RE: update trouble 1.7.35

["Lemke, Michael ST/HZA-ZSW" <lemkemch@schaeffler.com>]

On Tuesday, March 24, 2015 5:49 PM Corinna Vinschen wrote:
>On Mar 24 16:25, Lemke, Michael  ST/HZA-ZSW wrote:
>> On March 24, 2015 4:50 PM Corinna Vinschen wrote:
>> >On Mar 24 15:19, Lemke, Michael  ST/HZA-ZSW wrote:
>> >> C:\NCygwin\bin>cat ..\etc\nsswitch.conf
>> >> passwd: files
>> >> group: files
>> >> 
>> >> C:\NCygwin\bin>getent passwd %USERNAME%
>> >> lemkemch:unused:12729:10513:U-INA-DE01\lemkemch,S-1-5-21-1373454394-1654746546-1
>> >> 846952604-2729:/home/lemkemch:/bin/tcsh
>> >
>> >Is that what you have in /etc/passwd?
>> 
>> Oops, thought I also showed passwd:
>> 
>> C:\NCygwin\bin>cat ..\etc\passwd
>> lemkemch:unused:12729:10513:U-INA-DE01\lemkemch,S-1-5-21-1373454394-1654746546-1846952604-2729:/home/lemkemch:/bin/tcsh
>> 
>> >
>> >> C:\NCygwin\bin>id
>> >> uid=4294967295(Unknown+User) gid=4294967295(Unknown+Group) groups=545(Users),555
>> >> (Remote Desktop Users)
>> >
>> >what does `mkpasswd -d | grep -i lemkemch' print?
>> 
>> C:\NCygwin\bin>mkpasswd -d | grep -i lemkemch
>> lemkemch:*:1175788:1049089:XXXXXXXX\lemkemch,S-1-5-21-435809281-806517502-2525237208-127212:/home/lemkemch:/bin/bash
>
>Ouch.  Your user SID from AD is different to the one in /etc/passwd.
>
>> Note that "they" did a domain switch here at some point.  My installation 
>> is really old and the passwd certainly is from before that domain change.
>
>That explains it.  Please recreate your /etc/passwd and /etc/group
>files with mkpasswd and mkgroup, or, even better, just discard them.
>

I just created new ones.  I like passwd/group much better than AD, sorry.  
Just like real unix before the invention of yellow pages and nis.  This 
way I can easily give different shells to different users (not that it is
really important at the moment).

In nsswitch.conf I put 
passwd: files db
group: files db

and ls listings seem to look fine.  Login is also possible again
with correct tcsh shell.

>The problem is the domain switch which also changed the SID of your user
>account.  The old SID, which you also have in your passwd, is not
>returned by the server anymore.  But it's stored in your SID history in
>AD and when asking for it you get an answer.

So, to sort of sum this up: the new cygwin doesn't deal well with 
contradicting entries in passwd and AD.  Or something like that.  Maybe 
you can at least make the login process generate an error message.  I just
realize there is one (which started this whole thread) but if you start 
cygwin from a minty shortcut (as I do and as it is the default I think) all 
you get is a flashing window.  I added "-h always" to the mintty options
to actually see the message.

>> 
>> I noticed something else: With nsswitch.conf db:
>> 
>> > ls -l
>> ...
>> -rw-rwxr--+ 1 lemkemch OLDDOMAIN+Domain Users      10057 Oct 21  2013 testresults.xml
>> drwxr-xr-x+ 1 lemkemch OLDDOMAIN+Domain Users          0 Nov  9  2010 tidy4aug00
>> drwxrwxr-x+ 1 lemkemch Domain Users                   0 May 14  2014 tinymce
>> drwxr-xr-x+ 1 lemkemch OLDDOMAIN+Domain Users          0 Jan 13  2012 tomahawk-1.1.11
>> ...
>> > ls -ln
>> ...
>> -rw-rwxr--+ 1 1051305 1073742337      10057 Oct 21  2013 testresults.xml
>> drwxr-xr-x+ 1 1051305 1073742337          0 Nov  9  2010 tidy4aug00
>> drwxrwxr-x+ 1 1175788    1049089          0 May 14  2014 tinymce
>> drwxr-xr-x+ 1 1051305 1073742337          0 Jan 13  2012 tomahawk-1.1.11
>> ...
>> 
>> Note the different numerical id's that translate to the same username.
>> Don't know if it means anything.  I just find it weird.
>
>That's due to your SID history.  It's a bit hard to explain, but that
>occurs when "they" switch to a new domain with different SIDs.  When
>asking for the new and the old SID, the same username is returned since
>both are your SIDs, one old, one new.
>
>I strongly recommend not to use the old SID anymore.  The reason is that
>Cygwin will create all these files with the old SIDs.  However, your
>actual user token has the new SID.  Uh, as I wrote, hard to explain and
>a weird situation.

Ok, I think I get it.

>
>Downside: Cygwin can't handle the old SIDs from your SID history quite
>correctly.  

Actually, with "files db" it seems to handle it quite well.  I get the same
username for both kind of files.  There are still lots of files in my
home I created before the domain switch.

>Trying to support them as well would slow down the user and
>group lookups a lot.  If you can live with what we just found out and
>the solution I suggested, I'd be rather happy :}
>

Yes, I am happy now.


Thanks,
Michael