X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Mon, 12 May 2008 18:29:33 -0400 (EDT)
From: Igor Peshansky <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: "Schutter, Thomas A." <tschutter AT proxix DOT com>
cc: cygwin AT cygwin DOT com
Subject: RE: Unable to run sshd under a domain sshd_server account [SOLVED]
In-Reply-To: <3B3EFBD49B94AD4DBB7B7097257A8046DD020D@FDSVAST06SXCH01.flooddata.net>
Message-ID: <Pine.GSO.4.63.0805121820090.11953@access1.cims.nyu.edu>
References: <3B3EFBD49B94AD4DBB7B7097257A8046DD020D AT FDSVAST06SXCH01 DOT flooddata DOT net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Mon, 12 May 2008, Schutter, Thomas A. wrote:

> > -----Original Message-----
> > From: Schutter, Thomas A.
> > Sent: Monday, May 12, 2008 9:52 AM
> > To: 'cygwin AT XXXXXX DOT XXX'

<http://cygwin.com/acronyms/#PCYMTNQREAIYR>.

> > Subject: Unable to run sshd under a domain sshd_server account
> >
> > I am having problems setting up sshd to run under a domain sshd_server
> > account instead of a local sshd_server account.
> > [snip]
> > But when I login via ssh:
> >   $ echo $USER
> >   tschutter
> >   $ echo $USERNAME
> >   sshd_server

Yes -- Windows does not understand user impersonation and does not allow
real user switching.  So what sshd does is invoke processes with the
appropriate token privileges for the user it's impersonating, while
updating internal Cygwin data structures, but still running as
sshd_server.  So Cygwin sees the right user (in its internal state), but
Windows processes, of course, don't.

> > The application event log has this error message:
> >   The description for Event ID ( 0 ) in Source ( sshd ) cannot be
> > found. The local computer may not have the necessary registry
> > information or message DLL files to display messages from a remote
> > computer. You may be able to use the /AUXSOURCE= flag to retrieve this
> > description; see Help and Support for details. The following
> > information is part of the event: sshd: PID 2068: service `sshd'
> > failed: signal 11 raised.

Oops -- a segfault.  This is definitely a bug somewhere -- no matter what,
sshd should not segfault.

> First, I am sorry that I broke the original thread.  I was not
> subscribed to the list when I made the first post, so I was unable to
> reply to that thread.

There is a way to do this with the help of the archives.  I've posted the
recipe multiple times -- you should be able to find it in the archives.

> I solved the problem.  I had missed the /var/log files when changing
> ownership to the new domain sshd_server account.  The chown command
> above should be:
>   chown fdsv-sa-prx-sshdsrvr /etc/ssh* /var/empty /var/log/lastlog
> /var/log/sshd.log
>
> Now the sshd server starts, and when I login my id is correct, and I can
> view shares:
>   $ echo $USERDOMAIN
>   FLOODDATA
>   $ id
>   uid=18718(tschutter) gid=10513(Domain Users)
> groups=544(Administrators),545(Users),10513(Domain
> Users),18169(FDSV-GG-PrxBLD),22611(FDSV-GG-PrxPCAdmins)
>   $ ls //other/f$
>   Data          RECYCLER        System\ Volume\ Information
>
> Note that my USERNAME is still wrong:
>   $ echo $USERNAME
>   fdsv-sa-prx-sshdsrvr

See above.

> Although this method of creating and using a domain sshd_server account
> is not one of the recommended workarounds, it appears to work.
>
> In the other thread, Larry Hall pointed me to the FAQ
> http://cygwin.com/faq/faq-nochunks.html#faq.using.shares. One of the
> suggestions was to "provide your password to a net use command".  I was
> unable to make that work, because "net use" never asks for my password:
>   $ net use \\other\f$
>   System error 67 has occurred.
>
>   The network name cannot be found.

See "net help use":
  The syntax of this command is:
  NET USE
  [devicename | *] [\\computername\sharename[\volume] [password | *]]
...
  password         Is the password needed to access the shared resource.
  *                Produces a prompt for the password. The password is
                   not displayed when you type it at the password prompt.

So, you need to type "net use '\\other\f$' \*" (note the escaped/quoted
'*'), and it'll prompt you for the password.

> As Larry Hall pointed out in the other thread, the cyglsa dll should
> solve this problem and I look forward to trying it out when 1.7.x is
> available.  I am not ready to jump to snapshots at this time.

HTH,
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_	    pechtcha AT cs DOT nyu DOT edu | igor AT watson DOT ibm DOT com
ZZZzz /,`.-'`'    -.  ;-;;,_		Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-'		old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"That which is hateful to you, do not do to your neighbor.  That is the whole
Torah; the rest is commentary.  Go and study it." -- Rabbi Hillel

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/