DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:subject:to:references:from:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=Ux1H8vffP+e67XSh
	U7Rw+er2HP1ez31c7NcT7UWUGxnXuYvNV90UDHvB3tfGkcjwHa7bChuXqqdBjvPD
	uQVVl9LrNdFoL9RpjX8tZxV06FlSvOm6me4jqPTGiyqqxXz1DApFKmgF0bFRRdQ/
	x1DwizstCDdglnmgcjW6szNd5zI=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Message-ID: <BLU436-SMTP217DCBDBFA0EED5BC1ACFFB9E850@phx.gbl>
Subject: Re: Cygwin ssh and Windows authentication
To: cygwin@cygwin.com
References: <BLU436-SMTP39AE7DD48809E802CE4DAE9E860@phx.gbl> <1301881165.20150720013859@yandex.ru>
From: Jarek <yaro_29@hotmail.com>
Date: Mon, 20 Jul 2015 20:59:30 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <1301881165.20150720013859@yandex.ru>
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Transfer-Encoding: 7bit

Hi Andrey.
So why are they not needed as your comment doesn't really explain that 
and how exactly did I screwed up my setup if I can actually access the 
server with a domain user account no problem? Perhaps it's not how it 
works but it somehow works so again would be good to know why. It's only 
domain groups that don't work. Even if I set the service account to run 
under a domain account how would this fix my problem with group access 
assuming in current setup it works for domain users but not for groups? 
Again if not the /etc/passwd or /etc/group files then what controls the 
access?

On 2015-07-20 00:38, Andrey Repin wrote:
> Greetings, Jarek!
>
>> I'm still quite new to Cygwin. I'm using the most recent version to
>> install the ssh component on Server 2012R2 member server since it
>> happened to become a requirement for certain users. The problem I have
>> is to understand how to allow access for domain groups. I read the new
>> version doesn't even need the /etc/passwd and /etc/group files any more
>> but I couldn't see any explanation as to how to allow users or groups
>> permission to ssh to the cygwin sshd server.
> Short version is that you need SSH server running under domain user.
> Which needs to be created prior to starting ssh-host-config.
>
>> Running ssh-host-config answering yes to all questions except the one for
>> using other user than the cyg_server I set up the ssh daemon. Not knowing
>> any other way I created the /etc/passwd file with $mkpasswd -l > /etc/passwd
> These files no longer need, but in your specific case, you actually just
> screwed your setup.
>
>> which dumped all local users into the file. I successfully added a domain user
>> with $mkpasswd -u [domain_user] -D [domain] >> /etc/passwd.
> That's not how it works.
>
>> This worked just fine creating the /home/[user] folder I think although
>> I haven't checked if it didn't get created earlier since I installed
>> Cygwin under that user account.  No idea though how to get this working
>> without the use of /etc/passwd file. I then created the /etc/group file
>> and added my selected domain user group to it. Unfortunately in this
>> case members of the group cannot connect via ssh. I don't know if there
>> is a way to list all users including group members with access
>> permissions. $net user lists only users. I tried $net group but this
>> seems to be limited to DCs only which I have no access to. Could someone
>> please explain how can this be set up and what tellls Cygwin who can
>> connect and who can't?
> http://cygwin.com/faq/faq.html#faq.using.sshd-in-domain
> It was there all the time.
>
>


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple