* RE: problem starting inetd as NT service
@ 2002-05-08 4:43 Mellman Thomas
2002-05-08 7:37 ` Larry Hall (RFK Partners, Inc)
0 siblings, 1 reply; 10+ messages in thread
From: Mellman Thomas @ 2002-05-08 4:43 UTC (permalink / raw)
To: 'Larry Hall (RFK Partners, Inc)', Mellman Thomas; +Cc: cygwin
>>-----Original Message-----
>>From: Larry Hall (RFK Partners, Inc) [mailto:lhall@rfk.com]
>>Sent: Tuesday, May 07, 2002 5:04 PM
>>To: Mellman Thomas; 'john@vincent.as'; YuriLeikind@scnsoft.com
>>Cc: cygwin@cygwin.com
>>Subject: RE: problem starting inetd as NT service
>>
>>
>>At 08:38 AM 5/7/2002, Mellman Thomas wrote:
>>>Due to constraints poised by my employer, I guess, I'm having basic
>>>problems meeting the requirements:
>>>
>>>When I do that, I can't create files anymore. My id is (clearly)
>>>uid=500(Administrator) gid=513(Kein) groups=513(Kein)
Incidently, I meant NOT as a telnet or ftp user, but simply as
a normal cygwin console user (Administrator) can I no longer create
files.
>>>- I read somewhere that I need to put my RID in the GCOS field of
>>> a password entry for me. I couldn't find the RID in my registry.
>>> Where can I find it?
>>
>>
>>The lack of this data in your /etc/passwd file is probably
>>the reason you
>>are having permission problems with ntsec turned on. Just
>>run "mkpasswd"
>>again with the appropriate flags for your installation. So
>>long as it can
>>find your login name, it will add the appropriate information to your
>>/etc/passwd file for you.
Ah, I afraid that's the key. mkpasswd - both with -l and -d options - does not yield my account name. I guess my employer REALLY has the security tied down. Does that mean that telnet is out for me?
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 10+ messages in thread
* RE: problem starting inetd as NT service
2002-05-08 4:43 problem starting inetd as NT service Mellman Thomas
@ 2002-05-08 7:37 ` Larry Hall (RFK Partners, Inc)
2002-05-08 13:25 ` Finding your SID (was Re: problem starting inetd as NT service) Jason Tishler
0 siblings, 1 reply; 10+ messages in thread
From: Larry Hall (RFK Partners, Inc) @ 2002-05-08 7:37 UTC (permalink / raw)
To: Mellman Thomas; +Cc: cygwin
At 05:39 AM 5/8/2002, Mellman Thomas wrote:
> >>-----Original Message-----
> >>From: Larry Hall (RFK Partners, Inc) [mailto:lhall@rfk.com]
> >>Sent: Tuesday, May 07, 2002 5:04 PM
> >>To: Mellman Thomas; 'john@vincent.as'; YuriLeikind@scnsoft.com
> >>Cc: cygwin@cygwin.com
> >>Subject: RE: problem starting inetd as NT service
> >>
> >>
> >>At 08:38 AM 5/7/2002, Mellman Thomas wrote:
> >>>Due to constraints poised by my employer, I guess, I'm having basic
> >>>problems meeting the requirements:
> >>>
> >>>When I do that, I can't create files anymore. My id is (clearly)
> >>>uid=500(Administrator) gid=513(Kein) groups=513(Kein)
>
>
>
>Incidently, I meant NOT as a telnet or ftp user, but simply as
>a normal cygwin console user (Administrator) can I no longer create
>files.
OK, you're problem with /etc/passwd is at the heart of this problem.
> >>>- I read somewhere that I need to put my RID in the GCOS field of
> >>> a password entry for me. I couldn't find the RID in my registry.
> >>> Where can I find it?
> >>
> >>
> >>The lack of this data in your /etc/passwd file is probably
> >>the reason you
> >>are having permission problems with ntsec turned on. Just
> >>run "mkpasswd"
> >>again with the appropriate flags for your installation. So
> >>long as it can
> >>find your login name, it will add the appropriate information to your
> >>/etc/passwd file for you.
>
>
>Ah, I afraid that's the key. mkpasswd - both with -l and -d options - does not yield my account name. I guess my employer REALLY has the security tied down. Does that mean that telnet is out for me?
Not necessarily. You need to be able to create a proper /etc/passwd file.
mkpasswd will do this for you normally. However, if you can find the proper
info, you can create one manually. Before embarking on this "last resort"
path though, look at Jason Tishler's 'mkpasswd' email from today. That thread
may have some useful information for you.
Larry Hall lhall@rfk.com
RFK Partners, Inc. http://www.rfk.com
838 Washington Street (508) 893-9779 - RFK Office
Holliston, MA 01746 (508) 893-9889 - FAX
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 10+ messages in thread
* Finding your SID (was Re: problem starting inetd as NT service)
2002-05-08 7:37 ` Larry Hall (RFK Partners, Inc)
@ 2002-05-08 13:25 ` Jason Tishler
2002-05-09 4:29 ` Gerald S. Williams
0 siblings, 1 reply; 10+ messages in thread
From: Jason Tishler @ 2002-05-08 13:25 UTC (permalink / raw)
To: cygwin
[The following was delayed due to ISP problems. Sigh...]
On Wed, May 08, 2002 at 10:30:28AM -0400, Larry Hall (RFK Partners, Inc) wrote:
> Not necessarily. You need to be able to create a proper /etc/passwd file.
> mkpasswd will do this for you normally. However, if you can find the proper
> info, you can create one manually.
You can find your SID (the "proper info" from above), by scanning through
the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Choose the one where ProfileImagePath contains your $USERNAME.
Obviously, we should try to fix mkpasswd/mkgroup to work in these
"strange" environments, if possible. But, at least the archives have
a reference for the desperate now. :,)
Jason
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 10+ messages in thread
* RE: Finding your SID (was Re: problem starting inetd as NT service)
2002-05-08 13:25 ` Finding your SID (was Re: problem starting inetd as NT service) Jason Tishler
@ 2002-05-09 4:29 ` Gerald S. Williams
2002-05-09 6:05 ` Jason Tishler
0 siblings, 1 reply; 10+ messages in thread
From: Gerald S. Williams @ 2002-05-09 4:29 UTC (permalink / raw)
To: Jason Tishler, cygwin
Jason Tishler wrote:
> You can find your SID (the "proper info" from above), by scanning through
> the following registry key:
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
>
> Choose the one where ProfileImagePath contains your $USERNAME.
After expanding variables, I was able to look for where
ProfileImagePath is equal to $USERPROFILE. YMMV.
I was able to come up with a short script that does the
equivalent of "mkpasswd -d -u $USERNAME" on my system.
However, I did not know what to do about the group
number. Based on my system and other e-mail I've seen,
I just hardcoded 513 for now, but that's probably not
universally correct. Is there any way to get that info
from the registry?
-Jerry
P.S. Here's the script I used. It's in Python, and only
works using the WINDOWS version right now since Cygwin
Python doesn't support the _winreg module.
-----
#!/usr/bin/echo THIS_IS_ONLY_FOR_WINDOWS_PYTHON
from _winreg import *
from os import environ
class User:
def __init__(self,masterkey,sid):
self.sid = sid
userkey = OpenKey(masterkey,sid)
self.data = {}
for valueno in range(QueryInfoKey(userkey)[1]):
(name,data,type) = EnumValue(userkey,valueno)
self.data[name] = data
userkey.Close()
profilePath = self.data['ProfileImagePath'].split("%")
for i in range(1,len(profilePath),2):
profilePath[i] = environ[profilePath[i]]
self.profilePath = "".join(profilePath)
users = []
masterkey = OpenKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList")
for userno in range(QueryInfoKey(masterkey)[0]):
users.append(User(masterkey,EnumKey(masterkey,userno)))
masterkey.Close()
profilePath = environ["USERPROFILE"]
userName = environ["USERNAME"]
userDomain = environ["USERDOMAIN"]
for user in users:
if user.profilePath == profilePath:
# Not clear what to use for group ID. Is 513 universally OK?
# This assumes you want your home directory in /home/userName
print ":".join([userName, \
"unused_by_nt/2000/xp", \
user.sid.split("-")[-1],
"513", \
"U-" + userDomain + "\\" + userName + "," + user.sid, \
"/home/" + userName, \
"/bin/bash"])
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Finding your SID (was Re: problem starting inetd as NT service)
2002-05-09 4:29 ` Gerald S. Williams
@ 2002-05-09 6:05 ` Jason Tishler
2002-05-09 7:51 ` Gerald S. Williams
0 siblings, 1 reply; 10+ messages in thread
From: Jason Tishler @ 2002-05-09 6:05 UTC (permalink / raw)
To: Gerald S. Williams; +Cc: cygwin
Jerry,
On Thu, May 09, 2002 at 07:11:55AM -0400, Gerald S. Williams wrote:
> Jason Tishler wrote:
> > Choose the one where ProfileImagePath contains your $USERNAME.
>
> After expanding variables, I was able to look for where
> ProfileImagePath is equal to $USERPROFILE. YMMV.
Your method is equivalent to mine but better.
> However, I did not know what to do about the group
> number. Based on my system and other e-mail I've seen,
> I just hardcoded 513 for now, but that's probably not
> universally correct.
Since you are in a domain environment, you should use "10513" which is
the gid for "Domain Users" instead.
> Is there any way to get that info from the registry?
I don't think that you have to. Just use "513" for local accounts and
"10513" for domain accounts.
BTW, you also need to update your /etc/group file as follows:
$ mkgroup -d | egrep 'Domain (Users|Admins|Guests)' >>/etc/group
I found the SID for my Domain Users account in:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership\Group0
I'm not sure if the above is generally useful. Additionally, I'm not
sure how to find the SIDs for the other Domain foo accounts, except
by substituting 512 and 514 (for 513) for Domain Admins and Guests,
respectively.
Jason
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 10+ messages in thread
* RE: Finding your SID (was Re: problem starting inetd as NT service)
2002-05-09 6:05 ` Jason Tishler
@ 2002-05-09 7:51 ` Gerald S. Williams
2002-05-09 8:12 ` Jason Tishler
0 siblings, 1 reply; 10+ messages in thread
From: Gerald S. Williams @ 2002-05-09 7:51 UTC (permalink / raw)
To: Jason Tishler; +Cc: cygwin
Thanks for the info.
BTW, I just found out that people in another site ARE able
to use mkpasswd and mkgroup with the -d option. I may be
able to have them get everyone's information.
> BTW, you also need to update your /etc/group file as follows:
>
> $ mkgroup -d | egrep 'Domain (Users|Admins|Guests)' >>/etc/group
I was leaving out the "egrep". Should I suppress the other
stuff?
-Jerry
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Finding your SID (was Re: problem starting inetd as NT service)
2002-05-09 7:51 ` Gerald S. Williams
@ 2002-05-09 8:12 ` Jason Tishler
2002-05-09 15:43 ` Gerald S. Williams
0 siblings, 1 reply; 10+ messages in thread
From: Jason Tishler @ 2002-05-09 8:12 UTC (permalink / raw)
To: Gerald S. Williams; +Cc: cygwin
Jerry,
On Thu, May 09, 2002 at 09:53:41AM -0400, Gerald S. Williams wrote:
> Thanks for the info.
You are welcome.
> BTW, I just found out that people in another site ARE able
> to use mkpasswd and mkgroup with the -d option. I may be
> able to have them get everyone's information.
I work for a very large company and we have similar issues too.
> > BTW, you also need to update your /etc/group file as follows:
> >
> > $ mkgroup -d | egrep 'Domain (Users|Admins|Guests)' >>/etc/group
>
> I was leaving out the "egrep". Should I suppress the other stuff?
Again, I work for a very large company that just got bigger on 5/7/2002
(hint). :,) After about 45 minutes, mkgroup -d produced about 6000
entries and still had not hit H yet! I prefer to "suppress the other
stuff". I don't know whether or not that will be your preference too.
Jason
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 10+ messages in thread
* RE: Finding your SID (was Re: problem starting inetd as NT service)
2002-05-09 8:12 ` Jason Tishler
@ 2002-05-09 15:43 ` Gerald S. Williams
2002-05-20 9:55 ` Jason Tishler
0 siblings, 1 reply; 10+ messages in thread
From: Gerald S. Williams @ 2002-05-09 15:43 UTC (permalink / raw)
To: cygwin
Problem solved.
I thought that I was able to contact the domain controller,
since I was able to change my domain password successfully
and do other sorts of things that required me to login.
However, apparently this was something other than the PDC
or BDC. Or at least I was in a situation where I wasn't
"trusted" enough to contact them via mkpasswd. Thinking it
was the latter, I even tried hacking mkpasswd to use the
appropriate Active Directory calls, to no avail.
But today, after finding someone that could use mkpasswd,
I simply copied his WINS settings and now it works for
me, too. Doh!
Thanks for the help,
-Jerry Williams
P.S. I don't know if anyone's interested in this, but here's
my previous Python script updated to provide more correct
results:
-----
#!/usr/bin/echo THIS_IS_ONLY_FOR_WINDOWS_PYTHON
from _winreg import *
from os import environ
class User:
def __init__(self,masterkey,sid):
self.sid = sid
userkey = OpenKey(masterkey,sid)
self.data = {}
for valueno in range(QueryInfoKey(userkey)[1]):
(name,data,type) = EnumValue(userkey,valueno)
self.data[name] = data
userkey.Close()
profilePath = self.data['ProfileImagePath'].split("%")
for i in range(1,len(profilePath),2):
profilePath[i] = environ[profilePath[i]]
self.profilePath = "".join(profilePath)
users = []
masterkey = OpenKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList")
for userno in range(QueryInfoKey(masterkey)[0]):
users.append(User(masterkey,EnumKey(masterkey,userno)))
masterkey.Close()
profilePath = environ["USERPROFILE"]
userName = environ["USERNAME"]
userDomain = environ["USERDOMAIN"]
# Offset of 10000 is for domain users. Use 0 for local users.
offset = 10000
for user in users:
if user.profilePath == profilePath:
# Group 513/10513 is for all users.
# This assumes you want your home directory in /home/userName
print ":".join([userName, \
"unused_by_nt/2000/xp", \
str(int(user.sid.split("-")[-1])+offset),
str(513+offset), \
"U-" + userDomain + "\\" + userName + "," + user.sid, \
"/home/" + userName, \
"/bin/bash"])
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Finding your SID (was Re: problem starting inetd as NT service)
2002-05-09 15:43 ` Gerald S. Williams
@ 2002-05-20 9:55 ` Jason Tishler
2002-05-30 9:10 ` Jason Tishler
0 siblings, 1 reply; 10+ messages in thread
From: Jason Tishler @ 2002-05-20 9:55 UTC (permalink / raw)
To: Gerald S. Williams; +Cc: cygwin
Jerry,
On Thu, May 09, 2002 at 06:23:04PM -0400, Gerald S. Williams wrote:
> But today, after finding someone that could use mkpasswd,
> I simply copied his WINS settings and now it works for
> me, too. Doh!
I'm trying to track down similar sounding problems that a co-worker had.
Do you know what were the specific differences between your WINS setting
and his? If so, please post them to the list.
Thanks,
Jason
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Finding your SID (was Re: problem starting inetd as NT service)
2002-05-20 9:55 ` Jason Tishler
@ 2002-05-30 9:10 ` Jason Tishler
0 siblings, 0 replies; 10+ messages in thread
From: Jason Tishler @ 2002-05-30 9:10 UTC (permalink / raw)
To: cygwin
On Mon, May 20, 2002 at 09:02:28AM -0400, Jason Tishler wrote:
> On Thu, May 09, 2002 at 06:23:04PM -0400, Gerald S. Williams wrote:
> > But today, after finding someone that could use mkpasswd,
> > I simply copied his WINS settings and now it works for
> > me, too. Doh!
>
> I'm trying to track down similar sounding problems that a co-worker had.
> Do you know what were the specific differences between your WINS setting
> and his? If so, please post them to the list.
Due to network related security concerns, Jerry has responded to me
privately.
Jason
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2002-05-30 12:42 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-05-08 4:43 problem starting inetd as NT service Mellman Thomas
2002-05-08 7:37 ` Larry Hall (RFK Partners, Inc)
2002-05-08 13:25 ` Finding your SID (was Re: problem starting inetd as NT service) Jason Tishler
2002-05-09 4:29 ` Gerald S. Williams
2002-05-09 6:05 ` Jason Tishler
2002-05-09 7:51 ` Gerald S. Williams
2002-05-09 8:12 ` Jason Tishler
2002-05-09 15:43 ` Gerald S. Williams
2002-05-20 9:55 ` Jason Tishler
2002-05-30 9:10 ` Jason Tishler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).