On Fri, Feb 15, 2019 at 9:38 AM Corinna Vinschen wrote: > There's a documented ruleset which is strictly followed > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-how:
>From that reference, we have the following order: * Well-known SIDs in the NT_AUTHORITY domain of the S-1-5-RID type * Other well-known SIDs in the NT_AUTHORITY domain (S-1-5-X-RID) * Other well-known SIDs * Logon SIDs * Accounts from the local machine's user DB (SAM) * Accounts from the machine's primary domain * Accounts from a trusted domain of the machine's primary domain This listing suggests to me that local accounts would be returned before domain accounts. This is sensible because you wouldn't want to search the domain before searching the local machine first (performance). So the scenario I am talking about is there is testuser in local SAM, and testuser in computer's domain. 'getend passwd testuser' returns the domain account. Based on the above, I was expecting the local account to be returned first. What am I missing? Bill -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
