Mail Archives: cygwin/2013/10/07/04:05:22

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2013/10/07/04:05:22

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type:content-transfer-encoding;

q=dns; s=default; b=GeHDdbAOhEBzsO5HobT15+4W+QeZdExS4UMqtp2WfNK

aT2cjof8yS0ewxYRYGriyrpYX1YRj9CPvvx1ZUthy1zMEBmHiTilVf1IMWrAAQNE

AFXJML7olZ77v4mv0oYKT2aOGzmTgQY/K/SdkyjO59T6nsOzyDqCYjQd8MbtsbSs

=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type:content-transfer-encoding;

s=default; bh=SEF4H8SsgqLuokfog9AcQ9HrTBg=; b=lWYmP/gA4O03su83d

Qmq2e3eFMmPfvSD1s0JyjdqDDR6H3sNGQvTwRE3aejfpkfmONTnpgsyQbUy4oeLt

p0a5uhWsZkmHlZz09BLMFVlmxR7Sln+Z2bw33QxQdykLvJjNbcmkLOlAQbY3EYij

SgpcAkafwmWrqSZurs9YlWuyB4=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=0.4 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS,TBC autolearn=no version=3.3.2

X-HELO: mail-wg0-f47.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=SJp55Ox09yKj+hB74ZbFmb7wyiYj6rLWOpqmbqPhyac=; b=d/KzZWvg1OQgpfysxmOheQdTjxdGRIf1eDO4IwHYBvjOngFiJJCC2UxsGmvJzEzCy+ ZPHwkdI08JEVvk+X8LFziTH2C4j6DNPUtf4BGU6UzIb2p8TdbebiuBSiLbo/OjFzVar3 yIXUXQ5o9bNO2OAKjBBeG4fsxqNIgDXj0sNTA5eW7gd8kof/3Up7H6nzsBYZ7fk+XnMb hK9Coy3SCkQh74mggAK3Bb2s3t8DIDCOgs6BvHP8CZrbWU81quiv88Ay+pZ5EAuwNrKn zDDmhWmr2fpt1FzCNeGVWYnU98s0G1FmBzxvmGeqLC1J/gEgOn+jIo37L3yS4BMANjzG X+6Q==

X-Gm-Message-State: ALoCoQm8M56vlKvAt9igpcBx6JE2KIx0Ie3cNRoX0AejVNgAzrEw7RWTOTi/4e+vkdq2ZI2jV9YU

X-Received: by 10.194.77.2 with SMTP id o2mr238752wjw.57.1381133102469; Mon, 07 Oct 2013 01:05:02 -0700 (PDT)

Message-ID: <52526B2A.1080603@asperasoft.com>

Date: Mon, 07 Oct 2013 10:04:58 +0200

From: gaillard <gaillard AT asperasoft DOT com>

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: Re: Re: second exec channel cannot access windows share (open-ssh)

References: <524EF7EC DOT 8040204 AT cygwin DOT com>

In-Reply-To: <524EF7EC.8040204@cygwin.com>

Thanks. Yes there are passwords on shares.

What confuses me is that it works on the first invocation of exec channel.
Is there any reason why it works then ?

On 10/4/2013 7:16 PM, Larry Hall (Cygwin) wrote:
> On 10/4/2013 3:26 AM, gaillard wrote:
>> Hi,
>>
>> My company uses cygwin to enable client users to access an application through
>> open-ssh server via an ssh exec-channel. After the session connects fine, the
>> firstly created exec channel is able to access the mounted shares installed on
>> the box (in my test a Windows Server 2008 R2).
>> The issue comes when opening the second exec channel that is not able to access
>> the shares.
>>
>>  From the tests I made the second channel is not impersonating the user
>> correctly
>> since it happears the application process runs as "Local System" which would
>> explain the issue.
>>
>> The open-ssh service is installed under a special user account that runs
>> with the
>> following settings in local security policy:
>> - adjust memory quotas for a process
>> - create a token object
>> - logon as a service
>> - replace a process level token
>>
>> I tried to add this but without success:
>> - impersonate a client after authentication
>>
>> I've also read the doc "Using Windows Security in Cygwin" but I'm unsure of the
>> correct diagnostic for the problem: wrong setting (do I need to use LSA
>> authentication)
>> or is it a bug?
>>
>> Any advice will be appreciated.
>
> If you have passwords on your shares (and it sounds like you do), then
> your only real altrernative is the third option as described in the
> Users Guide:
>
> <http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd3>
>
>

-- 
Gilles Gaillard


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	q=dns; s=default; b=GeHDdbAOhEBzsO5HobT15+4W+QeZdExS4UMqtp2WfNK
	aT2cjof8yS0ewxYRYGriyrpYX1YRj9CPvvx1ZUthy1zMEBmHiTilVf1IMWrAAQNE
	AFXJML7olZ77v4mv0oYKT2aOGzmTgQY/K/SdkyjO59T6nsOzyDqCYjQd8MbtsbSs
	=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	s=default; bh=SEF4H8SsgqLuokfog9AcQ9HrTBg=; b=lWYmP/gA4O03su83d
	Qmq2e3eFMmPfvSD1s0JyjdqDDR6H3sNGQvTwRE3aejfpkfmONTnpgsyQbUy4oeLt
	p0a5uhWsZkmHlZz09BLMFVlmxR7Sln+Z2bw33QxQdykLvJjNbcmkLOlAQbY3EYij
	SgpcAkafwmWrqSZurs9YlWuyB4=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=0.4 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS,TBC autolearn=no version=3.3.2
X-HELO:	mail-wg0-f47.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=SJp55Ox09yKj+hB74ZbFmb7wyiYj6rLWOpqmbqPhyac=; b=d/KzZWvg1OQgpfysxmOheQdTjxdGRIf1eDO4IwHYBvjOngFiJJCC2UxsGmvJzEzCy+ ZPHwkdI08JEVvk+X8LFziTH2C4j6DNPUtf4BGU6UzIb2p8TdbebiuBSiLbo/OjFzVar3 yIXUXQ5o9bNO2OAKjBBeG4fsxqNIgDXj0sNTA5eW7gd8kof/3Up7H6nzsBYZ7fk+XnMb hK9Coy3SCkQh74mggAK3Bb2s3t8DIDCOgs6BvHP8CZrbWU81quiv88Ay+pZ5EAuwNrKn zDDmhWmr2fpt1FzCNeGVWYnU98s0G1FmBzxvmGeqLC1J/gEgOn+jIo37L3yS4BMANjzG X+6Q==
X-Gm-Message-State:	ALoCoQm8M56vlKvAt9igpcBx6JE2KIx0Ie3cNRoX0AejVNgAzrEw7RWTOTi/4e+vkdq2ZI2jV9YU
X-Received:	by 10.194.77.2 with SMTP id o2mr238752wjw.57.1381133102469; Mon, 07 Oct 2013 01:05:02 -0700 (PDT)
Message-ID:	<52526B2A.1080603@asperasoft.com>
Date:	Mon, 07 Oct 2013 10:04:58 +0200
From:	gaillard <gaillard AT asperasoft DOT com>
User-Agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: Re: second exec channel cannot access windows share (open-ssh)
References:	<524EF7EC DOT 8040204 AT cygwin DOT com>
In-Reply-To:	<524EF7EC.8040204@cygwin.com>