This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: Some domain groups not found by 'mkgroup --domain'

OK, I think I've figured this out. We use a tool called "Microsoft User Manager
for Domains" to manage domain user and group accounts. That tool has the
ability to add what it calls a "global" or a "local" group. It turns out that a
"local" group means a group that is local to the domain controller. I wrote
some code to query the domain controller for its list of groups, and sure
enough, all the groups that are missing (from my point of view) from 'mkgroup
-l' and 'mkgroup -d' show up when I use NetLocalGroupEnum and pass it the name
of the domain controller as the server.

Here's the problem that precipitated this question. When I write files to a
shared directory on that controller using cygwin tools, the permissions all
seem to be ---------- on those files. My domain user account is a member of one
of those "local" accounts on the domain controller. I thought that if I added
those group definitions into /etc/group, the problem might be alleviated, at
least somewhat.

Does that make any sense?

Rick Rankin
--- Corinna Vinschen <> wrote:
> Rick Rankin wrote:
> > 
> > I'm not sure exactly how to provide an example -- the situation simply
> exists.
> > However, I've been poking around in the MSDN documentation, and I've found
> some
> > [...]
> To keep it simple:
> Each NT/W2K machine has local groups. A local group is only valid
> on the local machine. They are retrieved by the function
> `NetLocalGroupEnum' or in a Cygwin environment on the command line by
> `mkpasswd -g' or `mkgroup -l'.
> A domain is a domain is a domain. A domain has domain groups which
> are sometimes named `global groups' by the Microsoft documentation.
> These groups are retrieved by the function `NetGroupEnum' or on
> the command line by `mkgroup -d DOMAIN'. If you don't give a domain
> name, the default domain is used.
> Domain (or global) groups may be member of local groups while
> domain groups may only have users as members.
> There's another class of groups which is called `predefined local
> group' or similar. That are the groups which already exist on a
> machine when it has been installed. Examples are the administrators
> group or the guest group. Except that they are predefined they
> behave the same as later defined local groups.
> I suggest (how boring) reading the ntsec chapter in the online
> users guide:
> Corinna
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Developer              
> Red Hat, Inc.
> --
> Want to unsubscribe from this list?
> Send a message to

Do You Yahoo!?
Thousands of Stores.  Millions of Products.  All in one Place.

Want to unsubscribe from this list?
Send a message to

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]