Re: Accessing SMB share as wrong user?

[David Dyer-Bennet <dd-b@dd-b.net>]

On 5/29/2017 14:53, Andrey Repin wrote:
> Greetings, David Dyer-Bennet!
>
>> And then of course I can't access it:
>> $ echo things >> foobar
>> -bash: foobar: Permission denied
>
> See Cygwin manual about setting up your network identity.
> Read around nsswitch.conf and implications of its different settings.

Okay, the detailed info on account mapping and nsswitch.conf looked like
it ought to address this situation, but it doesn't actually seem to
change anything.  But the documentation is *exceedingly* unclear, the
examples incomplete, and there's no info on easy ways to check if it's
working or not, so I may be wrong.

I have deleted /etc/passwd.  /etc/nsswitch is the default (all
comments), meaning it should be doing the default thing (in particular
it should behave as if "passwd: files db" and "group: files db" were
present; those are the defaults).

Using the Windows Computer Management utility I was able to add Cygwin
SAM comment entries to my Windows user account giving the proper Unix
UID for my account on the server, and the group. And I can see that data
come back from the Windows cmd.com using net user "David Dyer-Bennet":

C:\Windows\System32>net user "David Dyer-Bennet"
User name                    David Dyer-Bennet
Full Name
Comment                      <cygwin unix="1001" group="users"/>
User's comment
Country/region code          000 (System Default)
Account active               Yes
Account expires              Never

Password last set            7/11/2015 20:29:50
Password expires             Never
Password changeable          7/11/2015 20:29:50
Password required            No
User may change password     Yes

Workstations allowed         All
Logon script
User profile
Home directory
Last logon                   5/29/2017 16:06:34

Logon hours allowed          All

Local Group Memberships      *Administrators       *Ssh Users
Global Group memberships     *None
The command completed successfully.

So, I *think* I've got it set the way the documentation says (as I said,
I'm running a Samba server, but no AD or LDAP; that case is specifically
addressed in the documentation you point me to, and I think I've
followed that part of the instructions).

(The text in the doc isn't really clear on what number I put in the
unix="nnn" bit in the Cygwin comment, but the examples show a simple
small integer in the range commonly used for actual Unix UIDs, and that
makes sense, so I think I'm doing the right thing there.)

Oh, and 1001 is the correct UID for me on the SAMBA server, I
double-checked that.

What with one thing and another I even ended up rebooting the Windows
box after setting all that up (not, I believe, necessary; just starting
a new Cygwin process tree should I think be adequate for these changes,
but I *did* in fact reboot the whole box).

And, after reboot, my user id in Cygwin is still based on my Windows SID
(the last tuple), and my access to the files on the server behaves
exactly as before.

"This used to work," as they say. I've used Samba to export files from
Linux, Solaris (the built-in CIFS there actually, not SAMBA), and
FreeBSD servers, and accessed them from Windows and from Cygwin for more
than a decade.  Started being weird in the last year or two I think,
taken me this long to track it down in this much detail (I was figuring
the trouble was on the other end for a long time, but I've basically
eliminated that).  And the presence of this stuff in the documentation
indicates that there *is* something I need to do in Windows to make this
work.

Is anybody actually using this exact mode, SAMBA but no domain
controller, to a windows box, then accessing those shares via Cygwin?
How are you doing it?

Any suggestions on gathering more relevant information?
-- 
David Dyer-Bennet <dd-b@dd-b.net>
http://dd-b.net/

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple