Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes: > > On Aug 9 22:37, Orion Poplawski wrote: > > Fresh install of cygwin 1.7.16 on Windows Server 2008 R2. Trying to add my > > domain users to /etc/passwd, but when I run mkpasswd I get (somewhat obfuscated): > > > > $ mkpasswd -l -d CO-RA > > SYSTEM:*:18:544:,S-1-5-18:: > > LocalService:*:19:544:U-NT AUTHORITY\LocalService,S-1-5-19:: > > NetworkService:*:20:544:U-NT AUTHORITY\NetworkService,S-1-5-20:: > > Administrators:*:544:544:,S-1-5-32-544:: > > TrustedInstaller:*:4294967294:4294967294:U-NT > > SERVICE\TrustedInstaller,S-*:: > > Administrator:unused:500:513:U-FONT3\Administrator,S-* > > Guest:unused:501:513:U-FONT3\Guest,S-*:/home/Guest:/bin/bash > > sgeadmin:unused:1000:513:U-FONT3\sgeadmin,S-*:/home/sgeadmin:/bin/bash > > mkpasswd (374): [2247] The security database is corrupted. > > > > That message led me to trying to check the status to the secedit.sdb > > database > > with esentutl but that checks out okay. > > The error message is a result of an error returned from a simple call to > the Windows function NetUserEnum. I have no idea what's causing this. > > Corinna >
Thanks, figured it out. It was a problem with the user/group database on our samba PDC. First clue is that I didn't get the error without the -d option, indicating a domain issue rather than local issue. Next clue came from tshark which showed a STATUS_INTERNAL_DB_CORRUPTION error being sent in response to a groupforuser command. Then bumping up the debug level for the smbd process for that host to level 3 I got: [2012/08/10 10:42:26.852922, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: SAMR_GETGROUPSFORUSER [2012/08/10 10:42:26.859341, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: nobody [2012/08/10 10:42:26.862206, 3] passdb/pdb_ldap.c:5197(ldapsam_gid_to_sid) ERROR: Got 0 entries for gid 99, expected one [2012/08/10 10:42:26.862492, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for nobody [2012/08/10 10:42:26.866774, 3] passdb/pdb_ldap.c:3039(ldapsam_enum_group_memberships) primary group of [nobody] not found And indeed I had a user called 'nobody' with no corresponding group in the ldap database. Removing that user fixed the issue. - Orion -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
