On Mar 14 10:41, Maayan Apelboim wrote: > > When you login with stored password, Cygwin performs the same > LogonUser call as if you login with password, so the same user token > is generated. > > Off the top of my head I don't know why it shouldn't work for you. > You sure you have the correct password stored? When you login and > call `id', what does it print? Does it contain the "interactive" > group or the "network" group? If the latter, then the internal > LogonUser call performed with stored password failed for some reason. > > > Corinna > > -- > Corinna Vinschen > Cygwin Maintainer > > --------------------------------------------------------------------------------------- > > Yes, I'm sure I used the correct password, I use it all the time and I > also tried running passwd -R multiple times in case I entered it > wrongly. I'm not sure what are "interactive" & "network" groups - do > you mean literally groups called network & interactive? Either way - Yes. > I'm always getting a group named "interactive" among other groups - > either with password ssh or with RSA - never "network" I do have some > different groups when running id - comparing password ssh and RSA ssh. If password auth or `passwd -R' auth is used you'll have the "4(INTERACTIVE)" group in your `id' output. If S4ULogon is used you'll have the "2(NETWORK)" group in your `id' output. This is one way to identify which logon method has been used. > Also, when I run mkpasswd -d when I log in with password, it generates > users from the domain, comparing RSA ssh that generates only a few > entries unrelated to my domain.. You don't need mkpasswd anymore. Use `getent passwd' instead. But... given you're using mkpasswd at all, I wonder if you still have /etc/passwd and/or /etc/group files. If so, move them out of the way and restart your CYgwin processes. They are not required and may even result in problems if they have been tweaked. If you still have these files, removing them is the first thing to try. > I think the same as you (also mentioned in the email title :) ) that > the LogonUser call doesn't work as expected. Is there a way to verify > it? Any logs I can check? Would it help if I'll send the different > groups I'm getting? Other groups than NETWORK or INTERACTIVE don't matter, as explained above. The only reasons I can think of that LogonUser doesn't work is that your username, domainname, or password are incorrect, or your account is disabled. I never saw the call fail for any other reason. For debugging, you would have to call the sshd service under strace. That would give a hint. For that you should change the sshd service call in the registry so that `/usr/sbin/sshd -D' is replaced with `/usr/bin/strace -o /tmp/sshd.trace /usr/sbin/sshd -d'. Note the lowercase -d, which runs sshd in debug mode. After the first logon, sshd will terminate itself automatically. Afterwards you should send the /tmp/sshd.trace file here for inspection. You can obfuscate sensitive info, but the gist of the file should stay intact. Corinna -- Corinna Vinschen Cygwin Maintainer