Mail Archives: cygwin/2015/07/24/15:05:39

www.delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2015/07/24/15:05:39

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:subject:to:references:from:date

:mime-version:in-reply-to:content-type

:content-transfer-encoding; q=dns; s=default; b=bgX4CrAJ0M3kwvej

T7IyOs8hPgKeGetfn5DmYIAV72avuWgw3RcX8Ka+bUT8sLe2p8lSuMT+zUn+bBPn

UU35TumIvRghUtjUuO8TAhUxdOCxLa9B9n/vRd1Z11Uv3cdMry8OUF1ivIdn7Mn4

Tr0+13Yf2h34X3hIjATD5qOJ7z8=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:subject:to:references:from:date

:mime-version:in-reply-to:content-type

:content-transfer-encoding; s=default; bh=upUWLhwClxvzTSmJuq9OGq

Hm6Ls=; b=Yua64fgy7Y3wyQauALOOxGEjmjbEkzBr02T8iYcTTN7K6RuWqvVDx7

8mzSVkE59AlHtELarWGFeFBjusOAKFuKN9ByQWlkTK+0FegZUFM4d8dD3XMg9Drk

xzG3sDJoid8d97uxc+L9siVE4sn6vhnEpJesuHZCLKtMjZyicA/0s=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_50,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2

X-HELO: BLU004-OMC1S7.hotmail.com

X-TMN: [GUn6IILtejDBmOViRb65O6QH4NmGIRbS]

Message-ID: <BLU436-SMTP8704BA1BACFFDC528FAD4E9E810@phx.gbl>

Subject: Re: Cygwin ssh and Windows authentication

To: cygwin AT cygwin DOT com

References: <BLU436-SMTP39AE7DD48809E802CE4DAE9E860 AT phx DOT gbl> <1301881165 DOT 20150720013859 AT yandex DOT ru> <BLU436-SMTP217DCBDBFA0EED5BC1ACFFB9E850 AT phx DOT gbl> <1399485278 DOT 20150721032532 AT yandex DOT ru> <BLU436-SMTP238C37DE9A243EA7E7F794F9E840 AT phx DOT gbl> <981419184 DOT 20150721233655 AT yandex DOT ru> <BLU436-SMTP147434267174B49E8813BD49E830 AT phx DOT gbl> <341710545 DOT 20150723004627 AT yandex DOT ru>

From: Jarek <yaro_29 AT hotmail DOT com>

Date: Fri, 24 Jul 2015 21:05:10 +0200

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0

MIME-Version: 1.0

In-Reply-To: <341710545.20150723004627@yandex.ru>


On 2015-07-22 23:46, Andrey Repin wrote:
> Greetings, Jarek!
>
>>>>>> So why are they not needed as your comment doesn't really explain that
>>>>> Read 1.7.35 changelog.
>>>>> In short, username resolution was completely reworked, thanks to Corinna, and
>>>>> Cygwin now directly address domain controllers for it.
>>>> OK so it addresses DCs to check some settings or priviliges. I don't
>>>> suppose it just asks 'hey DS, can contoso\johnd access sshd on server1?'
>>> Indirectly, that can be done, i.e., by including a user in "SSH" group and
>>> allow only "DOMAIN+SSH" group to authorize on server.
>> I assume the group name is arbitrary and can be named anything.
> Of course. I have a generic "RemoteUsers" group for all users that allowed
> remote access (VPN, SSH, etc.)
>
>> I went thrugh local rights on my sshserver and I see the Everyone, and
>> Users local groups have Allow to access this computer via network.
>> I take it the 'Act as part of the OS','Create a token object' and
>> 'Replace a process level token' rights are only for the account running
>> the sshd service.
> Yes, these are only used by service itself, and not propagated to the users
> connected.
>
>>> Verbose logging from both client and server may give some insight, too.
>> Here is what I get from the logs on the client when attempting to
>> connect with WinSCP
> Try using only username to login. Without domain prefix.
> And disable other auth mechanics, while you are testing namely I see it trying
> GSSAPI, which wouldn't work unless explicitly configured and allowed.
>
> Please attach long listings as files or provide links to pastebin service of
> your choice.
>
>
Hi Andrey,

As much as I don't like giving up, after lots of testing I found the 
only way I can get a domain user to access my server is by creating the 
/etc/passwd file and adding the users there. I don't understand the 
workings behind this but at least it works. Thank you very much for your 
help and patience. Due to tons of other things I have to work on now I 
wont be persuing this further but hey, Microsoft are yet again working 
on ssh. Maybe they suceed this time.
All the best.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:subject:to:references:from:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=bgX4CrAJ0M3kwvej
	T7IyOs8hPgKeGetfn5DmYIAV72avuWgw3RcX8Ka+bUT8sLe2p8lSuMT+zUn+bBPn
	UU35TumIvRghUtjUuO8TAhUxdOCxLa9B9n/vRd1Z11Uv3cdMry8OUF1ivIdn7Mn4
	Tr0+13Yf2h34X3hIjATD5qOJ7z8=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:subject:to:references:from:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=upUWLhwClxvzTSmJuq9OGq
	Hm6Ls=; b=Yua64fgy7Y3wyQauALOOxGEjmjbEkzBr02T8iYcTTN7K6RuWqvVDx7
	8mzSVkE59AlHtELarWGFeFBjusOAKFuKN9ByQWlkTK+0FegZUFM4d8dD3XMg9Drk
	xzG3sDJoid8d97uxc+L9siVE4sn6vhnEpJesuHZCLKtMjZyicA/0s=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.6 required=5.0 tests=AWL,BAYES_50,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	BLU004-OMC1S7.hotmail.com
X-TMN:	[GUn6IILtejDBmOViRb65O6QH4NmGIRbS]
Message-ID:	<BLU436-SMTP8704BA1BACFFDC528FAD4E9E810@phx.gbl>
Subject:	Re: Cygwin ssh and Windows authentication
To:	cygwin AT cygwin DOT com
References:	<BLU436-SMTP39AE7DD48809E802CE4DAE9E860 AT phx DOT gbl> <1301881165 DOT 20150720013859 AT yandex DOT ru> <BLU436-SMTP217DCBDBFA0EED5BC1ACFFB9E850 AT phx DOT gbl> <1399485278 DOT 20150721032532 AT yandex DOT ru> <BLU436-SMTP238C37DE9A243EA7E7F794F9E840 AT phx DOT gbl> <981419184 DOT 20150721233655 AT yandex DOT ru> <BLU436-SMTP147434267174B49E8813BD49E830 AT phx DOT gbl> <341710545 DOT 20150723004627 AT yandex DOT ru>
From:	Jarek <yaro_29 AT hotmail DOT com>
Date:	Fri, 24 Jul 2015 21:05:10 +0200
User-Agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version:	1.0
In-Reply-To:	<341710545.20150723004627@yandex.ru>