* RE: mkpasswd (Win2K) cannot find the domain controller
@ 2002-05-13 15:05 Heribert Dahms
2002-05-14 5:53 ` Corinna Vinschen
2002-05-14 8:39 ` Gerald S. Williams
0 siblings, 2 replies; 9+ messages in thread
From: Heribert Dahms @ 2002-05-13 15:05 UTC (permalink / raw)
To: cygwin
Hi Corinna,
maybe Jerry should improve his patch to make it runtime selectable like
mkpasswd --use-netgetanydcname and provide another patch to document
that together with a changelog? Could probably still count as a 'small'
patch...
Bye, Heribert (heribert_dahms@icon-scm.com)
> -----Original Message-----
> From: Corinna Vinschen [SMTP:corinna-cygwin@cygwin.com]
> Sent: Monday, May 13, 2002 12:40
> To: cygwin@cygwin.com
> Subject: Re: mkpasswd (Win2K) cannot find the domain controller
>
> On Wed, May 08, 2002 at 03:41:29PM -0400, Gerald S. Williams wrote:
> > Meanwhile, I'm wondering if a change similar to the patch
> > below should be made to mkpasswd.c?
>
> I'm somewhat reluctant to apply that patch to mkpasswd. The
> reason is... I don't know. I recalled that I'd once changed
> from using NetGetAnyDCName() to NetGetDCName() for *some*
> reason. I found the change in the ChangeLog, 2000-04-15.
> Unfortunately I don't remember what the exact problems with
> NetGetAnyDCName() were. Sigh.
>
> Corinna
>
> >
> > -Jerry
> >
> > Index: mkpasswd.c
> > ===================================================================
> > RCS file: /cvs/src/src/winsup/utils/mkpasswd.c,v
> > retrieving revision 1.21
> > diff -u -r1.21 mkpasswd.c
> > --- mkpasswd.c 29 Apr 2002 10:21:54 -0000 1.21
> > +++ mkpasswd.c 8 May 2002 19:36:14 -0000
> > @@ -50,7 +50,7 @@
> > return FALSE;
> > if (!(netlocalgroupenum = (void *) GetProcAddress (h,
> "NetLocalGroupEnum")))
> > return FALSE;
> > - if (!(netgetdcname = (void *) GetProcAddress (h, "NetGetDCName")))
> > + if (!(netgetdcname = (void *) GetProcAddress (h, "NetGetAnyDCName")))
> > return FALSE;
> > if (!(netusergetinfo = (void *) GetProcAddress (h,
> "NetUserGetInfo")))
> > return FALSE;
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: mkpasswd (Win2K) cannot find the domain controller
2002-05-13 15:05 mkpasswd (Win2K) cannot find the domain controller Heribert Dahms
@ 2002-05-14 5:53 ` Corinna Vinschen
2002-05-14 8:39 ` Gerald S. Williams
1 sibling, 0 replies; 9+ messages in thread
From: Corinna Vinschen @ 2002-05-14 5:53 UTC (permalink / raw)
To: cygwin
On Mon, May 13, 2002 at 11:19:49PM +0200, Heribert Dahms wrote:
> Hi Corinna,
>
> maybe Jerry should improve his patch to make it runtime selectable like
> mkpasswd --use-netgetanydcname and provide another patch to document
> that together with a changelog? Could probably still count as a 'small'
> patch...
Hmm, yes, sounds reasonable.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: mkpasswd (Win2K) cannot find the domain controller
2002-05-13 15:05 mkpasswd (Win2K) cannot find the domain controller Heribert Dahms
2002-05-14 5:53 ` Corinna Vinschen
@ 2002-05-14 8:39 ` Gerald S. Williams
1 sibling, 0 replies; 9+ messages in thread
From: Gerald S. Williams @ 2002-05-14 8:39 UTC (permalink / raw)
To: Heribert Dahms, cygwin
Heribert Dahms wrote:
> maybe Jerry should improve his patch to make it runtime selectable like
> mkpasswd --use-netgetanydcname [...]
Corinna Vinschen wrote:
> > I'm somewhat reluctant to apply that patch to mkpasswd. The
> > reason is... I don't know. I recalled that I'd once changed
> > from using NetGetAnyDCName() to NetGetDCName() for *some*
> > reason.
I checked, and Microsoft's Developer Network seems to recommend
the current approach (using GetDC, not GetAnyDC), although it
doesn't explain why either.
It is entirely possible that this is a solution looking for a
problem. I just came across it while looking into an unrelated
problem.
In any event, I don't currently have the resources to set up a
Windows network with PDC and BDC in order to test this. I don't
think my company networking people would look kindly on taking
down their PDC to test it. :-)
A possibly more interesting enhancement would be the patches I
made to enable Active Directory support. This uses DsGetDcNameW
to get the domain controller information instead. Unfortunately,
it relies on a number of definitions not provided by Cygwin (I
hacked them into mkpasswd.c temporarily to get it to work). If
there's interest, I'll post these. However, they are currently
just hacked in as a replacement. I just got a new assignment
that will tie me up for the next month, so I won't be cleaning
these up much anytime soon.
-Jerry
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: mkpasswd (Win2K) cannot find the domain controller
2002-05-08 12:47 ` Gerald S. Williams
@ 2002-05-13 4:29 ` Corinna Vinschen
0 siblings, 0 replies; 9+ messages in thread
From: Corinna Vinschen @ 2002-05-13 4:29 UTC (permalink / raw)
To: cygwin
On Wed, May 08, 2002 at 03:41:29PM -0400, Gerald S. Williams wrote:
> Meanwhile, I'm wondering if a change similar to the patch
> below should be made to mkpasswd.c?
I'm somewhat reluctant to apply that patch to mkpasswd. The
reason is... I don't know. I recalled that I'd once changed
from using NetGetAnyDCName() to NetGetDCName() for *some*
reason. I found the change in the ChangeLog, 2000-04-15.
Unfortunately I don't remember what the exact problems with
NetGetAnyDCName() were. Sigh.
Corinna
>
> -Jerry
>
> Index: mkpasswd.c
> ===================================================================
> RCS file: /cvs/src/src/winsup/utils/mkpasswd.c,v
> retrieving revision 1.21
> diff -u -r1.21 mkpasswd.c
> --- mkpasswd.c 29 Apr 2002 10:21:54 -0000 1.21
> +++ mkpasswd.c 8 May 2002 19:36:14 -0000
> @@ -50,7 +50,7 @@
> return FALSE;
> if (!(netlocalgroupenum = (void *) GetProcAddress (h, "NetLocalGroupEnum")))
> return FALSE;
> - if (!(netgetdcname = (void *) GetProcAddress (h, "NetGetDCName")))
> + if (!(netgetdcname = (void *) GetProcAddress (h, "NetGetAnyDCName")))
> return FALSE;
> if (!(netusergetinfo = (void *) GetProcAddress (h, "NetUserGetInfo")))
> return FALSE;
>
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: mkpasswd (Win2K) cannot find the domain controller
2002-05-08 11:34 ` Michael A Chase
@ 2002-05-08 12:47 ` Gerald S. Williams
2002-05-13 4:29 ` Corinna Vinschen
0 siblings, 1 reply; 9+ messages in thread
From: Gerald S. Williams @ 2002-05-08 12:47 UTC (permalink / raw)
To: Michael A Chase, cygwin
Michael A Chase wrote:
> Can you tell us what the exact values of $USERNAME and $USERDOMAIN are? If
> they contain spaces or some other odd characters, they may need to be quoted.
It's nothing like that--both are short and all-letters. I have some
more information, though.
I tweaked mkpasswd.c and recompiled it, and discovered a few things:
- It *was* insisting on contacting a PDC (using NetGetDCName). I
changed it to use NetGetAnyDCName, which will get a BDC if need be.
- This changed the error messages. Now I get the following:
$ ./mkpasswd -d -u $USERNAME
mkpasswd: [1311] There are currently no logon servers available to service the logon request.
$ ./mkpasswd -d -u $USERNAME $USERDOMAIN
mkpasswd: [1355] The specified domain either does not exist or could not be contacted.
This seems a bit more telling. I also verified that it is in
fact the call to NetGetAnyDCName/NetGetDCName that is failing.
I also noticed that the DOMAIN that my computer is logged into
is not the same domain as the user accounts (i.e., the one you
specify when you log into the computer). They are peers, so that
everyone in the company can log into a single network, but only
computers on the same site are considered "local". When I use
the computer domain name, I get this:
$ ./mkpasswd -d -u $USERNAME computer_domain
mkpasswd: [1311] There are currently no logon servers available to service the logon request.
It's starting to look like the problem is with our network
configuration (wouldn't be the first time). Of course, that
would be extremely difficult for me to change, since this
certainly affects our security settings. I'm probably at
least going to need some sort of workaround for this.
Meanwhile, I'm wondering if a change similar to the patch
below should be made to mkpasswd.c?
-Jerry
Index: mkpasswd.c
===================================================================
RCS file: /cvs/src/src/winsup/utils/mkpasswd.c,v
retrieving revision 1.21
diff -u -r1.21 mkpasswd.c
--- mkpasswd.c 29 Apr 2002 10:21:54 -0000 1.21
+++ mkpasswd.c 8 May 2002 19:36:14 -0000
@@ -50,7 +50,7 @@
return FALSE;
if (!(netlocalgroupenum = (void *) GetProcAddress (h, "NetLocalGroupEnum")))
return FALSE;
- if (!(netgetdcname = (void *) GetProcAddress (h, "NetGetDCName")))
+ if (!(netgetdcname = (void *) GetProcAddress (h, "NetGetAnyDCName")))
return FALSE;
if (!(netusergetinfo = (void *) GetProcAddress (h, "NetUserGetInfo")))
return FALSE;
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: mkpasswd (Win2K) cannot find the domain controller
2002-05-08 10:59 ` Gerald S. Williams
@ 2002-05-08 11:34 ` Michael A Chase
2002-05-08 12:47 ` Gerald S. Williams
0 siblings, 1 reply; 9+ messages in thread
From: Michael A Chase @ 2002-05-08 11:34 UTC (permalink / raw)
To: Gerald S. Williams, cygwin
On Wed, 8 May 2002 13:55:45 -0400 "Gerald S. Williams" <gsw@agere.com> wrote:
> Jason Tishler wrote:
> > $ mkpasswd -d -u user domain
> > What happens if you try the above command with user and domain replaced
> > as appropriate?
>
> From BASH ($USERNAME and $USERDOMAIN are correct):
> $ mkpasswd -d -u $USERNAME $USERDOMAIN
> mkpasswd: [2453] Could not find domain controller for this domain.
>
> From CMD:
> C:\cygwin>bin\mkpasswd -d -u %USERNAME% %USERDOMAIN%
> mkpasswd: [2453] Could not find domain controller for this domain.
Can you tell us what the exact values of $USERNAME and $USERDOMAIN are? If
they contain spaces or some other odd characters, they may need to be quoted.
--
Mac :})
** I normally forward private questions to the appropriate mail list. **
Ask Smarter: http://www.tuxedo.org/~esr/faqs/smart-questions.html
Give a hobbit a fish and he eats fish for a day.
Give a hobbit a ring and he eats fish for an age.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: mkpasswd (Win2K) cannot find the domain controller
2002-05-08 6:16 ` Jason Tishler
@ 2002-05-08 10:59 ` Gerald S. Williams
2002-05-08 11:34 ` Michael A Chase
0 siblings, 1 reply; 9+ messages in thread
From: Gerald S. Williams @ 2002-05-08 10:59 UTC (permalink / raw)
To: Jason Tishler, cygwin
Jason Tishler wrote:
> $ mkpasswd -d -u user domain
> What happens if you try the above command with user and domain replaced
> as appropriate?
From BASH ($USERNAME and $USERDOMAIN are correct):
$ mkpasswd -d -u $USERNAME $USERDOMAIN
mkpasswd: [2453] Could not find domain controller for this domain.
From CMD:
C:\cygwin>bin\mkpasswd -d -u %USERNAME% %USERDOMAIN%
mkpasswd: [2453] Could not find domain controller for this domain.
> I am writing a program using the LAN Manager API. I have a loop that
> calls NetGetDCName() for each domain in a list. Some of the domains
> are visible through WINS, and some aren't (I have LMHOSTS entries for
> them). NetGetDCName() always succeeds for the WINS-visible domains;
> it always returns NERR_DCNotFound for the LMHOSTS-visible domains.
...
> Could your problem be similar to the above?
I think this is a different problem, since we're not using LMHOSTS.
-Jerry
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: mkpasswd (Win2K) cannot find the domain controller
2002-05-07 13:20 ` Gerald S. Williams
@ 2002-05-08 6:16 ` Jason Tishler
2002-05-08 10:59 ` Gerald S. Williams
0 siblings, 1 reply; 9+ messages in thread
From: Jason Tishler @ 2002-05-08 6:16 UTC (permalink / raw)
To: cygwin
Jerry,
On Tue, May 07, 2002 at 03:58:17PM -0400, Gerald S. Williams wrote:
> Although we get errors like the following:
>
> $ mkgroup -d
> ...
> Cannot get PDC, code = 2453
>
> $ mkpasswd -d
> ...
> mkpasswd: [2453] Could not find domain controller for this domain.
While trying to help a co-worker in the UK, we determined that he could
successfully run mkpasswd without the "-u" option, but with this option
he got the following error:
NERR_UserNotFound (i.e., 2221)
Since he was located far away, I did not pursue this further.
While helping another co-worker locally, but part of another domain, we
determined that for some reason he had to explicitly specify the domain
name:
$ mkpasswd -d -u user domain
What happens if you try the above command with user and domain replaced
as appropriate?
BTW, I found the following (http://faqchest.dynhost.com/msdn/DCOM/dcom-00/dcom-0008/dcom00082115_15544.html):
I am writing a program using the LAN Manager API. I have a loop that
calls NetGetDCName() for each domain in a list. Some of the domains
are visible through WINS, and some aren't (I have LMHOSTS entries for
them). NetGetDCName() always succeeds for the WINS-visible domains;
it always returns NERR_DCNotFound for the LMHOSTS-visible domains.
Here's the kicker: when I run USRMGR.EXE and point it at one of the
LMHOSTS-visible domains, it connects to a domain controller without
a problem.
What am I doing wrong that USRMGR is doing right?
My LMHOSTS entries:
10.0.0.1 PDCNAME #PRE #DOM:DOMAIN
10.0.0.1 "DOMAIN \0x1B" #PRE
10.0.0.1 "DOMAIN \0x1C" #PRE
Could your problem be similar to the above?
HTH,
Jason
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 9+ messages in thread
* mkpasswd (Win2K) cannot find the domain controller
[not found] <1020349957.4397.ezmlm@cygwin.com>
@ 2002-05-07 13:20 ` Gerald S. Williams
2002-05-08 6:16 ` Jason Tishler
0 siblings, 1 reply; 9+ messages in thread
From: Gerald S. Williams @ 2002-05-07 13:20 UTC (permalink / raw)
To: cygwin
I've seen some e-mail about changes in the way this worked
recently, and now it's hitting home. However, I didn't find
anything in the FAQ or mail archive that helps us get past
our current problem...
When I installed Cygwin (quite a while ago), my /etc/passwd
was created properly. I don't remember doing anything special
even though I am on an NT domain (and running Win2K).
But now others in my team are installing it, and everyone is
coming up as user "Administrator".
We've tried various flavors of this:
$ mkgroup -l -d > /etc/group
$ mkpasswd -l > /etc/passwd
$ mkpasswd -d -u $USERNAME >> /etc/passwd
Although we get errors like the following:
$ mkgroup -d
...
Cannot get PDC, code = 2453
$ mkpasswd -d
...
mkpasswd: [2453] Could not find domain controller for this domain.
I'm not much of an expert in Windows domains, although I
seem to recall that the company makes heavy use of BDCs
(backup domain controllers). I think one of the published
security models involves distributing BDCs and limiting
access to PDCs (primary domain controllers). If this were
the situation, would that mess up mkgroup/mkpasswd? And
what is the workaround?
Or perhaps something else is happening. Any ideas?
I'm not sure where to go next. I need a solution that's not
too involved or dangerous-sounding for the average user--it
was difficult enough getting the buy-in of our group and
management to make the move away from Micro$oft products in
the first place, and I don't want them to have any excuses
to move back. :-)
One possible workaround that I've considered is creating a
local user by the same name, but that falls into the "too
dangerous-sounding" category. :-) Hopefully, we can get to
the bottom of this and solve it for real.
BTW, I'm already maintaining an internal mirror (and even
a customized version of setup.exe), so I can patch tools if
need be without putting any undue burden on "Joe user". Of
course, I'm also trying to get any such patches back into
the official release (one of the reasons why I'm now the
Cygwin SWIG maintainer).
-Jerry Williams
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2002-05-14 15:06 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-05-13 15:05 mkpasswd (Win2K) cannot find the domain controller Heribert Dahms
2002-05-14 5:53 ` Corinna Vinschen
2002-05-14 8:39 ` Gerald S. Williams
[not found] <1020349957.4397.ezmlm@cygwin.com>
2002-05-07 13:20 ` Gerald S. Williams
2002-05-08 6:16 ` Jason Tishler
2002-05-08 10:59 ` Gerald S. Williams
2002-05-08 11:34 ` Michael A Chase
2002-05-08 12:47 ` Gerald S. Williams
2002-05-13 4:29 ` Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).