From: Igor Peshansky <pechtcha@cs.nyu.edu>
To: "Schutter, Thomas A." <tschutter@proxix.com>
Cc: cygwin@cygwin.com
Subject: RE: Unable to run sshd under a domain sshd_server account [SOLVED]
Date: Mon, 12 May 2008 22:32:00 -0000 [thread overview]
Message-ID: <Pine.GSO.4.63.0805121820090.11953@access1.cims.nyu.edu> (raw)
In-Reply-To: <3B3EFBD49B94AD4DBB7B7097257A8046DD020D@FDSVAST06SXCH01.flooddata.net>
On Mon, 12 May 2008, Schutter, Thomas A. wrote:
> > -----Original Message-----
> > From: Schutter, Thomas A.
> > Sent: Monday, May 12, 2008 9:52 AM
> > To: 'cygwin@XXXXXX.XXX'
<http://cygwin.com/acronyms/#PCYMTNQREAIYR>.
> > Subject: Unable to run sshd under a domain sshd_server account
> >
> > I am having problems setting up sshd to run under a domain sshd_server
> > account instead of a local sshd_server account.
> > [snip]
> > But when I login via ssh:
> > $ echo $USER
> > tschutter
> > $ echo $USERNAME
> > sshd_server
Yes -- Windows does not understand user impersonation and does not allow
real user switching. So what sshd does is invoke processes with the
appropriate token privileges for the user it's impersonating, while
updating internal Cygwin data structures, but still running as
sshd_server. So Cygwin sees the right user (in its internal state), but
Windows processes, of course, don't.
> > The application event log has this error message:
> > The description for Event ID ( 0 ) in Source ( sshd ) cannot be
> > found. The local computer may not have the necessary registry
> > information or message DLL files to display messages from a remote
> > computer. You may be able to use the /AUXSOURCE= flag to retrieve this
> > description; see Help and Support for details. The following
> > information is part of the event: sshd: PID 2068: service `sshd'
> > failed: signal 11 raised.
Oops -- a segfault. This is definitely a bug somewhere -- no matter what,
sshd should not segfault.
> First, I am sorry that I broke the original thread. I was not
> subscribed to the list when I made the first post, so I was unable to
> reply to that thread.
There is a way to do this with the help of the archives. I've posted the
recipe multiple times -- you should be able to find it in the archives.
> I solved the problem. I had missed the /var/log files when changing
> ownership to the new domain sshd_server account. The chown command
> above should be:
> chown fdsv-sa-prx-sshdsrvr /etc/ssh* /var/empty /var/log/lastlog
> /var/log/sshd.log
>
> Now the sshd server starts, and when I login my id is correct, and I can
> view shares:
> $ echo $USERDOMAIN
> FLOODDATA
> $ id
> uid=18718(tschutter) gid=10513(Domain Users)
> groups=544(Administrators),545(Users),10513(Domain
> Users),18169(FDSV-GG-PrxBLD),22611(FDSV-GG-PrxPCAdmins)
> $ ls //other/f$
> Data RECYCLER System\ Volume\ Information
>
> Note that my USERNAME is still wrong:
> $ echo $USERNAME
> fdsv-sa-prx-sshdsrvr
See above.
> Although this method of creating and using a domain sshd_server account
> is not one of the recommended workarounds, it appears to work.
>
> In the other thread, Larry Hall pointed me to the FAQ
> http://cygwin.com/faq/faq-nochunks.html#faq.using.shares. One of the
> suggestions was to "provide your password to a net use command". I was
> unable to make that work, because "net use" never asks for my password:
> $ net use \\other\f$
> System error 67 has occurred.
>
> The network name cannot be found.
See "net help use":
The syntax of this command is:
NET USE
[devicename | *] [\\computername\sharename[\volume] [password | *]]
...
password Is the password needed to access the shared resource.
* Produces a prompt for the password. The password is
not displayed when you type it at the password prompt.
So, you need to type "net use '\\other\f$' \*" (note the escaped/quoted
'*'), and it'll prompt you for the password.
> As Larry Hall pointed out in the other thread, the cyglsa dll should
> solve this problem and I look forward to trying it out when 1.7.x is
> available. I am not ready to jump to snapshots at this time.
HTH,
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha@cs.nyu.edu | igor@watson.ibm.com
ZZZzz /,`.-'`' -. ;-;;,_ Igor Peshansky, Ph.D. (name changed!)
|,4- ) )-,_. ,\ ( `'-' old name: Igor Pechtchanski
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"That which is hateful to you, do not do to your neighbor. That is the whole
Torah; the rest is commentary. Go and study it." -- Rabbi Hillel
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
next prev parent reply other threads:[~2008-05-12 22:30 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-12 21:32 Schutter, Thomas A.
2008-05-12 22:32 ` Igor Peshansky [this message]
2008-05-12 23:20 ` Schutter, Thomas A.
2008-05-12 23:24 ` Igor Peshansky
2008-05-13 3:32 ` Igor Peshansky
2008-05-13 16:09 ` Schutter, Thomas A.
2008-05-13 16:10 ` Larry Hall (Cygwin)
2008-05-13 16:29 ` Schutter, Thomas A.
2008-05-13 16:38 ` Larry Hall (Cygwin)
2008-05-13 16:49 ` Schutter, Thomas A.
2008-05-13 17:35 ` Larry Hall (Cygwin)
2008-05-13 17:59 ` Schutter, Thomas A.
2008-05-13 6:45 ` Christopher Faylor
2008-05-13 7:59 ` Corinna Vinschen
2008-05-13 16:22 ` Schutter, Thomas A.
2008-05-13 16:42 ` Corinna Vinschen
2008-05-13 16:57 ` Schutter, Thomas A.
2008-05-13 17:07 ` Corinna Vinschen
2008-05-13 17:24 ` Schutter, Thomas A.
2008-05-14 11:48 ` Corinna Vinschen
2008-06-16 21:03 ` Corinna Vinschen
2008-06-16 21:27 ` CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED]) Corinna Vinschen
2008-06-22 23:57 ` Corinna Vinschen
2008-07-19 16:52 ` Charles Wilson
2008-07-19 17:10 ` Corinna Vinschen
2008-07-19 20:47 ` Charles Wilson
2008-07-19 21:00 ` Charles Wilson
2008-07-20 12:26 ` Corinna Vinschen
2008-07-20 13:38 ` Corinna Vinschen
2008-08-05 1:32 ` Charles Wilson
2008-08-07 8:13 ` Corinna Vinschen
2008-08-07 15:38 ` Charles Wilson
2008-08-07 16:24 ` Corinna Vinschen
2008-08-07 16:42 ` Charles Wilson
2008-08-07 17:43 ` Corinna Vinschen
2008-08-07 17:53 ` Charles Wilson
2008-08-08 2:20 ` csih-0.1.6 available for testing [Was: Re: CSIH patch (Re: Unable to run sshd ...)] Charles Wilson
2008-08-15 19:39 ` Charles Wilson
2008-08-15 19:59 ` Yaakov (Cygwin Ports)
2008-08-18 11:24 ` Corinna Vinschen
2008-08-18 12:36 ` Charles Wilson
2008-08-18 12:53 ` Corinna Vinschen
2008-08-18 13:14 ` Charles Wilson
2008-08-18 13:16 ` Corinna Vinschen
2008-08-18 18:04 ` Charles Wilson
2008-08-18 13:33 ` Christopher Faylor
2008-08-18 14:12 ` Corinna Vinschen
2008-08-18 14:33 ` Christopher Faylor
2008-08-08 9:20 ` CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED]) Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.GSO.4.63.0805121820090.11953@access1.cims.nyu.edu \
--to=pechtcha@cs.nyu.edu \
--cc=cygwin@cygwin.com \
--cc=tschutter@proxix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).