This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: sshd authentication question


On Thu, Mar 18, 2004 at 02:24:25PM -0500, Pierre A. Humblet wrote:
> 
> Here is another hypothesis. Cygwin gets the groups from a variety of
> sources during setuid(). One of them is a call to NetUserGetGroups
> to get the global groups from the logon server. 
> Failure of that call does not call a failure of setuid, because it 
> happens normally while running disconnected. So the problem could be
> with your logon server or your LAN.
> That hypothesis seems consistent with the outputs of your original
> mail.
> Fortunately there is a workaround: edit /etc/group and explicitly 
> include the user in question in the groups that should contain him.

Looking back at your original mail, you report

*** Administrator on smoke3 ***

uid=10500(Administrator) gid=10513(Domain Users) groups=10512(Domain Admins),105
13(Domain Users),10519(Enterprise Admins),10520(Group Policy Creator Owners),105
18(Schema Admins),544(Administrators),545(Users)

When ssh works abnormally:

 *** Administrator on smoke3 *** 

uid=10500(Administrator) gid=10513(Domain Users) groups=10513(Domain Users),545(Users)

I assume you care mainly about group 544 membership. It looks like
that membership derives from membership in one of the global groups
10512, 10519, 10520 and/or 10518. 
If you care about all of them, include the user on the appropriate
lines in /etc/group on the sshd machine. An alternative if you only
care about 544 is to explicitly include 10500 as a member of the
Administrators group in the Windows user manager on the sshd machine.
The advantage is that you won't need to reedit /etc/group each time
you regenerate it.

Pierre


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]