public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed
* Domain Admins don't have permissions when logging in via SSH
@ 2013-05-30 12:24 Sebastian Koerner
  0 siblings, 0 replies; only message in thread
From: Sebastian Koerner @ 2013-05-30 12:24 UTC (permalink / raw)
  To: cygwin


Hi Cygwin,
We have some trouble with OpenSSH in Cygwin. We think, that the impersonation does not work in the 1.7 cywin, but can't figure out why.

- We followed http://cygwin.com/faq-nochunks.html#faq.using.sshd-in-domain to integrate sshd into our domain. There is a domain\cyg_server user ( c )  with all the permissions needed.
- Test: We log on using
             o (a) the local Windows Administrator using ssh
             o (b) using a Domain\Administrator account
             o (c) the Domain (Admin) Account that runs sshd server. (domain\cyg_server
 
Problem is: The (b) Domain Administrator Account is not reported to be a member of the local Administrators group. And he has no admin rights (test: configure a Windows Service)
 
What we observed is:
- The Domain Admin Account that the Cygwin sshd Service runs under (domain\cyg_server) has all the permissions.
- A local Administrator that connects using ssh has all the permission.
- BUT the best thing: In legacy Cygwin installations the Domain Admin Account *has* local Admin permissions
 
Can anyone help?
 
 
This is the output of id, then sc service sshd start and uname -a:
 
A Windows XP with Cygwin legacy (note the Administrators Group)
uid=11100(domainadm) gid=10512(Domain Admins) groups=544(Administrators),545(Users),1009(Debugger Users),10512(Domain Admins)
[SC] StartService FAILED 1056:
 
An instance of the service is already running.
 
CYGWIN_NT-5.2-WOW64 xpwks 1.5.25(0.156/4/2) 2008-03-05 19:27 i686 Cygwin
 
 
A Windows 7 with  Cygwin 1.7
uid=11100(domainadm) gid=10512(Domain Admins) groups=10512(Domain Admins),545(Users)
[SC] StartService: OpenService FAILED 5:
 
Access is denied.
 
CYGWIN_NT-6.1-WOW64 w7wks 1.7.9(0.237/5/3) 2011-03-29 10:10 i686 Cygwin
 
Sebastian
 

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2013-05-30 11:17 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-05-30 12:24 Domain Admins don't have permissions when logging in via SSH Sebastian Koerner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).