The workaround I'm considering is: to build a list of only the user logon names
we need for /etc/passwd (a fairly small subset of the domain), and then
write a shell script (driven by this list) to repeatedly call
"mkpasswd -l -d -u USERNAMEHERE >> /etc/passwd".
A co-worker speculates that Microsoft is "throttling" the queries to the
domain controller - allowing no more than 1500 or so account records at
a time; in order to prevent overloading the AD server.
I'd still be interested in what intelligent question I should ask of
our enterprise active directory admin though..
On Wed 3/2/05 14:03 CST Tom Rodman wrote:
> When running
>
> mkpasswd -l -d
>
> I get the error:
>
> mkpasswd (249): [5] Access is denied.
>
> See below bash session:
>
> [EMAIL PROTECTED] ~
> $ date; uname -a
> Wed Mar 2 10:37:14 CST 2005
> CYGWIN_NT-5.2 c7mkes132 1.5.13(0.122/4/2) 2005-03-01 11:01 i686 unknown
> unknown Cygwin
> [EMAIL PROTECTED] ~
> $ mkpasswd -l -d >/etc/passwd
> mkpasswd (249): [5] Access is denied.
>
> [EMAIL PROTECTED] ~
> $ echo $CYGWIN
> binmode tty ntsec smbntsec
>
> The command *does* list all local users ok ("mkpasswd -l" has no
> error), "mkpasswd -d" takes minutes to error out, but does output a
> substancial subset of the domain users. I've also tried uninstalling
> cygwin and loading a much older version that I trust; I get the same
> error.
>
> This is the *first* time I've installed cygwin in this particular
> active directory domain. It works in two other active directory
> domains just fine. I'm not a domain administrator - what rights do I
> need ask our corporate admins to give my account so "mkpasswd -l -d"
> completes w/o error? (I *am* a local administrator.)
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
