| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=uZe6cgScmCzR/DoXn6Ajbso5Jku5VOjpvme3ySna9C367RDlby2OO | |
| DjV54wYiPavC/w7q0Yfa6DvAD94sUrEqmJItyorLnrbNcRalOo0nY/CnARiwoC0p | |
| e8BfewCRkxXYEHxXNriucVDTYkSqFEkKBvdwNEr5R0LiipQps8QD7I= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=6LjMKy+5QrljRTJYShYrUsPkxOw=; b=qnXFEOYxVE0caLgw5RWZApiK5nyJ | |
| nlhHnwnWwfpGnr4MiMz4zxckTWXUsytUNQfObFiEH8ljbZj+mIE6tiSzqjqsSEUL | |
| kMlZng+JvsWo+RlNOwun7MRRxYcqvMF1ui25zIEDiTyJXHefHUubvBoLU/1ddS4p | |
| m1DSv+5jperBCkk= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-5.0 required=5.0 tests=AWL,BAYES_20 autolearn=ham version=3.3.2 |
| X-HELO: | calimero.vinschen.de |
| Date: | Fri, 27 Jun 2014 10:17:02 +0200 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: LDAP integration and sshd |
| Message-ID: | <20140627081702.GV1803@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <loom DOT 20140625T141552-513 AT post DOT gmane DOT org> <20140625130727 DOT GQ1803 AT calimero DOT vinschen DOT de> <loom DOT 20140626T093103-970 AT post DOT gmane DOT org> <20140626083253 DOT GA25654 AT calimero DOT vinschen DOT de> <loom DOT 20140626T112515-399 AT post DOT gmane DOT org> <20140626105045 DOT GU1803 AT calimero DOT vinschen DOT de> <87pphva9is DOT fsf AT Rainer DOT invalid> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <87pphva9is.fsf@Rainer.invalid> |
| User-Agent: | Mutt/1.5.23 (2014-03-12) |
--foM9DbudB2CcldhH Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Jun 26 19:03, Achim Gratz wrote: > Corinna Vinschen writes: > >> Hmm. Doesn't appear to be working in any combination I tried, I'm alw= ays > >> getting an "invalid user" when I'm trying to do that. Is it possible = that > >> the AD lookup doesn't work when using privilege separation? > > > > No idea. Did you try? You didn't use '@' as separator, by any chance? >=20 > No, I didn't change any settings from the default (apart from the lone > sshd entry in /etc/passwd to make the local account visible to the > sshd). The sshd runs under the sshd local account. >=20 > So, I've tried to let certain users in only if they match a name pattern > (the pattern match is verified to work and shows up in the log) and are > in group +Administrators as resloves with getent, as soon as I specify > anything other than "*" in the AllowGroup config, these users are not > allowed to log in. I've tried "Administrators", "+Administrators" and > even "primaryDOM+Administrators". The Admin group is a BUILTIN group, so it's always +Administrators under the default prefixing rule, as outlined in my preliminary documentation. And it works fine for me with the latest from CVS (=3D=3D latest snapshot), I just tested it. If I add AllowGroups +Administrators I can still login with my admin account and get a refusal when logging in with a non-admin account. In contrast, If I add DenyGroups +Administrators it's the opposite. Are you, by any chance, using a non-English OS version? You know that the administrators group has a localized name, right? In german, for instance, it's called Administratoren. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --foM9DbudB2CcldhH Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTrSh+AAoJEPU2Bp2uRE+gWjEP+gPNt87l+mdjOaUJI4a5cunm 7hESF5dEoHJi4SaDRQwkh1I6/96woK8HO7vU4GNZBH6D3gso47mWUGKJyXf951gu /LXXYDA/xKfWdWVUrdftrwuef3Jx9EzPcTBlWVtFhngjNQBGAD1FjkZozJP060xo yVrWyXL/Ddk7f9GL3caXA8m3zyAtqi/46mqvsqyjoD8/Tv4VO/kxD7ytk4bWXEim BoLIoqE2vMswjewB1MRLiKcSVS3aGMxiIEBWI43qv6pqURylM+vWgqMLuQmS0Qvu 6sOj2MYG6nqzU4y8DEbQZHK0mc3hrwab2sR9zqBqbgH4ISv1eKr8Iwnu5lRYco52 6+LGmHl+xH8yA+t30B9M/0hATwVhh49YfFEN/0E73qqPY1M/2E4DxDU9FgAbxGEH a9lvlS5FsVbKZnrtLXtnRlFZZrHJRxhK58bwuJHjNwstyGVZmvS6g7vXG2oSGCyR GcJfwUsnQ6jPI5kgk9HnI4jCK/aEeQVLX7+KcLdtKNM3sfAn3qiGTb0yJT3pU+6G oA8mJJDZnkG+qq/p7QcNvHO/jMoZod+S5ojx3aGeWWuEPR0yJDSAXGWeRs9/6NcZ D5la2VO8H8xP3frjVAn20IYCJRnBGUkJFQlAAZ7UtkneKLQBfSlFeG2AdJZ9+axU rT+bKN+a9aT9dkCPg84m =i/yW -----END PGP SIGNATURE----- --foM9DbudB2CcldhH--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |