From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29477 invoked by alias); 13 May 2008 16:57:53 -0000 Received: (qmail 29468 invoked by uid 22791); 13 May 2008 16:57:52 -0000 X-Spam-Check-By: sourceware.org Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.31.1) with ESMTP; Tue, 13 May 2008 16:57:35 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 37D806D434D; Tue, 13 May 2008 18:57:32 +0200 (CEST) Date: Tue, 13 May 2008 17:07:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: Unable to run sshd under a domain sshd_server account [SOLVED] Message-ID: <20080513165732.GF18799@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <3B3EFBD49B94AD4DBB7B7097257A8046DD020D@FDSVAST06SXCH01.flooddata.net> <20080513073720.GA22193@calimero.vinschen.de> <3B3EFBD49B94AD4DBB7B7097257A8046DD02FC@FDSVAST06SXCH01.flooddata.net> <20080513163756.GC18799@calimero.vinschen.de> <3B3EFBD49B94AD4DBB7B7097257A8046DD031A@FDSVAST06SXCH01.flooddata.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3B3EFBD49B94AD4DBB7B7097257A8046DD031A@FDSVAST06SXCH01.flooddata.net> User-Agent: Mutt/1.5.16 (2007-06-09) Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2008-05/txt/msg00242.txt.bz2 On May 13 11:49, Schutter, Thomas A. wrote: > Corinna Vinschen wrote: > > > Except that is not what I am seeing. When I run "id" from a console > > > cygwin shell: > > > $ id > > > uid=18718(tschutter) gid=10513(Domain Users) > > > groups=544(Administrators),545(Users),10513(Domain > > > Users),18169(FDSV-GG-PrxBLD),22611(FDSV-GG-PrxPCAdmins) > > > > > > But when I run "id" from a ssh shell: > > > $ id > > > uid=18718(tschutter) gid=10513(Domain Users) > > > groups=545(Users),10513(Domain Users) > > > > > > So when I am using pubkey authentication, the user token is not a > > member > > > of the "Administrators", "FDSV-GG-PrxBLD", or "FDSV-GG-PrxPCAdmins" > > > groups. > > > > That wasn't what I was talking about. I was just referring to the > > assertion that Windows doesn't know about user impersonation or > > user switching. > > > > As for your user token, Cygwin tries to get information about the user > > by asking the local machine what local and global groups the user is > > member in. Some local groups are only in the user's group list, > > because > > one of the global grouyps is in turn member of a local group, which is > > probably the case for the Admin's group. For some reason your local > > machine doesn't return any of the information about the global domain > > groups your user is member in. Possible reasons are that retrieving > > the > > PDC for the user's domain fails, or that the PDC refuses to list the > > user's groups for some reason. That's something you would have to > > debug > > in your local installation. > > Ahh. From my original email from a console cygwin shell: > $ echo $USERDOMAIN > FLOODDATA > > But when I login via ssh: > $ echo $USERDOMAIN > FDSVBLD01SGRAPE > > So when I login via ssh, the USERDOMAIN is set to the local machine > rather than the domain. So I would suspect that the PDC is not even > being queried. You're jumping to conclusions. The reason why USERNAME and USERDOMAIN are wrong I explained in my first reply. Both values don't matter when Cygwin tries to connect to the PDC, as long as the /etc/passwd pw_gecos field contains a valid U-DOMAIN\username entry. This information is used to connect to the PDC. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/