From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22495 invoked by alias); 1 Aug 2018 18:22:06 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 22292 invoked by uid 89); 1 Aug 2018 18:22:06 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=troubles, displayed, 2012, H*c:alternative X-HELO: mail-it0-f52.google.com Received: from mail-it0-f52.google.com (HELO mail-it0-f52.google.com) (209.85.214.52) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 01 Aug 2018 18:22:04 +0000 Received: by mail-it0-f52.google.com with SMTP id h20-v6so59764itf.2 for ; Wed, 01 Aug 2018 11:22:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Vt84BRPbEqidLCgaUO/EBnjeN52WWz01HoDPNNP4umY=; b=H4r56KctCpWVFD8Ej51hm6x6GqcvVeWJmeHMkoAAbEbzfBnDynmehsWH2qKDN8mQkX liZTpuUaCj5blUpw6zXrsLx4+fWs2rBDAlqQrZfV7oEaPbO5aH5B9SdfDm0S8VVULPa1 pn8XHYSgJjp6pSh6KpBo7wK/HL3dJI6Qy2o/urd2w7hhGHJ6LnLzjYR90qLOxSJ2eccv bnWWDZTCvx+7f+Ys412KIOPipEvLl3cGkT2jhWYRl5JmuC8CCbZBvpOP4wCBhNEKSiZj 47tjdAEk3IRMfXr7JPf/UqSL1rDJ9GCZEbXNypcXR9IPaOVJ0WVoHakdQFl3mNlSCcT7 Bk/g== MIME-Version: 1.0 From: Michal Zindulka Date: Wed, 01 Aug 2018 18:22:00 -0000 Message-ID: Subject: AllowGroups in SSHD not working for domain accounts To: cygwin@cygwin.com Content-Type: text/plain; charset="UTF-8" X-SW-Source: 2018-08/txt/msg00004.txt.bz2 Hi Cygwin team, I'm trying to setup SSHD with 'AllowGroups' option, but I've encountered following troubles. When I setup the 'AllowGroups SSHGROUP' option in 'sshd_config' file, then a local users who are members of 'SSHGROUP' are able to login without any issue. When I do the same for domain user, who is also member of local group 'SSHGROUP', the login will fail with following error in the log: 'User SSHUSER from not allowed because non of user's groups are listed in AllowGroups. When I try to list all users for my domain user using 'groups' command, it show only domain groups where the user belong + primary groups which is set in 'passwd' file. I was able to make it work, using a workaround, by set a local 'SSHGROUP' as a primary group in 'passwd' file for my domain user. Then this groups is was also displayed using 'groups' command and user was able to login, but it's not a suitable solution for me. I've tried also to assign my domain user to 'SSHGROUP' in 'group' file, but didn't help. I'm running Windows Server 2012 R2 with Cygwin 2.10.0. SSHD service is running under a local user. Tried as well to run a service under a domain user, but it didn't help as well. Is Cygwin capable such a solution and I'm doing something wrong, or the not listing local groups for domain users is a default behaviour? Thanks in advance. -- Best regards, *Zindulka Michal* -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple