Mail Archives: cygwin/2008/06/16/17:01:31
Hi Thomas,
On May 13 11:09, Schutter, Thomas A. wrote:
> Except that is not what I am seeing. When I run "id" from a console
> cygwin shell:
> $ id
> uid=18718(tschutter) gid=10513(Domain Users)
> groups=544(Administrators),545(Users),10513(Domain
> Users),18169(FDSV-GG-PrxBLD),22611(FDSV-GG-PrxPCAdmins)
>
> But when I run "id" from a ssh shell:
> $ id
> uid=18718(tschutter) gid=10513(Domain Users)
> groups=545(Users),10513(Domain Users)
>
> So when I am using pubkey authentication, the user token is not a member
> of the "Administrators", "FDSV-GG-PrxBLD", or "FDSV-GG-PrxPCAdmins"
> groups.
Dunno if you fixed this problem in the meantime? I tested this myself
and debugged this situation. It turned out (in *my* local scenario),
the the PDC refused to list the groups the user is member of:
$ id
uid=11001(corinna) gid=10513(DomUsers) groups=545(Users),10513(DomUsers)
The problem was that the domain sshd_server account has no right to
access the domain controller from the network. Solution: Open the Local
Security Policy of the DC and look for the User Right "Deny access to
this computer from the network". You'll find your sshd_server user in
there. Remove it from this user right. Try again:
$ id
uid=11001(corinna) gid=10513(DomUsers) groups=544(Administrators),
545(Users),10512(DomAdmins),10513(DomUsers)
If that doesn't help, you'll probbaly have an overriding Domain
Controller Security Policy set. Look there, set (or reset) the "Deny
access to this computer from the network" user right accordingly and try
again.
HTH,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -