From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29754 invoked by alias); 12 May 2008 22:30:06 -0000 Received: (qmail 29715 invoked by uid 22791); 12 May 2008 22:30:04 -0000 X-Spam-Check-By: sourceware.org Received: from ACCESS1.CIMS.NYU.EDU (HELO access1.cims.nyu.edu) (128.122.81.155) by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 12 May 2008 22:29:36 +0000 Received: from localhost (localhost [127.0.0.1]) by access1.cims.nyu.edu (8.13.8+Sun/8.13.8) with ESMTP id m4CMTXbj013696; Mon, 12 May 2008 18:29:34 -0400 (EDT) Date: Mon, 12 May 2008 22:32:00 -0000 From: Igor Peshansky Reply-To: cygwin@cygwin.com To: "Schutter, Thomas A." cc: cygwin@cygwin.com Subject: RE: Unable to run sshd under a domain sshd_server account [SOLVED] In-Reply-To: <3B3EFBD49B94AD4DBB7B7097257A8046DD020D@FDSVAST06SXCH01.flooddata.net> Message-ID: References: <3B3EFBD49B94AD4DBB7B7097257A8046DD020D@FDSVAST06SXCH01.flooddata.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2008-05/txt/msg00202.txt.bz2 On Mon, 12 May 2008, Schutter, Thomas A. wrote: > > -----Original Message----- > > From: Schutter, Thomas A. > > Sent: Monday, May 12, 2008 9:52 AM > > To: 'cygwin@XXXXXX.XXX' . > > Subject: Unable to run sshd under a domain sshd_server account > > > > I am having problems setting up sshd to run under a domain sshd_server > > account instead of a local sshd_server account. > > [snip] > > But when I login via ssh: > > $ echo $USER > > tschutter > > $ echo $USERNAME > > sshd_server Yes -- Windows does not understand user impersonation and does not allow real user switching. So what sshd does is invoke processes with the appropriate token privileges for the user it's impersonating, while updating internal Cygwin data structures, but still running as sshd_server. So Cygwin sees the right user (in its internal state), but Windows processes, of course, don't. > > The application event log has this error message: > > The description for Event ID ( 0 ) in Source ( sshd ) cannot be > > found. The local computer may not have the necessary registry > > information or message DLL files to display messages from a remote > > computer. You may be able to use the /AUXSOURCE= flag to retrieve this > > description; see Help and Support for details. The following > > information is part of the event: sshd: PID 2068: service `sshd' > > failed: signal 11 raised. Oops -- a segfault. This is definitely a bug somewhere -- no matter what, sshd should not segfault. > First, I am sorry that I broke the original thread. I was not > subscribed to the list when I made the first post, so I was unable to > reply to that thread. There is a way to do this with the help of the archives. I've posted the recipe multiple times -- you should be able to find it in the archives. > I solved the problem. I had missed the /var/log files when changing > ownership to the new domain sshd_server account. The chown command > above should be: > chown fdsv-sa-prx-sshdsrvr /etc/ssh* /var/empty /var/log/lastlog > /var/log/sshd.log > > Now the sshd server starts, and when I login my id is correct, and I can > view shares: > $ echo $USERDOMAIN > FLOODDATA > $ id > uid=18718(tschutter) gid=10513(Domain Users) > groups=544(Administrators),545(Users),10513(Domain > Users),18169(FDSV-GG-PrxBLD),22611(FDSV-GG-PrxPCAdmins) > $ ls //other/f$ > Data RECYCLER System\ Volume\ Information > > Note that my USERNAME is still wrong: > $ echo $USERNAME > fdsv-sa-prx-sshdsrvr See above. > Although this method of creating and using a domain sshd_server account > is not one of the recommended workarounds, it appears to work. > > In the other thread, Larry Hall pointed me to the FAQ > http://cygwin.com/faq/faq-nochunks.html#faq.using.shares. One of the > suggestions was to "provide your password to a net use command". I was > unable to make that work, because "net use" never asks for my password: > $ net use \\other\f$ > System error 67 has occurred. > > The network name cannot be found. See "net help use": The syntax of this command is: NET USE [devicename | *] [\\computername\sharename[\volume] [password | *]] ... password Is the password needed to access the shared resource. * Produces a prompt for the password. The password is not displayed when you type it at the password prompt. So, you need to type "net use '\\other\f$' \*" (note the escaped/quoted '*'), and it'll prompt you for the password. > As Larry Hall pointed out in the other thread, the cyglsa dll should > solve this problem and I look forward to trying it out when 1.7.x is > available. I am not ready to jump to snapshots at this time. HTH, Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ pechtcha@cs.nyu.edu | igor@watson.ibm.com ZZZzz /,`.-'`' -. ;-;;,_ Igor Peshansky, Ph.D. (name changed!) |,4- ) )-,_. ,\ ( `'-' old name: Igor Pechtchanski '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! "That which is hateful to you, do not do to your neighbor. That is the whole Torah; the rest is commentary. Go and study it." -- Rabbi Hillel -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/