delorie.com/archives/browse.cgi | search |
X-Recipient: | archive-cygwin AT delorie DOT com |
DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
:list-unsubscribe:list-subscribe:list-archive:list-post | |
:list-help:sender:date:from:to:subject:message-id:reply-to | |
:references:mime-version:content-type:in-reply-to; q=dns; s= | |
default; b=F/JjaVCnLiGJ+4eQj7SF/nVyqGwV6uIfzN8wqjsUejVGSKE37NcMC | |
36yM7L6raoH2iyInAm4vSQIRbfl0DaKcgLLM9jH2uGD6/028oQ/7plP0eM6Ahs8/ | |
Ax88asTrayfocbuxsueejbFTEELHZNsMsBTaggQwCWf1D3pTIhWUQY= | |
DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
:list-unsubscribe:list-subscribe:list-archive:list-post | |
:list-help:sender:date:from:to:subject:message-id:reply-to | |
:references:mime-version:content-type:in-reply-to; s=default; | |
bh=j5SYERr8WHtljVu4xK+E7RkReVk=; b=TJYIQ9lZlu37rYC/aWazVX5M8cE1 | |
9GoaQfxF+sDfI/5/6bs4r8c3MiQ/iOtojXg2/uyaiaIsR/bWO4Qr3fjVVu+hWvBU | |
Lm/Icr8OyS32SFusFcpnzMTYTs53NoQA4i+KvFwctLek3Ydhp6fKEoS+4TruvoBx | |
xwCg3ekH9QvZ650= | |
Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
List-Id: | <cygwin.cygwin.com> |
List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
List-Archive: | <http://sourceware.org/ml/cygwin/> |
List-Post: | <mailto:cygwin AT cygwin DOT com> |
List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
Sender: | cygwin-owner AT cygwin DOT com |
Mail-Followup-To: | cygwin AT cygwin DOT com |
Delivered-To: | mailing list cygwin AT cygwin DOT com |
Authentication-Results: | sourceware.org; auth=none |
X-Spam-SWARE-Status: | No, score=0.8 required=5.0 tests=BAYES_00,DNS_FROM_AHBL_RHSBL,RCVD_IN_DNSWL_NONE,TIME_LIMIT_EXCEEDED autolearn=unavailable version=3.3.1 spammy=H*F:D*cygwin.com, password |
X-HELO: | mout.kundenserver.de |
Date: | Wed, 6 Mar 2019 21:59:31 +0100 |
From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
To: | cygwin AT cygwin DOT com |
Subject: | Re: sshd problem on WS2008R2 64bit |
Message-ID: | <20190306205931.GC3785@calimero.vinschen.de> |
Reply-To: | cygwin AT cygwin DOT com |
Mail-Followup-To: | cygwin AT cygwin DOT com |
References: | <20190306010254 DOT GA4210 AT zebra> <20190306121154 DOT GN3785 AT calimero DOT vinschen DOT de> <20190306124816 DOT GR3785 AT calimero DOT vinschen DOT de> <20190306141716 DOT GS3785 AT calimero DOT vinschen DOT de> <20190306143424 DOT GU3785 AT calimero DOT vinschen DOT de> <CANV9t=SHLCT_xN_T35qTgJmoEBu98gGPaKjHMt559MZ+AwyToQ AT mail DOT gmail DOT com> <20190306153404 DOT GX3785 AT calimero DOT vinschen DOT de> <CANV9t=QiOH4cB47XzKZsReH7RLdaB0CxgY-o3jYgZ46DbV3OdA AT mail DOT gmail DOT com> <20190306201331 DOT GB3785 AT calimero DOT vinschen DOT de> <CANV9t=RtsR8+KZ68QirxfiU9w_sGk9QnQejEyJVeBcrdiuOq0w AT mail DOT gmail DOT com> |
MIME-Version: | 1.0 |
In-Reply-To: | <CANV9t=RtsR8+KZ68QirxfiU9w_sGk9QnQejEyJVeBcrdiuOq0w@mail.gmail.com> |
User-Agent: | Mutt/1.11.3 (2019-02-01) |
--ByM1h5nouWwd3kz8 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mar 6 13:47, Bill Stewart wrote: > On Wed, Mar 6, 2019 at 1:14 PM Corinna Vinschen wrote: >=20 > > > > > What precisely happens when Cygwin uses MSV1 S4ULogon on versions > older > > > > > than 6.3 before a user has logged on? > > > > > > > > MsV1S4ULogon returns with STATUS_NOT_SUPPORTED. Funny status code, > > > > given it works if some user already logged in by other means... > > > > > > OK, so here's another potential workaround that doesn't require runni= ng > the > > > service as a specific user... > > > > > > Create a scheduled task to run using the following settings: > > > > > > General -> Run using user account - > choose a local account > > > General -> "Run whether user is logged on or not" > > > Triggers -> Run at system startup > > > Actions -> Start a program -> Program/script: > %SystemRoot%\Cystem32\cmd.exe > > > Actions -> Start a program -> Add arguments: /c exit > > > > > > Full password logon is required (seems we can't use "do not store > password" > > > option). > > > > > > The local account does not have to be a member of Administrators, but= it > > > does require user right "Log on as a batch job" (SeBatchLogonRight). > > > > > > In my prefunctory testing this seems to fix this problem. > > > > > > Does this work? > > > > This does indeed work in my local testing on Windows 7, with a local > > dummy user just for this scheduled job and sshd running under SYSTEM. > > > > Now, if that's a feasible workaround for users of these older > > systems...? >=20 > Good -- this works for me also. (My wild guess, which may be wrong, is th= at > the older OS versions don't initialize MSV1 S4ULogon for some reason until > somebody logs on.) >=20 > Whether this workaround is feasible likely depends on the end user. The > workaround has its own limitations. Here are at least 2 that I can think = of > right now: >=20 > 1. The local user must have "Log on as a batch job" (SeBatchLogonRight) > user right. >=20 > 2. The "Network access: Do not allow storage of passwords and credentials > for network authentication" security policy must be set to "Disabled". (If > this policy is set to "Enabled", then you can't create scheduled tasks wi= th > stored passwords.) >=20 > It's a weird problem. The best option would be for Microsoft to provide a > fix (if we can provide a short example program that reproduces it). I'm reasonably sure there won't be any fix for these systems for at least two reasons: - All affected systems are EOLed or in the last year of their Extended Support Cycle, all ending on 2020-01-14. - I opened a support case for an older Windows release a couple of years ago. A fix for the problem has been refused because the problem was fixed in the newer OS. I got told literally that the fix is to upgrade to the newer OS. Corinna --=20 Corinna Vinschen Cygwin Maintainer --ByM1h5nouWwd3kz8 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlyANLIACgkQ9TYGna5E T6CWnA//dRzNUS/Hcim9Omu+LuQ6ywvEk8ZxD2y/5R/YOlj1394hiOJRYdt69PxO DuQgLsplPYgTa3uO36SkP/aoVoW3E7DFjw8OMlN/m4fENBrtkjcx7PXXRZ+k+8Bh iqMWVgqOz5sxyrRuKOV6bkM9muerJlzh/oIBY90/vHyeHCcx0w44wQKpDSlvlPNH X7bSjGTlM1gat6MtgC4neV+gCv6mD0shGRPj3lkIsBTCalLhyCp4Ob7CVvZe7HXR c8jJDpNuZGPiXDqbnBQGLbeLNqceCEpzM9hPIjQZXPOaViR++SNkgf6Q3nm1dFHp KcqcLhPo/dEGBEBxin6r7C0rm16yU8Uj3RuE9NqfwoKIG3O1pJExtDBLpoS22jMb P7USjcqmZn471lKWxGaWdQ/XVMt9fWNFKIPtcjrbR4iEX2uVYmF5D7rnVSok3V9k /dKIsr5/OotQPL0PWESnPsoQyS7uuH3zP0FoImBsRpEQoLZOndSKlRYvZQSMfEfB g+TBVtUVhQPGrBg1VAZAMAr3jnlXYcWnxsQdZN22xwUnx74XKtvxsdxttQFmRuRZ kXcELvRA8RnIVASInFIMwKDc8CaXVGMV090RuG0AXu3PiR3cdW6VbyEkwGYi7VcE SlvG/UVqX+RGsRaVHzKHyrNt3MKQgwtQQN4iaITzpB2KVGxLEDo= =eYtT -----END PGP SIGNATURE----- --ByM1h5nouWwd3kz8--
webmaster | delorie software privacy |
Copyright © 2019 by DJ Delorie | Updated Jul 2019 |