Mail Archives: cygwin/2015/09/01/03:13:40

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2015/09/01/03:13:40

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:references

:mime-version:content-type:content-transfer-encoding; q=dns; s=

default; b=iqtiFeUOCjkvO2na8DT4Jvde++oB5xAVb+gkYppnm+R5FQCSswUdq

Mj99Z45d8MaS2T9OWSMQtGSW5rtsSr3HVvqbyYHY3ltCAF/T3vxlTa4kVy20Qt1m

2w7tMYjz/ROghmPRkMu3FoRGWlaVLW3hQupcm7j8pjfXNhJ3q1loTw=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:references

:mime-version:content-type:content-transfer-encoding; s=default;

bh=0VX2LwioDgJBcOZSuvJMsIj06Mc=; b=Yz+3/UwOKZ6MIDdAqbFkLGT0NLUz

w2YFMq3g3Ip9atv1k50mQCutazkH9Vwkr+hZU3jvOeo5Jica8+a2Qfl7lFOPjYy9

P8fWq3/f5TkEPwYN/EyVtP5Xt5a+YPs79KJ45c9G5uEgtUAHkcbAYZgzyQpy61W6

qIhG34IMIILNudo=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-3.6 required=5.0 tests=AWL,BASE64_LENGTH_79_INF,BAYES_50,MIME_BASE64_BLANKS,RCVD_IN_DNSWL_LOW,RCVD_NUMERIC_HELO,SPF_HELO_PASS,SPF_PASS,T_FSL_HELO_BARE_IP_2,T_RP_MATCHES_RCVD autolearn=no version=3.3.2

X-HELO: plane.gmane.org

To: cygwin AT cygwin DOT com

From: Achim Gratz <Stromeko AT NexGo DOT DE>

Subject: Re: Restrict active directory logins

Date: Tue, 1 Sep 2015 07:13:02 +0000 (UTC)

Lines: 1

Message-ID: <loom.20150901T091139-897@post.gmane.org>

References: <BAY177-W41E7CF6FFF336C3E845A8EE36A0 AT phx DOT gbl>

Mime-Version: 1.0

User-Agent: Loom/3.14 (http://gmane.org/)

X-IsSubscribed: yes

X-MIME-Autoconverted: from base64 to 8bit by delorie.com id t817DYr8003488

E. Winston <craddle2grave <at> hotmail.com> writes:
> I am running cygwinĀ 2.2.1(0.289/5/3) andĀ OpenSSH_7.1p1, OpenSSL 1.0.2d 9
Jul 2015Ā on a domain
> joined Windows 2012 R2 server. I am not using /etc/passwd or /etc/group
and I would prefer not to use theses
> files as I anticipate a large number of accounts needing to be configured.
As part of our group policy, NT
> AUTHORITY\Authenticated Users and NT AUTHORITY\Interactive are both part
of the local Users group. The
> group policy also places Ā NT AUTHORITY\Authenticated UsersĀ into "Log on
Locally" Ā security
> policy.Ā My primary purpose is to use this as an SFTP server. I have been
able to deny SSH logins and limit
> access to on SFTP.Ā 

Why can't you just override the group policy and forbid local logins (except
for another AD group that you explicitly allow)?


Regards,
Achim.

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; q=dns; s=
	default; b=iqtiFeUOCjkvO2na8DT4Jvde++oB5xAVb+gkYppnm+R5FQCSswUdq
	Mj99Z45d8MaS2T9OWSMQtGSW5rtsSr3HVvqbyYHY3ltCAF/T3vxlTa4kVy20Qt1m
	2w7tMYjz/ROghmPRkMu3FoRGWlaVLW3hQupcm7j8pjfXNhJ3q1loTw=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; s=default;
	bh=0VX2LwioDgJBcOZSuvJMsIj06Mc=; b=Yz+3/UwOKZ6MIDdAqbFkLGT0NLUz
	w2YFMq3g3Ip9atv1k50mQCutazkH9Vwkr+hZU3jvOeo5Jica8+a2Qfl7lFOPjYy9
	P8fWq3/f5TkEPwYN/EyVtP5Xt5a+YPs79KJ45c9G5uEgtUAHkcbAYZgzyQpy61W6
	qIhG34IMIILNudo=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-3.6 required=5.0 tests=AWL,BASE64_LENGTH_79_INF,BAYES_50,MIME_BASE64_BLANKS,RCVD_IN_DNSWL_LOW,RCVD_NUMERIC_HELO,SPF_HELO_PASS,SPF_PASS,T_FSL_HELO_BARE_IP_2,T_RP_MATCHES_RCVD autolearn=no version=3.3.2
X-HELO:	plane.gmane.org
To:	cygwin AT cygwin DOT com
From:	Achim Gratz <Stromeko AT NexGo DOT DE>
Subject:	Re: Restrict active directory logins
Date:	Tue, 1 Sep 2015 07:13:02 +0000 (UTC)
Lines:	1
Message-ID:	<loom.20150901T091139-897@post.gmane.org>
References:	<BAY177-W41E7CF6FFF336C3E845A8EE36A0 AT phx DOT gbl>
Mime-Version:	1.0
User-Agent:	Loom/3.14 (http://gmane.org/)
X-IsSubscribed:	yes
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id t817DYr8003488