X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=YVrKDz6ZQwCvFN+M mQ4IJ/Nymh3aGwUWPVQCI4ckFUSnkSZtT677zrFNRES6rvQD6RZKsGThBfevhWNc V97/1A2iMsJNPcYXfHASk2t98KYIPj+DybZm8ke0FBp4/ZB8pjcIn402ghV8l0+/ NWKYSBwocoKlTAPG00TkAeRTQiE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:reply-to:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=default; bh=bQCnZMSInLzSbKDgus9GQY Sr3nk=; b=N7O0aGaRVKRDKZNrSP3kjvZT82BcIowvePwtx1WrPEirmhhR2pb/Lg c5tOeM721sYPj1u3dEcX1BWKBDQVEgtx46Zv8zLFikJQR4AKYgaPRK6YSETg7k7l 4mDE/CIPLutdj5HuhWIxPzGSBhd55zne/nAWvlY06RZ2cBb/EYwBE= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.9 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_NONE,TBC autolearn=no version=3.3.2 X-HELO: vms173001pub.verizon.net Message-id: <524EF7EC.8040204@cygwin.com> Date: Fri, 04 Oct 2013 13:16:28 -0400 From: "Larry Hall (Cygwin)" Reply-to: cygwin@cygwin.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0 MIME-version: 1.0 To: cygwin@cygwin.com Subject: Re: second exec channel cannot access windows share (open-ssh) References: <524E6D9C.3040809@asperasoft.com> In-reply-to: <524E6D9C.3040809@asperasoft.com> Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7bit On 10/4/2013 3:26 AM, gaillard wrote: > Hi, > > My company uses cygwin to enable client users to access an application through > open-ssh server via an ssh exec-channel. After the session connects fine, the > firstly created exec channel is able to access the mounted shares installed on > the box (in my test a Windows Server 2008 R2). > The issue comes when opening the second exec channel that is not able to access > the shares. > > From the tests I made the second channel is not impersonating the user > correctly > since it happears the application process runs as "Local System" which would > explain the issue. > > The open-ssh service is installed under a special user account that runs > with the > following settings in local security policy: > - adjust memory quotas for a process > - create a token object > - logon as a service > - replace a process level token > > I tried to add this but without success: > - impersonate a client after authentication > > I've also read the doc "Using Windows Security in Cygwin" but I'm unsure of the > correct diagnostic for the problem: wrong setting (do I need to use LSA > authentication) > or is it a bug? > > Any advice will be appreciated. If you have passwords on your shares (and it sounds like you do), then your only real altrernative is the third option as described in the Users Guide: -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple