Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sourceware DOT cygnus DOT com Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com Message-ID: <1DB8BA4BAC88D3118B2300508B5A552CD925BD@mail.fitlinxx.com> From: David Bolen To: cygwin AT sourceware DOT cygnus DOT com Cc: "'Mike Melendez'" Subject: RE: [melendez AT orca DOT com: Cygwin bash mount over Ataman telnetd is inaccessible.] Date: Mon, 12 Jun 2000 12:31:26 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" It's possible that this is a generic NT security problem that can show up with services trying to do network access, depending on how the telnet services logs a user into the system (I've never used Ataman myself). It would be helpful to know if access to the share was a problem from a non-bash/cygwin environment. It's also not mentioned, but I'm assuming that the server on which the share is being accessed is also NT. What may be happening is that the telnetd service is running under the LocalSystem account, which means that it has no credentials for network access (or to be more precise it has a Null set of credentials). By default that will mean it has no network access to remote machines, which are set up by default (as of NT 4.0) to reject Null session credential clients, with only a few exceptions. I would normally expect that the Ataman service is requesting an interactive login token for a user for authentication and then creating a process as that user, which I would think would create the necessary network credentials, but it also wouldn't surprise me to find out that it didn't :-) One quick test would be to run the Ataman service as some specific user (it can be set up that way in the services control panel). The user selected would probably need to be a full administrator (to ensure it can execute any functions the telnet server may try when setting up a remote login). The other approach is to try opening up (in general, or specifically) access to the share in question on the server side for Null session clients (which includes LocalSystem services): You can either: (a) Open up access in general for such clients, by installing beneath the registry key: HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters the DWORD value: RestrictNullSessAccess = 0 (The value is normally not present at all, but defaults internally to 1) (b) Add either the existing share that the client is accessing (or perhaps dedicate a new limited share just for the client) and add that share to the value of NullSessionShares on the server (same key location). It should already be present with a few entries. Add your share as a new entry (if you use regedt32 it'll handle the REG_MULTI_SZ type nicely). You'll have to restart the server (or at least the LanmanServer service) for changes to take effect. Neither of these are necessarily that attractive as a long term operating solution, but may at least be useful in the test environment. -- David /-----------------------------------------------------------------------\ \ David Bolen \ E-mail: db3l AT fitlinxx DOT com / | FitLinxx, Inc. \ Phone: (203) 708-5192 | / 860 Canal Street, Stamford, CT 06902 \ Fax: (203) 316-5150 \ \-----------------------------------------------------------------------/ -----Original Message----- From: Chris Faylor [mailto:cgf AT cygnus DOT com] Sent: Monday, June 12, 2000 11:36 AM To: cygwin AT sourceware DOT cygnus DOT com Subject: [melendez AT orca DOT com: Cygwin bash mount over Ataman telnetd is inaccessible.] Can anyone offer any help to this guy? cgf ----- Forwarded message from Mike Melendez ----- From: Mike Melendez To: support AT ataman DOT com, cygwin-support AT cygnus DOT com Subject: Cygwin bash mount over Ataman telnetd is inaccessible. Date: Mon, 12 Jun 2000 11:11:19 -0400 I am attempting to use the same Expect script to automate internal tests from a BSDI system to Solaris, Linux, and Windows NT. For NT I am using: Windows NT 4.0 (Build 1381: Service Pack 5) Cygwin 1.0 bash shell Ataman TCP Remote Logon Services 2.4 simple telnet In a bash shell on the desktop and through the Ataman telnetd as the same user I can successfully $ mount \\\\\\ or $ mount Z: However, only on the desktop can I access the remote directory through the mount directory. Through the Ataman telnetd, attempts to cd return: "bash.exe: cd : Permission denied" I have tried this with system mounts (mount -s) as well as local mounts and both with and without a desktop user simultaneously logged in -- all with the same result. -- Robert Michael Melendez melendez AT orca DOT com Orca Systems, Inc 781-895-4949 x227 ----- End forwarded message ----- -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com