X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Fri, 23 Jul 2010 10:57:45 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Difficulty setting up domain SSH daemon under Domain Security Policies
Message-ID: <20100723085745.GH8324@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <7C5E3B536F261B47A73B1F1F70F2683F0B1B733F AT DETEX01 DOT trade DOT archway DOT com> <OF29E120F4 DOT 529C2492-ONC1257767 DOT 0028C238-C1257767 DOT 00297F88 AT de DOT ibm DOT com> <7C5E3B536F261B47A73B1F1F70F2683F0B1B734E AT DETEX01 DOT trade DOT archway DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <7C5E3B536F261B47A73B1F1F70F2683F0B1B734E@DETEX01.trade.archway.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Jul 22 17:28, Hunter, Bryan wrote:
> Here are the results.
> administrator AT detfs01 ~
> $ ssh-host-config -y -c "tty ntsec" -u "TRADE\sshd_server_domain"
> --privileged
> [...]
> *** Warning: Creating the user 'TRADE\sshd_server_domain' failed!
> Reason:
> The syntax of this command is:
> 
> 
> NET USER
> [username [password | *] [options]] [/DOMAIN]
>          username {password | *} /ADD [options] [/DOMAIN]
>          username [/DELETE] [/DOMAIN]

The ssh-host-config script is not made for that.  It has been created to
set up a local sshd installation creating a local account.  Please note
that I mentioned that already at one point:  The script has been created
to help home users in the first place.  A bit of AD support has been
added as a curtesy to the users, but it's not at all complete.  For AD
environmentes, please follow the following procedure explained in the
FAQ: http://cygwin.com/faq/faq-nochunks.html#faq.using.sshd-in-domain

Having said that, patches to the ssh-host-config script (BSD-licensed,
part of the upstream sources, no snares attached) to add better AD
support are *much* appreciated.
But, given the potential complexity of domain policies, I don't think
there's a generic solution which could be handled by a simple generic
shell script.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple