Windows to Cygwin username mapping: Domain before local account when duplicate name?
Corinna Vinschen
corinna-cygwin@cygwin.com
Fri Feb 15 16:51:00 GMT 2019
On Feb 15 08:34, Bill Stewart wrote:
> On Fri, Feb 15, 2019 at 2:32 AM Sam Edge (Cygwin) wrote:
>
> > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-how explains
> > in more detail.
>
> I had already read that, and it seems to indicate that it asks the
> local machine first, but that doesn't seem to be happening when
> there's a duplication.
>
> I have a domain-joined machine, and I have a user account named
> testuser that exists on the local computer and also in the domain.
>
> 'getent passwd testuser' returns the domain account, not the local
> computer account.
>
> Hence the question.
There's a documented ruleset which is strictly followed
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-how:
Well-known and builtin accounts will be named as in Windows:
"SYSTEM", "LOCAL", "Medium Mandatory Level", ...
If the machine is not a domain member machine, only local accounts can
be resolved into names, so for ease of use, just the account names are
used as Cygwin user/group names:
"corinna", "bigfoot", "None", ...
If the machine is a domain member machine, all accounts from the
primary domain of the machine are mapped to Cygwin names without
domain prefix:
"corinna", "bigfoot", "Domain Users", ...
while accounts from other domains are prepended by their domain:
"DOMAIN1+corinna", "DOMAIN2+bigfoot", "DOMAIN3+Domain Users", ...
Local machine accounts of a domain member machine get a Cygwin user
name the same way as accounts from another domain: The local machine
name gets prepended:
"MYMACHINE+corinna", "MYMACHINE+bigfoot", "MYMACHINE+None", ...
If LookupAccountSid fails, Cygwin checks the accounts against the
known trusted domains. If the account is from one of the trusted
domains, an artificial account name is created. It consists of the
domain name, and a special name created from the account RID:
"MY_DOM+User(1234)", "MY_DOM+Group(5678)"
Otherwise we know nothing about this SID, so it will be mapped to the
fake accounts Unknown+User/Unknown+Group with uid/gid -1
HTH,
Corinna
--
Corinna Vinschen
Cygwin Maintainer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20190215/b77a28e8/attachment.sig>
More information about the Cygwin
mailing list