Mail Archives: cygwin/2019/03/06/15:59:55

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2019/03/06/15:59:55

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; q=dns; s=

default; b=F/JjaVCnLiGJ+4eQj7SF/nVyqGwV6uIfzN8wqjsUejVGSKE37NcMC

36yM7L6raoH2iyInAm4vSQIRbfl0DaKcgLLM9jH2uGD6/028oQ/7plP0eM6Ahs8/

Ax88asTrayfocbuxsueejbFTEELHZNsMsBTaggQwCWf1D3pTIhWUQY=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; s=default;

bh=j5SYERr8WHtljVu4xK+E7RkReVk=; b=TJYIQ9lZlu37rYC/aWazVX5M8cE1

9GoaQfxF+sDfI/5/6bs4r8c3MiQ/iOtojXg2/uyaiaIsR/bWO4Qr3fjVVu+hWvBU

Lm/Icr8OyS32SFusFcpnzMTYTs53NoQA4i+KvFwctLek3Ydhp6fKEoS+4TruvoBx

xwCg3ekH9QvZ650=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=0.8 required=5.0 tests=BAYES_00,DNS_FROM_AHBL_RHSBL,RCVD_IN_DNSWL_NONE,TIME_LIMIT_EXCEEDED autolearn=unavailable version=3.3.1 spammy=H*F:D*cygwin.com, password

X-HELO: mout.kundenserver.de

Date: Wed, 6 Mar 2019 21:59:31 +0100

From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: sshd problem on WS2008R2 64bit

Message-ID: <20190306205931.GC3785@calimero.vinschen.de>

Reply-To: cygwin AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

References: <20190306010254 DOT GA4210 AT zebra> <20190306121154 DOT GN3785 AT calimero DOT vinschen DOT de> <20190306124816 DOT GR3785 AT calimero DOT vinschen DOT de> <20190306141716 DOT GS3785 AT calimero DOT vinschen DOT de> <20190306143424 DOT GU3785 AT calimero DOT vinschen DOT de> <CANV9t=SHLCT_xN_T35qTgJmoEBu98gGPaKjHMt559MZ+AwyToQ AT mail DOT gmail DOT com> <20190306153404 DOT GX3785 AT calimero DOT vinschen DOT de> <CANV9t=QiOH4cB47XzKZsReH7RLdaB0CxgY-o3jYgZ46DbV3OdA AT mail DOT gmail DOT com> <20190306201331 DOT GB3785 AT calimero DOT vinschen DOT de> <CANV9t=RtsR8+KZ68QirxfiU9w_sGk9QnQejEyJVeBcrdiuOq0w AT mail DOT gmail DOT com>

MIME-Version: 1.0

In-Reply-To: <CANV9t=RtsR8+KZ68QirxfiU9w_sGk9QnQejEyJVeBcrdiuOq0w@mail.gmail.com>

User-Agent: Mutt/1.11.3 (2019-02-01)

--ByM1h5nouWwd3kz8
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mar  6 13:47, Bill Stewart wrote:
> On Wed, Mar 6, 2019 at 1:14 PM Corinna Vinschen wrote:
>=20
> > > > > What precisely happens when Cygwin uses MSV1 S4ULogon on versions
> older
> > > > > than 6.3 before a user has logged on?
> > > >
> > > > MsV1S4ULogon returns with STATUS_NOT_SUPPORTED.  Funny status code,
> > > > given it works if some user already logged in by other means...
> > >
> > > OK, so here's another potential workaround that doesn't require runni=
ng
> the
> > > service as a specific user...
> > >
> > > Create a scheduled task to run using the following settings:
> > >
> > > General -> Run using user account - > choose a local account
> > > General -> "Run whether user is logged on or not"
> > > Triggers -> Run at system startup
> > > Actions -> Start a program -> Program/script:
> %SystemRoot%\Cystem32\cmd.exe
> > > Actions -> Start a program -> Add arguments: /c exit
> > >
> > > Full password logon is required (seems we can't use "do not store
> password"
> > > option).
> > >
> > > The local account does not have to be a member of Administrators, but=
 it
> > > does require user right "Log on as a batch job" (SeBatchLogonRight).
> > >
> > > In my prefunctory testing this seems to fix this problem.
> > >
> > > Does this work?
> >
> > This does indeed work in my local testing on Windows 7, with a local
> > dummy user just for this scheduled job and sshd running under SYSTEM.
> >
> > Now, if that's a feasible workaround for users of these older
> > systems...?
>=20
> Good -- this works for me also. (My wild guess, which may be wrong, is th=
at
> the older OS versions don't initialize MSV1 S4ULogon for some reason until
> somebody logs on.)
>=20
> Whether this workaround is feasible likely depends on the end user. The
> workaround has its own limitations. Here are at least 2 that I can think =
of
> right now:
>=20
> 1. The local user must have "Log on as a batch job" (SeBatchLogonRight)
> user right.
>=20
> 2. The "Network access: Do not allow storage of passwords and credentials
> for network authentication" security policy must be set to "Disabled". (If
> this policy is set to "Enabled", then you can't create scheduled tasks wi=
th
> stored passwords.)
>=20
> It's a weird problem. The best option would be for Microsoft to provide a
> fix (if we can provide a short example program that reproduces it).

I'm reasonably sure there won't be any fix for these systems for at
least two reasons:

- All affected systems are EOLed or in the last year of their Extended
  Support Cycle, all ending on 2020-01-14.

- I opened a support case for an older Windows release a couple of years
  ago.  A fix for the problem has been refused because the problem was
  fixed in the newer OS.  I got told literally that the fix is to upgrade
  to the newer OS.


Corinna

--=20
Corinna Vinschen
Cygwin Maintainer

--ByM1h5nouWwd3kz8
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlyANLIACgkQ9TYGna5E
T6CWnA//dRzNUS/Hcim9Omu+LuQ6ywvEk8ZxD2y/5R/YOlj1394hiOJRYdt69PxO
DuQgLsplPYgTa3uO36SkP/aoVoW3E7DFjw8OMlN/m4fENBrtkjcx7PXXRZ+k+8Bh
iqMWVgqOz5sxyrRuKOV6bkM9muerJlzh/oIBY90/vHyeHCcx0w44wQKpDSlvlPNH
X7bSjGTlM1gat6MtgC4neV+gCv6mD0shGRPj3lkIsBTCalLhyCp4Ob7CVvZe7HXR
c8jJDpNuZGPiXDqbnBQGLbeLNqceCEpzM9hPIjQZXPOaViR++SNkgf6Q3nm1dFHp
KcqcLhPo/dEGBEBxin6r7C0rm16yU8Uj3RuE9NqfwoKIG3O1pJExtDBLpoS22jMb
P7USjcqmZn471lKWxGaWdQ/XVMt9fWNFKIPtcjrbR4iEX2uVYmF5D7rnVSok3V9k
/dKIsr5/OotQPL0PWESnPsoQyS7uuH3zP0FoImBsRpEQoLZOndSKlRYvZQSMfEfB
g+TBVtUVhQPGrBg1VAZAMAr3jnlXYcWnxsQdZN22xwUnx74XKtvxsdxttQFmRuRZ
kXcELvRA8RnIVASInFIMwKDc8CaXVGMV090RuG0AXu3PiR3cdW6VbyEkwGYi7VcE
SlvG/UVqX+RGsRaVHzKHyrNt3MKQgwtQQN4iaITzpB2KVGxLEDo=
=eYtT
-----END PGP SIGNATURE-----

--ByM1h5nouWwd3kz8--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=F/JjaVCnLiGJ+4eQj7SF/nVyqGwV6uIfzN8wqjsUejVGSKE37NcMC
	36yM7L6raoH2iyInAm4vSQIRbfl0DaKcgLLM9jH2uGD6/028oQ/7plP0eM6Ahs8/
	Ax88asTrayfocbuxsueejbFTEELHZNsMsBTaggQwCWf1D3pTIhWUQY=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=j5SYERr8WHtljVu4xK+E7RkReVk=; b=TJYIQ9lZlu37rYC/aWazVX5M8cE1
	9GoaQfxF+sDfI/5/6bs4r8c3MiQ/iOtojXg2/uyaiaIsR/bWO4Qr3fjVVu+hWvBU
	Lm/Icr8OyS32SFusFcpnzMTYTs53NoQA4i+KvFwctLek3Ydhp6fKEoS+4TruvoBx
	xwCg3ekH9QvZ650=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=0.8 required=5.0 tests=BAYES_00,DNS_FROM_AHBL_RHSBL,RCVD_IN_DNSWL_NONE,TIME_LIMIT_EXCEEDED autolearn=unavailable version=3.3.1 spammy=HF:Dcygwin.com, password
X-HELO:	mout.kundenserver.de
Date:	Wed, 6 Mar 2019 21:59:31 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: sshd problem on WS2008R2 64bit
Message-ID:	<20190306205931.GC3785@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<20190306010254 DOT GA4210 AT zebra> <20190306121154 DOT GN3785 AT calimero DOT vinschen DOT de> <20190306124816 DOT GR3785 AT calimero DOT vinschen DOT de> <20190306141716 DOT GS3785 AT calimero DOT vinschen DOT de> <20190306143424 DOT GU3785 AT calimero DOT vinschen DOT de> <CANV9t=SHLCT_xN_T35qTgJmoEBu98gGPaKjHMt559MZ+AwyToQ AT mail DOT gmail DOT com> <20190306153404 DOT GX3785 AT calimero DOT vinschen DOT de> <CANV9t=QiOH4cB47XzKZsReH7RLdaB0CxgY-o3jYgZ46DbV3OdA AT mail DOT gmail DOT com> <20190306201331 DOT GB3785 AT calimero DOT vinschen DOT de> <CANV9t=RtsR8+KZ68QirxfiU9w_sGk9QnQejEyJVeBcrdiuOq0w AT mail DOT gmail DOT com>
MIME-Version:	1.0
In-Reply-To:	<CANV9t=RtsR8+KZ68QirxfiU9w_sGk9QnQejEyJVeBcrdiuOq0w@mail.gmail.com>
User-Agent:	Mutt/1.11.3 (2019-02-01)