On fr., 2011-10-14 at 10:29 +0200, Corinna Vinschen wrote: > On Oct 14 07:39, Edvardsen Kåre wrote: > > > > > What is the contents of the "/etc/password" and "/etc/group" files > > > after you run the "mkpasswd/mkgroup" commands (as administrator)? > > > > > What user can log in, but isn't in the password file? > > > > > Is that user local or a domain user? > > > > The Windows account name with FULL admin privileges is "servicekonto" and > > cygwin was installed from this account which is locally on this client and > > NOT a domain user. > > "kae026" is the user who can log in, but isn't in the password file. > > "kae026" is a domain user. > > > > As admnistrator: > > > > $ mkpasswd -l -d > /etc/passwd > > mkpasswd (427): [5] Access is denied. > > [...] > > $ mkgroup -l -d > /etc/group > > mkgroup (369): [5] Access is denied. > > That's kind of clue, isn't it? You local administrator account > doesn't have the permissions to enumerate the accounts in AD. > Add the machine to the domain if you haven't done so already, > log in with a domain account and call `mkpasswd -d >> /etc/passwd' > and `mkgroup -d >> /etc/group'. Note that, depending on the > security settings of your AD, not all domain users might have > the permissions to enumerate domain accounts. If you login > with a domain admin account, you should have no problem, though. > > > Corinna >
What does it mean to enumerate an account in AD? (or what happens?) I guess it's a bad circle if my local admin account doesn't have the permissions to enumerate the accounts in AD , and my domain account doesn't have the permissions to install cygwin on the machine...if I understand this right? Kåre -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
