Mail Archives: cygwin/2009/04/21/09:57:28
Hi Cygwinners,
I've been struggling with an openssh instalation in a test
environment, with the following characteristics:
1) Host is a Windows 2003 sp2; So, privsep is enforced;
2) Installation of cygwin made with a domain user (local admin);
3) Main objective of sshd: file transfers and remote shell for either
domain users (regular or admin) and local users (restricted only);
After many tries and tests, I've come to the conclusion that for
achieving 3), the sshd deamon should run with a domain user; no
problem, we allocated one for that purpose.
But now I can't make ssh(d) work correctly. I used the "trick" of
adding the domain user to passwd and renaming it to cyg_server, and
indeed the service got installed with the correct domain user, no
questions asked (thanks, Corinna!).
But, that's the end of the story.
I can't make ssh work, and typically the message I see in logs is like
this: "sshd: PID 3572: fatal: seteuid 18606: Permission denied"
I thought that the correct permissions/privileges were assigned in the
ssh-host-config... isn't that so? How do I find what is missing?
Thanks for you help!
PS: I'm also seeing strange things coming from editrights - see these
(failed) attempts, that should give the same output:
# This is for context:
~ $ grep cyg_server /etc/passwd
cyg_server:unused:47000:10513:U-DOMAIN\SECSERVICE,S-1-5-21-682003330-2049760794-1801674531-37000:/home/SECSERVICE:/bin/bash
~ $ editrights -u cyg_server -l
Error in getSID (LsaLookupNames returned
0xc000018c=STATUS_TRUSTED_DOMAIN_FAILURE)!
~ $ editrights -u DOMAIN\\SECSERVICE -l
SeServiceLogonRight
Have Fun! (I'm not)
___________
Julio Costa
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -