From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23917 invoked by alias); 19 Jul 2008 17:10:56 -0000 Received: (qmail 23909 invoked by uid 22791); 19 Jul 2008 17:10:55 -0000 X-Spam-Check-By: sourceware.org Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.31.1) with ESMTP; Sat, 19 Jul 2008 17:10:30 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 9F0676D4354; Sat, 19 Jul 2008 19:12:35 +0200 (CEST) Date: Sat, 19 Jul 2008 17:10:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED]) Message-ID: <20080719171235.GO5675@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <3B3EFBD49B94AD4DBB7B7097257A8046DD020D@FDSVAST06SXCH01.flooddata.net> <20080513073720.GA22193@calimero.vinschen.de> <3B3EFBD49B94AD4DBB7B7097257A8046DD02FC@FDSVAST06SXCH01.flooddata.net> <20080616210105.GI731@calimero.vinschen.de> <20080616211352.GK731@calimero.vinschen.de> <48821B9F.6070907@cwilson.fastmail.fm> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <48821B9F.6070907@cwilson.fastmail.fm> User-Agent: Mutt/1.5.16 (2007-06-09) Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2008-07/txt/msg00416.txt.bz2 On Jul 19 12:51, Charles Wilson wrote: > Corinna Vinschen wrote: >> Oh, btw., Charles, that's one for you. >> On Jun 16 23:01, Corinna Vinschen wrote: >>> On May 13 11:09, Schutter, Thomas A. wrote: >>> The problem was that the domain sshd_server account has no right to >>> access the domain controller from the network. Solution: Open the Local >>> Security Policy of the DC and look for the User Right "Deny access to >>> this computer from the network". You'll find your sshd_server user in >>> there. Remove it from this user right. Try again: >> This user right shouldn't be set anymore in the >> csih/cygwin-service-installation-helper.sh script. Patch follows: >> * Don't disallow network logon for service user account. > > Here's the patch I applied, for csih-0.1.5: Thanks Chuck. However, I sent a second patch in http://cygwin.com/ml/cygwin/2008-06/msg00453.html The Interactive Logon Right is also necessary for this account. What also doesn't work well is this: In a domain I might want a cyg_server domain account, rather than a local account on each machine. The reason is that the rights of the domain account can be nicely controlled via group policy. That won't work for local accounts on the domain member machines. Therefore, if a cyg_server account exists in /etc/passwd, I think it should be used. Thanks again, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/