update trouble 1.7.35
Lemke, Michael ST/HZA-ZSW
lemkemch@schaeffler.com
Tue Mar 24 18:40:00 GMT 2015
On Tuesday, March 24, 2015 5:49 PM Corinna Vinschen wrote:
>On Mar 24 16:25, Lemke, Michael ST/HZA-ZSW wrote:
>> On March 24, 2015 4:50 PM Corinna Vinschen wrote:
>> >On Mar 24 15:19, Lemke, Michael ST/HZA-ZSW wrote:
>> >> C:\NCygwin\bin>cat ..\etc\nsswitch.conf
>> >> passwd: files
>> >> group: files
>> >>
>> >> C:\NCygwin\bin>getent passwd %USERNAME%
>> >> lemkemch:unused:12729:10513:U-INA-DE01\lemkemch,S-1-5-21-1373454394-1654746546-1
>> >> 846952604-2729:/home/lemkemch:/bin/tcsh
>> >
>> >Is that what you have in /etc/passwd?
>>
>> Oops, thought I also showed passwd:
>>
>> C:\NCygwin\bin>cat ..\etc\passwd
>> lemkemch:unused:12729:10513:U-INA-DE01\lemkemch,S-1-5-21-1373454394-1654746546-1846952604-2729:/home/lemkemch:/bin/tcsh
>>
>> >
>> >> C:\NCygwin\bin>id
>> >> uid=4294967295(Unknown+User) gid=4294967295(Unknown+Group) groups=545(Users),555
>> >> (Remote Desktop Users)
>> >
>> >what does `mkpasswd -d | grep -i lemkemch' print?
>>
>> C:\NCygwin\bin>mkpasswd -d | grep -i lemkemch
>> lemkemch:*:1175788:1049089:XXXXXXXX\lemkemch,S-1-5-21-435809281-806517502-2525237208-127212:/home/lemkemch:/bin/bash
>
>Ouch. Your user SID from AD is different to the one in /etc/passwd.
>
>> Note that "they" did a domain switch here at some point. My installation
>> is really old and the passwd certainly is from before that domain change.
>
>That explains it. Please recreate your /etc/passwd and /etc/group
>files with mkpasswd and mkgroup, or, even better, just discard them.
>
I just created new ones. I like passwd/group much better than AD, sorry.
Just like real unix before the invention of yellow pages and nis. This
way I can easily give different shells to different users (not that it is
really important at the moment).
In nsswitch.conf I put
passwd: files db
group: files db
and ls listings seem to look fine. Login is also possible again
with correct tcsh shell.
>The problem is the domain switch which also changed the SID of your user
>account. The old SID, which you also have in your passwd, is not
>returned by the server anymore. But it's stored in your SID history in
>AD and when asking for it you get an answer.
So, to sort of sum this up: the new cygwin doesn't deal well with
contradicting entries in passwd and AD. Or something like that. Maybe
you can at least make the login process generate an error message. I just
realize there is one (which started this whole thread) but if you start
cygwin from a minty shortcut (as I do and as it is the default I think) all
you get is a flashing window. I added "-h always" to the mintty options
to actually see the message.
>>
>> I noticed something else: With nsswitch.conf db:
>>
>> > ls -l
>> ...
>> -rw-rwxr--+ 1 lemkemch OLDDOMAIN+Domain Users 10057 Oct 21 2013 testresults.xml
>> drwxr-xr-x+ 1 lemkemch OLDDOMAIN+Domain Users 0 Nov 9 2010 tidy4aug00
>> drwxrwxr-x+ 1 lemkemch Domain Users 0 May 14 2014 tinymce
>> drwxr-xr-x+ 1 lemkemch OLDDOMAIN+Domain Users 0 Jan 13 2012 tomahawk-1.1.11
>> ...
>> > ls -ln
>> ...
>> -rw-rwxr--+ 1 1051305 1073742337 10057 Oct 21 2013 testresults.xml
>> drwxr-xr-x+ 1 1051305 1073742337 0 Nov 9 2010 tidy4aug00
>> drwxrwxr-x+ 1 1175788 1049089 0 May 14 2014 tinymce
>> drwxr-xr-x+ 1 1051305 1073742337 0 Jan 13 2012 tomahawk-1.1.11
>> ...
>>
>> Note the different numerical id's that translate to the same username.
>> Don't know if it means anything. I just find it weird.
>
>That's due to your SID history. It's a bit hard to explain, but that
>occurs when "they" switch to a new domain with different SIDs. When
>asking for the new and the old SID, the same username is returned since
>both are your SIDs, one old, one new.
>
>I strongly recommend not to use the old SID anymore. The reason is that
>Cygwin will create all these files with the old SIDs. However, your
>actual user token has the new SID. Uh, as I wrote, hard to explain and
>a weird situation.
Ok, I think I get it.
>
>Downside: Cygwin can't handle the old SIDs from your SID history quite
>correctly.
Actually, with "files db" it seems to handle it quite well. I get the same
username for both kind of files. There are still lots of files in my
home I created before the domain switch.
>Trying to support them as well would slow down the user and
>group lookups a lot. If you can live with what we just found out and
>the solution I suggested, I'd be rather happy :}
>
Yes, I am happy now.
Thanks,
Michael
More information about the Cygwin
mailing list