X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:message-id:from:to:subject :content-type:date:content-transfer-encoding; q=dns; s=default; b= n0SFJroc1KObpa7FHeqfqKcuMxWCOfVOTB0jGCYpFiIFDRY06og+6UNBRZOFBy8U LZlI462aeqvbBGHCuKfYw4Bte2ffafjP/wb6Qa56A3Uy/awSczpG95eqpnVIfbBF VdfuwHfAQAHM1l/GTuU++3bq+MkBD0wqeRZp6pmNIBw= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:message-id:from:to:subject :content-type:date:content-transfer-encoding; s=default; bh=WISY u4jfZcqPJwAelnFfVZhWUak=; b=o6tyICZ/EM2hqNf7/4O9OjyXE/NTNe+DuYtL GDrfyaIDLqrVjQ+SEoRZk7f8SOqIEkQJI1d3iP1VAsTurBGpC1uGVAbRTKWR0cu+ N7tlmjK4rVTWwgv93VGzyNd59+v8Vwn7SzY5bhY3N9uZsnKlxV/PTvbuIlPUwciI Bwwp/qI= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com X-Spam-SWARE-Status: No, score=0.6 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_NO,RCVD_IN_HOSTKARMA_YE,SPF_PASS,TW_PW autolearn=ham version=3.3.1 MIME-Version: 1.0 Message-ID: From: "Sebastian Koerner" To: cygwin@cygwin.com Subject: Domain Admins don't have permissions when logging in via SSH Content-Type: text/plain; charset=UTF-8 Date: Thu, 30 May 2013 13:16:52 +0200 (CEST) Sensitivity: Normal Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id r4UBHEaP003553 Hi Cygwin, We have some trouble with OpenSSH in Cygwin. We think, that the impersonation does not work in the 1.7 cywin, but can't figure out why. - We followed http://cygwin.com/faq-nochunks.html#faq.using.sshd-in-domain to integrate sshd into our domain. There is a domain\cyg_server user ( c )  with all the permissions needed. - Test: We log on using              o (a) the local Windows Administrator using ssh              o (b) using a Domain\Administrator account              o (c) the Domain (Admin) Account that runs sshd server. (domain\cyg_server   Problem is: The (b) Domain Administrator Account is not reported to be a member of the local Administrators group. And he has no admin rights (test: configure a Windows Service)   What we observed is: - The Domain Admin Account that the Cygwin sshd Service runs under (domain\cyg_server) has all the permissions. - A local Administrator that connects using ssh has all the permission. - BUT the best thing: In legacy Cygwin installations the Domain Admin Account *has* local Admin permissions   Can anyone help?     This is the output of id, then sc service sshd start and uname -a:   A Windows XP with Cygwin legacy (note the Administrators Group) uid=11100(domainadm) gid=10512(Domain Admins) groups=544(Administrators),545(Users),1009(Debugger Users),10512(Domain Admins) [SC] StartService FAILED 1056:   An instance of the service is already running.   CYGWIN_NT-5.2-WOW64 xpwks 1.5.25(0.156/4/2) 2008-03-05 19:27 i686 Cygwin     A Windows 7 with  Cygwin 1.7 uid=11100(domainadm) gid=10512(Domain Admins) groups=10512(Domain Admins),545(Users) [SC] StartService: OpenService FAILED 5:   Access is denied.   CYGWIN_NT-6.1-WOW64 w7wks 1.7.9(0.237/5/3) 2011-03-29 10:10 i686 Cygwin   Sebastian   -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple