Greetings, Denis Excoffier! >>> A POSIX offset of 0 is bad. If other trusted domains have no functional >>> POSIX offset value, but are set to 0 instead, they won't have different >>> UID values for accounts of different domains. Two users from different >>> domains, both with RID 1000 will both have UID 1000 in Cygwin. Also, >>> the lower UID numbers are reserved for special accounts. >>> >>> There is no guarantee that there won't be a collision at some point of >>> the 32 bit UID spectrum, but a POSIX offset of 0 will almost guarantee >>> the collision.
> Independently, i’m still not sure we have to workaround IT "madness" at all. > First, IT > people might set PosixOffset to 1 for each domain and you cannot catch this > kind > of alternate madness. Also, be sure that if some user someday suffers from a > duplicate > UID situation, this will be reported to them and hopefully addressed (or not > because > this might be expected), but most probably for a single domain. We have to > live with > PosixOffset=0. I'd say, setting up your AD with zero offset is as bad, as using 192.168.0.1/24 network (or any other well known range) for VPN connections. I don't think this is a situation that should be attempted to fix from client side. What we really need here is a comprehensive explanation of the issue and a suggested way to remedy it at the root. -- WBR, Andrey Repin (anrdae...@yandex.ru) 15.07.2014, <22:08> Sorry for my terrible english...
