From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 24863 invoked by alias); 12 May 2008 23:24:08 -0000 Received: (qmail 24850 invoked by uid 22791); 12 May 2008 23:24:05 -0000 X-Spam-Check-By: sourceware.org Received: from ACCESS1.CIMS.NYU.EDU (HELO access1.cims.nyu.edu) (128.122.81.155) by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 12 May 2008 23:23:18 +0000 Received: from localhost (localhost [127.0.0.1]) by access1.cims.nyu.edu (8.13.8+Sun/8.13.8) with ESMTP id m4CNNGXO018354; Mon, 12 May 2008 19:23:16 -0400 (EDT) Date: Tue, 13 May 2008 03:32:00 -0000 From: Igor Peshansky Reply-To: cygwin@cygwin.com To: cygwin@cygwin.com cc: "Schutter, Thomas A." Subject: RE: Unable to run sshd under a domain sshd_server account [SOLVED] In-Reply-To: Message-ID: References: <3B3EFBD49B94AD4DBB7B7097257A8046DD020D@FDSVAST06SXCH01.flooddata.net> <3B3EFBD49B94AD4DBB7B7097257A8046DD0232@FDSVAST06SXCH01.flooddata.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2008-05/txt/msg00207.txt.bz2 On Mon, 12 May 2008, Igor Peshansky wrote: > On Mon, 12 May 2008, Schutter, Thomas A. wrote: > > > > -----Original Message----- > > > From: Igor Peshansky > > > Sent: Monday, May 12, 2008 4:30 PM > > > To: Schutter, Thomas A. > > > Subject: RE: Unable to run sshd under a domain sshd_server account > > [SOLVED] > > > > > > On Mon, 12 May 2008, Schutter, Thomas A. wrote: > > > > > > > > -----Original Message----- > > > > > From: Schutter, Thomas A. > > > > > Sent: Monday, May 12, 2008 9:52 AM > > > > > To: 'cygwin@XXXXXX.XXX' > > > > > > . > > > > > > > > Subject: Unable to run sshd under a domain sshd_server account > > > > > > > > > > I am having problems setting up sshd to run under a domain > > > sshd_server > > > > > account instead of a local sshd_server account. > > > > > [snip] > > > > > But when I login via ssh: > > > > > $ echo $USER > > > > > tschutter > > > > > $ echo $USERNAME > > > > > sshd_server > > > > > > Yes -- Windows does not understand user impersonation and does not > > > allow real user switching. So what sshd does is invoke processes with > > > the appropriate token privileges for the user it's impersonating, > > > while updating internal Cygwin data structures, but still running as > > > sshd_server. So Cygwin sees the right user (in its internal state), > > > but Windows processes, of course, don't. > > > > Interesting. I suspected this, but this is the first time that I have > > seen this explicitly stated. > > Well, at least Windows processes don't understand the Cygwin notion of > effective UID, which is why $USERNAME and $USER don't match (one is set by > Windows, and the other by a Cygwin process -- bash). > > > > > > The application event log has this error message: > > > > > The description for Event ID ( 0 ) in Source ( sshd ) cannot be > > > > > found. The local computer may not have the necessary registry > > > > > information or message DLL files to display messages from a remote > > > > > computer. You may be able to use the /AUXSOURCE= flag to retrieve > > > > > this description; see Help and Support for details. The following > > > > > information is part of the event: sshd: PID 2068: service `sshd' > > > > > failed: signal 11 raised. > > > > > > Oops -- a segfault. This is definitely a bug somewhere -- no matter > > > what, sshd should not segfault. > > > > Agreed. > > Those problems are usually very hard to reproduce. If you're set up to > build a debug version of sshd and run it under gdb to reproduce the fault, > a stack backtrace would be helpful. > > > > > In the other thread, Larry Hall pointed me to the FAQ > > > > http://cygwin.com/faq/faq-nochunks.html#faq.using.shares. One of the > > > > suggestions was to "provide your password to a net use command". I > > > > was unable to make that work, because "net use" never asks for my > > > > password: > > > > $ net use \\other\f$ > > > > System error 67 has occurred. > > > > > > > > The network name cannot be found. > > > > > > See "net help use": > > > The syntax of this command is: > > > NET USE > > > [devicename | *] [\\computername\sharename[\volume] [password | *]] > > > ... > > > password Is the password needed to access the shared > > > resource. > > > * Produces a prompt for the password. The password is > > > not displayed when you type it at the password > > > prompt. > > > > > > So, you need to type "net use '\\other\f$' \*" (note the > > escaped/quoted > > > '*'), and it'll prompt you for the password. > > > > OK. So on a console cygwin shell: > > $ net use '\\other\f$' > > The command completed successfully. > > > > But when run in a ssh shell (using the sshd_server account): > > $ net use '\\other\f$' \* > > Type the password for \\zoom\f$: System error 1326 has occurred. > > > > Logon failure: unknown user name or bad password. > > Umm, yes. Sorry. I forgot that sshd runs in a pty, which is a pipe as ^^^^ the ssh remote session > far as Windows is concerned. And 'net' cannot read the password from a > pipe... > > > Same thing happens with: > > $ net use '\\other\f$' '*' > > $ net use '\\other\f$' "*" > > Actually supplying the password instead of '*' should work. > Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ pechtcha@cs.nyu.edu | igor@watson.ibm.com ZZZzz /,`.-'`' -. ;-;;,_ Igor Peshansky, Ph.D. (name changed!) |,4- ) )-,_. ,\ ( `'-' old name: Igor Pechtchanski '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! "That which is hateful to you, do not do to your neighbor. That is the whole Torah; the rest is commentary. Go and study it." -- Rabbi Hillel -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/