X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:message-id:from:to:subject
	:content-type:date:content-transfer-encoding; q=dns; s=default; b=
	n0SFJroc1KObpa7FHeqfqKcuMxWCOfVOTB0jGCYpFiIFDRY06og+6UNBRZOFBy8U
	LZlI462aeqvbBGHCuKfYw4Bte2ffafjP/wb6Qa56A3Uy/awSczpG95eqpnVIfbBF
	VdfuwHfAQAHM1l/GTuU++3bq+MkBD0wqeRZp6pmNIBw=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:message-id:from:to:subject
	:content-type:date:content-transfer-encoding; s=default; bh=WISY
	u4jfZcqPJwAelnFfVZhWUak=; b=o6tyICZ/EM2hqNf7/4O9OjyXE/NTNe+DuYtL
	GDrfyaIDLqrVjQ+SEoRZk7f8SOqIEkQJI1d3iP1VAsTurBGpC1uGVAbRTKWR0cu+
	N7tlmjK4rVTWwgv93VGzyNd59+v8Vwn7SzY5bhY3N9uZsnKlxV/PTvbuIlPUwciI
	Bwwp/qI=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
X-Spam-SWARE-Status:	No, score=0.6 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_NO,RCVD_IN_HOSTKARMA_YE,SPF_PASS,TW_PW autolearn=ham version=3.3.1
MIME-Version:	1.0
Message-ID:	<trinity-835eb929-e18e-4803-8f27-c1a5c40a869e-1369912612866@3capp-gmx-bs12>
From:	"Sebastian Koerner" <glomix AT gmx DOT de>
To:	cygwin AT cygwin DOT com
Subject:	Domain Admins don't have permissions when logging in via SSH
Date:	Thu, 30 May 2013 13:16:52 +0200 (CEST)
Sensitivity:	Normal
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id r4UBHEaP003553

Hi Cygwin,
We have some trouble with OpenSSH in Cygwin. We think, that the impersonation does not work in the 1.7 cywin, but can't figure out why.

- We followed http://cygwin.com/faq-nochunks.html#faq.using.sshd-in-domain to integrate sshd into our domain. There is a domain\cyg_server user ( c )  with all the permissions needed.
- Test: We log on using
             o (a) the local Windows Administrator using ssh
             o (b) using a Domain\Administrator account
             o (c) the Domain (Admin) Account that runs sshd server. (domain\cyg_server
 
Problem is: The (b) Domain Administrator Account is not reported to be a member of the local Administrators group. And he has no admin rights (test: configure a Windows Service)
 
What we observed is:
- The Domain Admin Account that the Cygwin sshd Service runs under (domain\cyg_server) has all the permissions.
- A local Administrator that connects using ssh has all the permission.
- BUT the best thing: In legacy Cygwin installations the Domain Admin Account *has* local Admin permissions
 
Can anyone help?
 
 
This is the output of id, then sc service sshd start and uname -a:
 
A Windows XP with Cygwin legacy (note the Administrators Group)
uid=11100(domainadm) gid=10512(Domain Admins) groups=544(Administrators),545(Users),1009(Debugger Users),10512(Domain Admins)
[SC] StartService FAILED 1056:
 
An instance of the service is already running.
 
CYGWIN_NT-5.2-WOW64 xpwks 1.5.25(0.156/4/2) 2008-03-05 19:27 i686 Cygwin
 
 
A Windows 7 with  Cygwin 1.7
uid=11100(domainadm) gid=10512(Domain Admins) groups=10512(Domain Admins),545(Users)
[SC] StartService: OpenService FAILED 5:
 
Access is denied.
 
CYGWIN_NT-6.1-WOW64 w7wks 1.7.9(0.237/5/3) 2011-03-29 10:10 i686 Cygwin
 
Sebastian
 

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -