From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 30607 invoked by alias); 3 Sep 2014 07:17:43 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 30481 invoked by uid 89); 3 Sep 2014 07:17:32 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-6.6 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,RCVD_NUMERIC_HELO,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,T_FSL_HELO_BARE_IP_2 autolearn=ham version=3.3.2 X-HELO: plane.gmane.org Received: from plane.gmane.org (HELO plane.gmane.org) (80.91.229.3) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Wed, 03 Sep 2014 07:17:29 +0000 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1XP4oe-0007MQ-8f for cygwin@cygwin.com; Wed, 03 Sep 2014 09:17:16 +0200 Received: from 217.10.52.10 ([217.10.52.10]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 03 Sep 2014 09:17:16 +0200 Received: from Stromeko by 217.10.52.10 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 03 Sep 2014 09:17:16 +0200 To: cygwin@cygwin.com From: Achim Gratz Subject: Re: Windows Server 2012R2 64bit and 32bit Cygwin sshd Date: Wed, 03 Sep 2014 07:17:00 -0000 Message-ID: References: <8761hphfps.fsf@Rainer.invalid> <20140902140751.GD6056@calimero.vinschen.de> <20140902153757.GE6056@calimero.vinschen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit User-Agent: Loom/3.14 (http://gmane.org/) X-IsSubscribed: yes X-SW-Source: 2014-09/txt/msg00051.txt.bz2 Corinna Vinschen cygwin.com> writes: > Don't use privilege separation, then the non-privileged sshd user won't > matter at all. Privsep on Cygwin is only half-useful on Cygwin anyway, > if at all. I've switched privilege separateion off completely, but no dice. The Access Denied comes from trying to switch from primary group "MACHINE+None" to "Domain Users". That is expected to happen, what I still don't get is why the parent process winds up with the exception instead of the originating process as on 64bit. > As for the local cyg_server account, I'm not sure. Usually, > a local machine account has no or only limited access to AD information. > As an account which needs AD to get user information it's a bit > unfortunate if it doesn't have access. When the process comes to this point it has already verified the user via AD. > The strace shows that it doesn't even *try* to start bash, but it's > entirely unclear why. Is it possible to run sshd in gdb? Regards, Achim. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple