From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 96241 invoked by alias); 9 Mar 2016 11:28:03 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 94973 invoked by uid 89); 9 Mar 2016 11:28:02 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-93.9 required=5.0 tests=BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_PBL,RDNS_DYNAMIC,USER_IN_WHITELIST autolearn=no version=3.3.2 spammy=GID, emailed, SID, Trying X-HELO: calimero.vinschen.de Received: from ipbcc0d020.dynamic.kabel-deutschland.de (HELO calimero.vinschen.de) (188.192.208.32) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 09 Mar 2016 11:27:52 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 9E46EA80696; Wed, 9 Mar 2016 12:27:50 +0100 (CET) Date: Wed, 09 Mar 2016 11:28:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: RFC2307 accounts Message-ID: <20160309112750.GA14733@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <56DFCC21.8070506@studelec-sa.com> <56DFE973.2070406@maxrnd.com> <56DFFE26.9080705@studelec-sa.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="sdtB3X0nJg68CQEu" Content-Disposition: inline In-Reply-To: <56DFFE26.9080705@studelec-sa.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-SW-Source: 2016-03/txt/msg00092.txt.bz2 --sdtB3X0nJg68CQEu Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 2066 On Mar 9 11:42, Marc Rechte wrote: > Le 09/03/2016 10:14, Mark Geisert a =C3=A9crit : > >Marc Rechte wrote: > >>Hello, > >> > >> Trying to set RFC2307 accounts, using unix schema in > >>/etc/nsswitch.conf. > >[...] > > > >Your original post of this material was answered about 30 minutes after > >your post. Kindly follow up there... > > > >https://cygwin.com/ml/cygwin/2016-03/msg00076.html > Sorry, I did not get that answer emailed to me (some confusion during the > subscription). >=20 > I am not clear with answer given by Corinna. >=20 > The idea behind RFC2307, imho is to have a consistent UID/GID between > systems which have joined a domain. This is what we achieved in our domai= n, > where a user login into whatever Linux box, gets the same uid/gid. One wo= uld > expect the same behaviour in cygwin (on a joined machine), wouldn't he ? That's not the idea behind the uid/gid mapping. You might have noticed that "unix" is not used as a keyword in the passwd and group settings in /etc/nsswitch.conf, only in the db_home, db_shell, and db_gecos settings. Keep in mind that we have two mappings. The main mapping is the mapping between Windows SID and a computed uid/gid value used in Cygwin which allows fast mapping in both directions. A computed value drops the requirement to access an LDAP server for the mapping, which is especially bad when not using AD as mapping server. Please read https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nfs and https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba again. The RFC 2307 mapping only comes into play when reading meta information from an NFS or Samba share. The unix uid/gid values have to be mapped to a Windows user (better: SID) in the first place, not to the Cygwin uid/gid values. The actual uid/gid values are irrelevant. Worse, using the RFC 2307 values might collide with other, computed uid/gid values. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --sdtB3X0nJg68CQEu Content-Type: application/pgp-signature; name="signature.asc" Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJW4Ai2AAoJEPU2Bp2uRE+gD2cP/idWCKHo15X6uma7AX99j0EB vhO8k9txXZDsRuQNNImFzmQCuqyiiiOXQ1zbMhkfeT7cHULkQtM3s6jtwzzZHbp/ 5KC4PgAlRhXIBKKhqeP3j61J8R5RfopD3BMPAuaUPpsi7QzacXN1PPoSu3OPh3Gm 0XCEtrS2lIunvj2ngyE4HPeiWM/IXvRq6ZZzMEa4sobhnFTRNI6WSJPu7FORGkF0 jzRPyv6dhdzmkM1GzTBFeTgz2g8C8vwdzqkBBND6A0LTWfnCCHYayJ52EdrJQzUY /aCzSSEAalVt4mp3ob0v7yAliqaLG1s/IkMhljj1+vJt/utoB9+c/1i3hoRaC9uW gS4y4nqo6Z2ur5uYDSRFol12Ix5StHKc//cO5+t9ig2knTqWp4VswTn88wPGlYq0 GIoA4y9IVDSyQSinA/J948r4DS8EqFrZgiLHk74fJnNkruOcg41gKEphMbCiSysV MBynM/meqWMqQfP1m+DkixIvhh+FceiYGjHxEpgY5/LPWwIJCMJj6k/f/igP+7Et 2XXAhPd+cD+tzQaJGkD6Q418G9WtEqoUIIHqwNVDoygV2RDBtnPzSy5fjeTyPp5u UC7Uf3QYCvqvexkwSqMUQiBRZk3XCoJd4mWnaZeVMnXCnwOfS+RMuIb89XzYFQ4D sdpwR3TPXlD1D5lEq7iP =YsKV -----END PGP SIGNATURE----- --sdtB3X0nJg68CQEu--