This is the mail archive of the
mailing list for the Cygwin project.
Re: LDAP integration and sshd
- From: Achim Gratz <Stromeko at nexgo dot de>
- To: cygwin at cygwin dot com
- Date: Fri, 27 Jun 2014 21:08:32 +0200
- Subject: Re: LDAP integration and sshd
- Authentication-results: sourceware.org; auth=none
- References: <loom dot 20140625T141552-513 at post dot gmane dot org> <20140625130727 dot GQ1803 at calimero dot vinschen dot de> <loom dot 20140626T093103-970 at post dot gmane dot org> <20140626083253 dot GA25654 at calimero dot vinschen dot de> <loom dot 20140626T112515-399 at post dot gmane dot org> <20140626105045 dot GU1803 at calimero dot vinschen dot de> <87pphva9is dot fsf at Rainer dot invalid> <20140627081702 dot GV1803 at calimero dot vinschen dot de>
Corinna Vinschen writes:
> The Admin group is a BUILTIN group, so it's always +Administrators
> under the default prefixing rule, as outlined in my preliminary
Yeah, I was just trying the other variants out of desperation.
> And it works fine for me with the latest from CVS (== latest snapshot),
> I just tested it.
I'm using the latest snapshot, although the behaviour is the same with
the previous one.
> If I add
> AllowGroups +Administrators
> I can still login with my admin account and get a refusal when logging
> in with a non-admin account.
> In contrast, If I add
> DenyGroups +Administrators
> it's the opposite.
Yes, that's exactly what isn't working. Even in debug mode the messages
from sshd are not very enlightening, but through experimentation I found
that the only thing that works is +Authenticated* (for Authenticated
Users, obviously). I don't know what's going on, but it seems that when
the user credentials are resolved by sshd, the domain accounts are
completely inaccessible. Switching off privilege separation doesn't
seem to make a difference.
> Are you, by any chance, using a non-English OS version? You know that
> the administrators group has a localized name, right? In german, for
> instance, it's called Administratoren.
Not that I know of (I didn't install it), it reports as a bog standard
2012R2 server and all local display is in english.
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Samples for the Waldorf Blofeld:
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple