Mail Archives: cygwin/2014/06/27/15:09:05

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/06/27/15:09:05

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:to:subject:references:date:in-reply-to

:message-id:mime-version:content-type; q=dns; s=default; b=wu/g+

RzeG1Sj6gX89lWoUlFojtyNZ//uOnpRsvA2/EGDk+jiU2mY7D2lMYWTMODH0h18k

KdbUQUd7NFb1I9pQB860MREYqlDil8v3U9CjSTmBkCWI7gv1f+ZqlRvV1HfgNsaT

ydiRFdiEIBx9eJJ2fpcv7FHlb15VFimElucJDg=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:to:subject:references:date:in-reply-to

:message-id:mime-version:content-type; s=default; bh=NvOED2CKu9R

crg8Au7SDeqd0ZkE=; b=EKNmlwbPI5g0tURjgHk2ZCfp661nkLrkH1Rb7rYf6WC

XmcAMZ8PGSRGlgMgVBXtrSN2qignHXlTCjuMTC5HK5yUM88/VTb57/M+OWmNh5qC

Oj5d0VzZT0trv0B6/gjTY+UuPr5KzioIwnqNOzq7pPFbALtjMWQrgFBr6MQSZkhM

=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-6.0 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2

X-HELO: mail-in-12.arcor-online.net

X-DKIM: Sendmail DKIM Filter v2.8.2 mail-in-01.arcor-online.net 7889F5AAEE

From: Achim Gratz <Stromeko AT nexgo DOT de>

To: cygwin AT cygwin DOT com

Subject: Re: LDAP integration and sshd

References: <loom DOT 20140625T141552-513 AT post DOT gmane DOT org> <20140625130727 DOT GQ1803 AT calimero DOT vinschen DOT de> <loom DOT 20140626T093103-970 AT post DOT gmane DOT org> <20140626083253 DOT GA25654 AT calimero DOT vinschen DOT de> <loom DOT 20140626T112515-399 AT post DOT gmane DOT org> <20140626105045 DOT GU1803 AT calimero DOT vinschen DOT de> <87pphva9is DOT fsf AT Rainer DOT invalid> <20140627081702 DOT GV1803 AT calimero DOT vinschen DOT de>

Date: Fri, 27 Jun 2014 21:08:32 +0200

In-Reply-To: <20140627081702.GV1803@calimero.vinschen.de> (Corinna Vinschen's message of "Fri, 27 Jun 2014 10:17:02 +0200")

Message-ID: <87fviqnpan.fsf@Rainer.invalid>

User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.91 (gnu/linux)

MIME-Version: 1.0

Corinna Vinschen writes:
> The Admin group is a BUILTIN group, so it's always +Administrators
> under the default prefixing rule, as outlined in my preliminary
> documentation.

Yeah, I was just trying the other variants out of desperation.

> And it works fine for me with the latest from CVS (== latest snapshot),
> I just tested it.

I'm using the latest snapshot, although the behaviour is the same with
the previous one.

> If I add
>
>   AllowGroups +Administrators
>
> I can still login with my admin account and get a refusal when logging
> in with a non-admin account.
>
> In contrast, If I add
>
>   DenyGroups +Administrators
>
> it's the opposite.

Yes, that's exactly what isn't working.  Even in debug mode the messages
from sshd are not very enlightening, but through experimentation I found
that the only thing that works is +Authenticated* (for Authenticated
Users, obviously).  I don't know what's going on, but it seems that when
the user credentials are resolved by sshd, the domain accounts are
completely inaccessible.  Switching off privilege separation doesn't
seem to make a difference.

> Are you, by any chance, using a non-English OS version?  You know that
> the administrators group has a localized name, right?  In german, for
> instance, it's called Administratoren.

Not that I know of (I didn't install it), it reports as a bog standard
2012R2 server and all local display is in english.

Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Samples for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldSamplesExtra

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; q=dns; s=default; b=wu/g+
	RzeG1Sj6gX89lWoUlFojtyNZ//uOnpRsvA2/EGDk+jiU2mY7D2lMYWTMODH0h18k
	KdbUQUd7NFb1I9pQB860MREYqlDil8v3U9CjSTmBkCWI7gv1f+ZqlRvV1HfgNsaT
	ydiRFdiEIBx9eJJ2fpcv7FHlb15VFimElucJDg=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; s=default; bh=NvOED2CKu9R
	crg8Au7SDeqd0ZkE=; b=EKNmlwbPI5g0tURjgHk2ZCfp661nkLrkH1Rb7rYf6WC
	XmcAMZ8PGSRGlgMgVBXtrSN2qignHXlTCjuMTC5HK5yUM88/VTb57/M+OWmNh5qC
	Oj5d0VzZT0trv0B6/gjTY+UuPr5KzioIwnqNOzq7pPFbALtjMWQrgFBr6MQSZkhM
	=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-6.0 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	mail-in-12.arcor-online.net
X-DKIM:	Sendmail DKIM Filter v2.8.2 mail-in-01.arcor-online.net 7889F5AAEE
From:	Achim Gratz <Stromeko AT nexgo DOT de>
To:	cygwin AT cygwin DOT com
Subject:	Re: LDAP integration and sshd
References:	<loom DOT 20140625T141552-513 AT post DOT gmane DOT org> <20140625130727 DOT GQ1803 AT calimero DOT vinschen DOT de> <loom DOT 20140626T093103-970 AT post DOT gmane DOT org> <20140626083253 DOT GA25654 AT calimero DOT vinschen DOT de> <loom DOT 20140626T112515-399 AT post DOT gmane DOT org> <20140626105045 DOT GU1803 AT calimero DOT vinschen DOT de> <87pphva9is DOT fsf AT Rainer DOT invalid> <20140627081702 DOT GV1803 AT calimero DOT vinschen DOT de>
Date:	Fri, 27 Jun 2014 21:08:32 +0200
In-Reply-To:	<20140627081702.GV1803@calimero.vinschen.de> (Corinna Vinschen's message of "Fri, 27 Jun 2014 10:17:02 +0200")
Message-ID:	<87fviqnpan.fsf@Rainer.invalid>
User-Agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.3.91 (gnu/linux)
MIME-Version:	1.0