RFC2307 accounts

Corinna Vinschen corinna-cygwin@cygwin.com
Wed Mar 9 11:28:00 GMT 2016 

On Mar  9 11:42, Marc Rechte wrote:
> Le 09/03/2016 10:14, Mark Geisert a écrit :
> >Marc Rechte wrote:
> >>Hello,
> >>
> >>   Trying to set RFC2307 accounts, using unix schema in
> >>/etc/nsswitch.conf.
> >[...]
> >
> >Your original post of this material was answered about 30 minutes after
> >your post.  Kindly follow up there...
> >
> >https://cygwin.com/ml/cygwin/2016-03/msg00076.html
> Sorry, I did not get that answer emailed to me (some confusion during the
> subscription).
> 
> I am not clear with answer given by Corinna.
> 
> The idea behind RFC2307, imho is to have a consistent UID/GID between
> systems which have joined a domain. This is what we achieved in our domain,
> where a user login into whatever Linux box, gets the same uid/gid. One would
> expect the same behaviour in cygwin (on a joined machine), wouldn't he ?

That's not the idea behind the uid/gid mapping.  You might have noticed
that "unix" is not used as a keyword in the passwd and group settings
in /etc/nsswitch.conf, only in the db_home, db_shell, and db_gecos settings.

Keep in mind that we have two mappings.  The main mapping is the mapping
between Windows SID and a computed uid/gid value used in Cygwin which
allows fast mapping in both directions.  A computed value drops the
requirement to access an LDAP server for the mapping, which is
especially bad when not using AD as mapping server.

Please read https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nfs
and https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba
again.  The RFC 2307 mapping only comes into play when reading meta
information from an NFS or Samba share.  The unix uid/gid values have to
be mapped to a Windows user (better: SID) in the first place, not to the
Cygwin uid/gid values.  The actual uid/gid values are irrelevant.  Worse,
using the RFC 2307 values might collide with other, computed uid/gid
values.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20160309/8e54d7a6/attachment.sig>

More information about the Cygwin mailing list