[ANNOUNCEMENT] TEST RELEASE: Cygwin 1.7.34-003 (Christmas/New Year release)
Corinna Vinschen
corinna-cygwin@cygwin.com
Wed Jan 21 19:46:00 GMT 2015
On Jan 21 10:37, Corinna Vinschen wrote:
> On Jan 21 02:45, Andrey Repin wrote:
> > Sorry for the holdup, I was trying to crack it by myself.
> > But I was unsuccessful, and have to reach for help.
> > Even the most striped down configuration doesn't produce visible improvements.
> >
> > The setup: A Win7 machine - member of a NT4-style domain. (No AD yet.)
> > Logged in as domain user with admin rights.
> > Current profile path is C:\Users\<username>.<domainname>
> > group/passwd files are moved away.
> >
> > Contents of nsswitch.conf (the last, stripped down next to nothing attempt):
> >
> > passwd: db
> > group: db
> >
> > db_home: /%H
> > db_shell: /bin/sh
> >
> >
> > > set HOME
> > HOMEDRIVE=C:
> > HOMEPATH=\Users\anrdaemon.CCENTER
> >
> > > getent passwd %USERNAME%
> > anrdaemon:*:1051576:1049089:U-CCENTER\anrdaemon,S-1-5-21-1031481445-3291699540-3997755762-3000:/home/anrdaemon:/bin/bash
> >
> > If I understand it right, the /%H should always return usable value, so do
> > /bin/sh. But I can't get it to work.
>
> Weird, really. I just tried it again myself and it worked immediately.
>
> What I'm doing is this:
>
> - I'm *not* running cygserver.
> - Open a mintty.
> - Change the nsswitch.conf settings and save the file.
> - Start another mintty to observe the effect.
>
> If cygserver is not running, every new mintty session will see the
> latest version of the nsswitch.conf file and create the passwd/group
> entries from there.
>
> I'm wondering if that's a side effect of using a NT4 domain. This isn't
> supported in Cygwin anymore for quite some time. After all AD has
> replaced NT4 15 years ago. All the LDAP calls to fetch the AD attributes
> won't work in an NT4 domain, for instance.
>
> But even if all the calls to the DB fail, the /path scheme shouldn't be
> affected.
But it is... I just inspected the code in CYgwin fetching the extra info
for domain accounts. Due to the way this works - a single ldap call to
fetch all AD attributes - the evaluation only takes place after the LDAP
call was successful. This is independent of using non-AD schemes, basically
like this:
if (is_domain_account)
{
[...]
if (cldap->fetch_ad_account ())
{
gid = posix_offset + cldap->get_primary_gid ();
home = cygheap->pg.get_home (cldap);
shell = cygheap->pg.get_shell (cldap);
gecos = cygheap->pg.get_gecos (cldap);
}
The reason here is that we have to fetch the gid value anyway, so the
code is relying on the ldap call. The get_home(), get_shell(), get_gecos()
methods get the full content fetched from AD and only then creates the
pw_dir, pw_shell and pw_gecos values based on the content of nsswitch.conf.
So, yes, this is a direct result of not supporting NT4 domains anymore.
Sorry,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150121/9d43ed1b/attachment.sig>
More information about the Cygwin
mailing list