Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Fri, 27 Jun 2003 06:26:54 -0400
From: "Pierre A. Humblet" <pierre DOT humblet AT ieee DOT org>
To: cygwin AT cygwin DOT com
Subject: Re: unable to autologin to 2003
Message-ID: <20030627102653.GA514627@Worldnet>
References: <217E3C0C100E144B93AF131E71C6D62A0373B973 AT edc-exchange DOT everdreamcorp DOT com> <01bc01c33c31$27732ef0$4d1f1cac AT THEODOLITE>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <01bc01c33c31$27732ef0$4d1f1cac@THEODOLITE>
User-Agent: Mutt/1.4i

On Thu, Jun 26, 2003 at 03:20:30PM -0700, Bruce Dobrin wrote:
> I hope this isn't a stupid question.  I configure cygwin with a script which
> installs all passwd,  hosts.equiv, inetd etc.....  I have hundreds of
> machines configured this way on which all is well.  I just installed 2003
> server,  cygwin, and ran the autoconfig script.  I am unable to rsh to this
> machine.  I get:
> 
> dobrin AT srdalien2:/home/dobrin> rlogin srdalien2
> Switching to user dobrin failed!
> rlogin: connection closed.
> 
> or
> 
> dobrin AT srdalien2:/home/dobrin> rlogin srdalien2 -l dobrin
> Switching to user dobrin failed!
> rlogin: connection closed.
> 
> 
> cygwin settingis :
> dobrin AT srdalien2:/home/dobrin> echo $CYGWIN
> binmode tty ntsec
> 
> Is there a known 2003 server issue,  I searched the mailing lists pretty
> carefully,  but sisn't turn up anything.
> 
> telnet and non interactive rsh (rather than  rlogin),  work fine.
> 
> 
> Bruce Dobrin
> dobrin AT imageworks DOT com
 
There is evidence that password-less logins (as well as exim) fail
on Windows 2003 because the SYSTEM account is lacking the CreateToken
privilege and can't setuid(). I don't know if/how that privilege can be 
added, can you investigate?

A workaround (reported to work) is to create a new privileged account and 
to run the daemons under that account (-u switch in cygrunsrv).
The new account (you could call it Root) should
1) be in the Administrators group
2) have the Login As A Service privilege
3)   "      Create Token       "
4)   "      Assign Token       "
5)   "      Increase Quota     "    (if it exists on your system. Does it?).
In addition by being Administrators it should also have the Backup and 
Restore Files privileges. If not, assign them explicitly.
Rebuild /etc/passwd after creating such an account.

Pierre
 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/