X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=YVrKDz6ZQwCvFN+M
	mQ4IJ/Nymh3aGwUWPVQCI4ckFUSnkSZtT677zrFNRES6rvQD6RZKsGThBfevhWNc
	V97/1A2iMsJNPcYXfHASk2t98KYIPj+DybZm8ke0FBp4/ZB8pjcIn402ghV8l0+/
	NWKYSBwocoKlTAPG00TkAeRTQiE=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=bQCnZMSInLzSbKDgus9GQY
	Sr3nk=; b=N7O0aGaRVKRDKZNrSP3kjvZT82BcIowvePwtx1WrPEirmhhR2pb/Lg
	c5tOeM721sYPj1u3dEcX1BWKBDQVEgtx46Zv8zLFikJQR4AKYgaPRK6YSETg7k7l
	4mDE/CIPLutdj5HuhWIxPzGSBhd55zne/nAWvlY06RZ2cBb/EYwBE=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=0.9 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_NONE,TBC autolearn=no version=3.3.2
X-HELO:	vms173001pub.verizon.net
Message-id:	<524EF7EC.8040204@cygwin.com>
Date:	Fri, 04 Oct 2013 13:16:28 -0400
From:	"Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-to:	cygwin AT cygwin DOT com
User-Agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: second exec channel cannot access windows share (open-ssh)
References:	<524E6D9C DOT 3040809 AT asperasoft DOT com>
In-reply-to:	<524E6D9C.3040809@asperasoft.com>

On 10/4/2013 3:26 AM, gaillard wrote:
> Hi,
>
> My company uses cygwin to enable client users to access an application through
> open-ssh server via an ssh exec-channel. After the session connects fine, the
> firstly created exec channel is able to access the mounted shares installed on
> the box (in my test a Windows Server 2008 R2).
> The issue comes when opening the second exec channel that is not able to access
> the shares.
>
>  From the tests I made the second channel is not impersonating the user
> correctly
> since it happears the application process runs as "Local System" which would
> explain the issue.
>
> The open-ssh service is installed under a special user account that runs
> with the
> following settings in local security policy:
> - adjust memory quotas for a process
> - create a token object
> - logon as a service
> - replace a process level token
>
> I tried to add this but without success:
> - impersonate a client after authentication
>
> I've also read the doc "Using Windows Security in Cygwin" but I'm unsure of the
> correct diagnostic for the problem: wrong setting (do I need to use LSA
> authentication)
> or is it a bug?
>
> Any advice will be appreciated.

If you have passwords on your shares (and it sounds like you do), then
your only real altrernative is the third option as described in the
Users Guide:

<http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd3>


-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -