From: "Schutter, Thomas A." <tschutter@proxix.com>
To: <cygwin@cygwin.com>
Subject: RE: Unable to run sshd under a domain sshd_server account [SOLVED]
Date: Mon, 12 May 2008 23:20:00 -0000 [thread overview]
Message-ID: <3B3EFBD49B94AD4DBB7B7097257A8046DD0232@FDSVAST06SXCH01.flooddata.net> (raw)
In-Reply-To: <Pine.GSO.4.63.0805121820090.11953@access1.cims.nyu.edu>
> -----Original Message-----
> From: Igor Peshansky
> Sent: Monday, May 12, 2008 4:30 PM
> To: Schutter, Thomas A.
> Subject: RE: Unable to run sshd under a domain sshd_server account
[SOLVED]
>
> On Mon, 12 May 2008, Schutter, Thomas A. wrote:
>
> > > -----Original Message-----
> > > From: Schutter, Thomas A.
> > > Sent: Monday, May 12, 2008 9:52 AM
> > > To: 'cygwin@XXXXXX.XXX'
>
> <http://cygwin.com/acronyms/#PCYMTNQREAIYR>.
>
> > > Subject: Unable to run sshd under a domain sshd_server account
> > >
> > > I am having problems setting up sshd to run under a domain
> sshd_server
> > > account instead of a local sshd_server account.
> > > [snip]
> > > But when I login via ssh:
> > > $ echo $USER
> > > tschutter
> > > $ echo $USERNAME
> > > sshd_server
>
> Yes -- Windows does not understand user impersonation and does not
> allow
> real user switching. So what sshd does is invoke processes with the
> appropriate token privileges for the user it's impersonating, while
> updating internal Cygwin data structures, but still running as
> sshd_server. So Cygwin sees the right user (in its internal state),
> but
> Windows processes, of course, don't.
Interesting. I suspected this, but this is the first time that I have
seen this explicitly stated.
> > > The application event log has this error message:
> > > The description for Event ID ( 0 ) in Source ( sshd ) cannot be
> > > found. The local computer may not have the necessary registry
> > > information or message DLL files to display messages from a remote
> > > computer. You may be able to use the /AUXSOURCE= flag to retrieve
> this
> > > description; see Help and Support for details. The following
> > > information is part of the event: sshd: PID 2068: service `sshd'
> > > failed: signal 11 raised.
>
> Oops -- a segfault. This is definitely a bug somewhere -- no matter
> what,
> sshd should not segfault.
Agreed.
> > In the other thread, Larry Hall pointed me to the FAQ
> > http://cygwin.com/faq/faq-nochunks.html#faq.using.shares. One of the
> > suggestions was to "provide your password to a net use command". I
> was
> > unable to make that work, because "net use" never asks for my
> password:
> > $ net use \\other\f$
> > System error 67 has occurred.
> >
> > The network name cannot be found.
>
> See "net help use":
> The syntax of this command is:
> NET USE
> [devicename | *] [\\computername\sharename[\volume] [password | *]]
> ...
> password Is the password needed to access the shared
> resource.
> * Produces a prompt for the password. The password is
> not displayed when you type it at the password
> prompt.
>
> So, you need to type "net use '\\other\f$' \*" (note the
escaped/quoted
> '*'), and it'll prompt you for the password.
OK. So on a console cygwin shell:
$ net use '\\other\f$'
The command completed successfully.
But when run in a ssh shell (using the sshd_server account):
$ net use '\\other\f$' \*
Type the password for \\zoom\f$: System error 1326 has occurred.
Logon failure: unknown user name or bad password.
Same thing happens with:
$ net use '\\other\f$' '*'
$ net use '\\other\f$' "*"
--
Tom Schutter
First American - Proxix Solutions
(512) 977-6822
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
next prev parent reply other threads:[~2008-05-12 23:03 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-12 21:32 Schutter, Thomas A.
2008-05-12 22:32 ` Igor Peshansky
2008-05-12 23:20 ` Schutter, Thomas A. [this message]
2008-05-12 23:24 ` Igor Peshansky
2008-05-13 3:32 ` Igor Peshansky
2008-05-13 16:09 ` Schutter, Thomas A.
2008-05-13 16:10 ` Larry Hall (Cygwin)
2008-05-13 16:29 ` Schutter, Thomas A.
2008-05-13 16:38 ` Larry Hall (Cygwin)
2008-05-13 16:49 ` Schutter, Thomas A.
2008-05-13 17:35 ` Larry Hall (Cygwin)
2008-05-13 17:59 ` Schutter, Thomas A.
2008-05-13 6:45 ` Christopher Faylor
2008-05-13 7:59 ` Corinna Vinschen
2008-05-13 16:22 ` Schutter, Thomas A.
2008-05-13 16:42 ` Corinna Vinschen
2008-05-13 16:57 ` Schutter, Thomas A.
2008-05-13 17:07 ` Corinna Vinschen
2008-05-13 17:24 ` Schutter, Thomas A.
2008-05-14 11:48 ` Corinna Vinschen
2008-06-16 21:03 ` Corinna Vinschen
2008-06-16 21:27 ` CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED]) Corinna Vinschen
2008-06-22 23:57 ` Corinna Vinschen
2008-07-19 16:52 ` Charles Wilson
2008-07-19 17:10 ` Corinna Vinschen
2008-07-19 20:47 ` Charles Wilson
2008-07-19 21:00 ` Charles Wilson
2008-07-20 12:26 ` Corinna Vinschen
2008-07-20 13:38 ` Corinna Vinschen
2008-08-05 1:32 ` Charles Wilson
2008-08-07 8:13 ` Corinna Vinschen
2008-08-07 15:38 ` Charles Wilson
2008-08-07 16:24 ` Corinna Vinschen
2008-08-07 16:42 ` Charles Wilson
2008-08-07 17:43 ` Corinna Vinschen
2008-08-07 17:53 ` Charles Wilson
2008-08-08 2:20 ` csih-0.1.6 available for testing [Was: Re: CSIH patch (Re: Unable to run sshd ...)] Charles Wilson
2008-08-15 19:39 ` Charles Wilson
2008-08-15 19:59 ` Yaakov (Cygwin Ports)
2008-08-18 11:24 ` Corinna Vinschen
2008-08-18 12:36 ` Charles Wilson
2008-08-18 12:53 ` Corinna Vinschen
2008-08-18 13:14 ` Charles Wilson
2008-08-18 13:16 ` Corinna Vinschen
2008-08-18 18:04 ` Charles Wilson
2008-08-18 13:33 ` Christopher Faylor
2008-08-18 14:12 ` Corinna Vinschen
2008-08-18 14:33 ` Christopher Faylor
2008-08-08 9:20 ` CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED]) Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3B3EFBD49B94AD4DBB7B7097257A8046DD0232@FDSVAST06SXCH01.flooddata.net \
--to=tschutter@proxix.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).