This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Unable ssh login using Windows Domain account using password authentication


On Wed, 22 Feb 2006, Perdue, Dave T. wrote:

<http://cygwin.com/acronyms/#PCYMTWLL>.  Thanks.

> We are currently using Cygwin 1.5.12-1 on our Windows 2000 Domain as the
> ssh server for our PCs.  1.5.12-1 ssh allows us to log into the domain
> PCs remotely using our domain accounts.  I installed Cygwin 1.5.19-4 on
> one system and find that when I remotely log in using a domain account
> the native Windows "whoami" command reports my identity as "NT
> AUTHORITY\SYSTEM".  When I remotely ssh log in on the same system using
> a local account I see the correct identity.  All logins are using
> manually entered passwords.  I used the following commands to create the
> passwd and group files:
>
> mkpasswd -l > /etc/passwd
> mkpasswd -d  >> /etc/passwd
> mkgroup -l > /etc/group
> mkgroup -d >> /etc/group
>
> I configured ssh to use the sshd privilege separation account and
> specified "ntsec binmode tty".  The sshd server is configured to logon
> as the local system account.  What changes do I need to make to allow
> 1.5.19-4 to support logons using our domain account like 1.5.12-1 can?
> Thanks in advance for any help that you can provide.
>
> Also, I have noticed that an "id -G" in 1.5.12-1 produces the same
> output when logged in locally and thru an ssh session, while in 1.5.19-4
> it produces different output for the two types of logon.
>
> David Perdue

You did everything correctly, except: your default domain may not be the
domain you're logging into.  "mkpasswd/mkgroup -d" use the default domain.
You might want to explicitly specify the domain name on the command line,
like this: "mkpasswd -d YOURDOMAIN >> /etc/passwd", and similarly for
mkgroup.
HTH,
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_	    pechtcha@cs.nyu.edu | igor@watson.ibm.com
ZZZzz /,`.-'`'    -.  ;-;;,_		Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-'		old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]