wrong local group when public key authentication with domain AD user

fred pommier fpommier42@gmail.com
Fri May 11 21:33:00 GMT 2012


Hi,
I install cygwin version 2.774 with sshd on windows 2003 r2.
I have domain active directory (AD) user : opersauve
I have add opersauve to cygwin with : mkpasswd -d test  -u opersauve
>>/etc/passwd
When i connect from my computer using AD password (ssh
opersauve@srvbatch), everything is ok. The 'id' comand list ad groups
and local group of my user

opersauve@srvbatch ~
$ id
uid=12696(opersauve) gid=10513(Utilisa. du domaine)
groupes=10513(Utilisa. du
domaine),0(root),544(Administrateurs),545(Utilisateurs),555(Utilisateurs
du Bureau à distance),1012(cygwin)

When i connect  from my computer using public key (ssh -v -i
opersauve_id_rsa opersauve@srvbatch),  the 'id' comand, list ad groups
but not the local group of my user.

opersauve@srvbatch ~
$ id
uid=12696(opersauve) gid=10513(Utilisa. du domaine)
groupes=10513(Utilisa. du domaine),545(Utilisateurs)

You can see than 0(root) 544(Administrateurs) 555(Utilisateurs du
Bureau à distance) and 1012(cygwin) are disapear from 'id'


I found nothing to resolv this problem.
Thank for any help
Regards

I also give the 2 verbose ssh connect

fred@fpo$ ssh -v opersauve@srvbatch
OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /home/fred/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to srvbatch [10.1.2.46] port 22.
debug1: Connection established.
debug1: identity file /home/fred/.ssh/identity type -1
debug1: identity file /home/fred/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/fred/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'srvbatch' is known and matches the RSA host key.
debug1: Found key in /home/fred/.ssh/known_hosts:219
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/fred/.ssh/id_rsa
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Trying private key: /home/fred/.ssh/identity
debug1: Trying private key: /home/fred/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: password
opersauve@srvbatch's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
Last login: Fri May 11 10:37:48 2012 from fpo.test.fr

opersauve@srvbatch ~
$ id
uid=12696(opersauve) gid=10513(Utilisa. du domaine)
groupes=10513(Utilisa. du
domaine),0(root),544(Administrateurs),545(Utilisateurs),555(Utilisateurs
du Bureau à distance),1012(cygwin)
----


fred@fpoirrier:~$ ssh -v -i opersauve_id_rsa opersauve@srvbatch
OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /home/fred/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to srvbatch [10.1.2.46] port 22.
debug1: Connection established.
debug1: identity file opersauve_id_rsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'srvbatch' is known and matches the RSA host key.
debug1: Found key in /home/fred/.ssh/known_hosts:219
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: fred@fpoirrier
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Trying private key: opersauve_id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
Last login: Fri May 11 10:35:40 2012 from 127.0.0.1

opersauve@srvbatch ~
$ id
uid=12696(opersauve) gid=10513(Utilisa. du domaine)
groupes=10513(Utilisa. du domaine),545(Utilisateurs)

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list