From: Brian Inglis <Brian.Inglis@SystematicSw.ab.ca>
To: cygwin@cygwin.com
Subject: Re: sshd: PID 2308: fatal: seteuid 1090146: Permission denied --> Login to domain server windows 2k12r2 not possible
Date: Thu, 08 Mar 2018 15:50:00 -0000 [thread overview]
Message-ID: <bf24dc16-98c5-07b8-de81-3066ff2d251c@SystematicSw.ab.ca> (raw)
In-Reply-To: <5AA122070200001D000536EA@gwia2.boku.ac.at>
On 2018-03-08 04:44, Bernhard Finster wrote:
> login via ssh to cygwin on a domain server 2012r2 standardis not possible (see error in mail subject). The login is either with password, nor with publickey possible.
> The package was created with cygwinsetup.exe v 2.877 (32bit) and works fine on every standalone servers. I have createt a setup batch file with the content below:
>
> c:\start\cygwin\setup.exe -q --local-install --root c:\cygwin -l c:\Start\cygwin
> cd C:\cygwin\bin
> bash --login -c "ssh-host-config -y -c "tty ntsec" -u "cyg_server" -w "password" --privileged"
> bash --login -c "mkdir .ssh"
> bash --login -c "cp /cygdrive/c/Start/authorized_keys .ssh/authorized_keys"
> bash --login -c "chmod 700 .ssh"
> bash --login -c "cygrunsrv -S sshd"
> bash --login -c "syslog-ng-config -y"
> bash --login -c "cygrunsrv -S syslog-ng"
>
> The setup is always startet with the user "Administrator@domain" after joining the domain.
> In my test-domain I have enabled the following user right assignement for the domain admin cyg_server:
>
> * Act as part of the operating system
> * Create a token object
> * Log on as a batch job
> * Log on as a service
> * Repace a process level token
> * Deny log on locally
> * Deny logon through Remotedesktop Services
>
> Attachements:
>
> * ssh_config, sshd_config, original copy from the server
> * ssh-ddd.txt is the output of the command "/usr/sbin/sshd -d -d -d"
> * ssh-vvv.txt is the output of a login attempt to the server (usual Administrator@hostname), I have defined in .ssh/config (host * user Administrator)
> * messages.txt is the output of a login attemt to the server from his syslog-ng log
> * cygcheck
>
> Sorry for my bad english, I hope it will get better.
> Please help if you have any idea for me to get out of this desaster.
You might want to try upgrading setup, upgrading installed packages, and
manually running the ...-config scripts elevated, to see if that fixes the problem.
seteuid handling:
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2018-03-08 15:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-08 12:48 Bernhard Finster
2018-03-08 15:50 ` Brian Inglis [this message]
2018-03-08 21:00 ` Achim Gratz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bf24dc16-98c5-07b8-de81-3066ff2d251c@SystematicSw.ab.ca \
--to=brian.inglis@systematicsw.ab.ca \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).