Cygwin Package Information
>> Package              Version        Status
>> cygwin               1.7.34-6       OK
>>
>> I've asked my admin to update the uidNumber and gidNumber in AD.  He has
>> done so:
>>
>> DistinguishedName :
>> CN=build,OU=GroupAccounts,OU=Users,OU=Cambridge,DC=iscinternal,DC=com
>>
>> Enabled           : True
>>
>> gidNumber         : 999
>>
>> GivenName         : build
>>
>> Name              : build
>>
>> ObjectClass       : user
>>
>> ObjectGUID        : 0901b540-b044-437f-a167-53e1453eab94
>>
>> SamAccountName    : build
>>
>> SID               : S-1-5-21-112145844-1872675854-1690816760-17189
>>
>> Surname           :
>>
>> uidNumber         : 56191
>>
>> UserPrincipalName : build@iscinternal.com
>>
>>
>> The username displays correctly, but the group name does not:
>>
>> $ ls -la foo
>> -rw-rw-r-- 1 build Unix_Group+999 0 Feb 25 10:52 foo
>>
>> And this is confirmed by running getent:
>>
>> $ getent passwd build
>> build:*:1065765:1049089:U-ISCINTERNAL\build,S-1-5-21-112145844-1872675854-1690816760-17189:/home/build:/bin/bash
>>
>> $ getent passwd group
>>
>> I've read
>> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch-gecos
>> 'til I'm blue in the face, and I think this should work.
>> What am I missing?  How can I debug?
> If your admin changed your user account to have a gidNumber 999 only,
> then that won't help,  Consider:  Cygwin tries to find a group with
> gidNumber set to 999.  How is it supposed to evaluate the right
> gidNumber value from some arbitrary user account?
>
> What Cygwin needs to get the right connection between a Windows group
> and a gidNumber value is that the *group* entry in AD itself has the
> gidNumber set to the right value.
>
> I don't know if that's really the problem in your case, but that seems
> the most likely.
>
> Please report back.  I'm excited that I'm not the only one interested
> in getting this connection between unix and windows ids working :)
>

It worked.  :)  Now I just have to persuade my admin to populate 
uidNumber and gidNumber for all our current and new users...

> Corinna
>

-- 
-Len

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list