This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[openssh] service with domain user


Hi Cygwinners,

I've been struggling with an openssh instalation in a test
environment, with the following characteristics:
1) Host is a Windows 2003 sp2; So, privsep is enforced;
2) Installation of cygwin made with a domain user (local admin);
3) Main objective of sshd: file transfers and remote shell for either
domain users (regular or admin) and local users (restricted only);

After many tries and tests, I've come to the conclusion that for
achieving 3), the sshd deamon should run with a domain user; no
problem, we allocated one for that purpose.
But now I can't make ssh(d) work correctly. I used the "trick" of
adding the domain user to passwd and renaming it to cyg_server, and
indeed the service got installed with the correct domain user, no
questions asked (thanks, Corinna!).
But, that's the end of the story.
I can't make ssh work, and typically the message I see in logs is like
this: "sshd: PID 3572: fatal: seteuid 18606: Permission denied"

I thought that the correct permissions/privileges were assigned in the
ssh-host-config... isn't that so? How do I find what is missing?
Thanks for you help!

PS: I'm also seeing strange things coming from editrights - see these
(failed) attempts, that should give the same output:
# This is for context:
~ $ grep cyg_server /etc/passwd
cyg_server:unused:47000:10513:U-DOMAIN\SECSERVICE,S-1-5-21-682003330-2049760794-1801674531-37000:/home/SECSERVICE:/bin/bash

~ $ editrights -u cyg_server -l
Error in getSID (LsaLookupNames returned
0xc000018c=STATUS_TRUSTED_DOMAIN_FAILURE)!

~ $ editrights -u DOMAIN\\SECSERVICE -l
SeServiceLogonRight


Have Fun! (I'm not)
___________
Julio Costa

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]