X-Spam-Check-By: sourceware.org Message-ID: <20060121224410.92620.qmail@web53902.mail.yahoo.com> Date: Sat, 21 Jan 2006 14:44:10 -0800 (PST) From: Steve Briggs Subject: Re: sshd client can't access remote shares To: cygwin AT cygwin DOT com In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com --- Igor Peshansky wrote: > On Fri, 20 Jan 2006, Steve Briggs wrote: > > I can't access network shares when I connect via sshd. > > bash>cygrunsrv -I sshd -p /usr/sbin/sshd -A -d > ^^^^^ > I hope this is a typo (though your sshd output indicates that it isn't). > First off, the options should be "-a -D" (otherwise sshd will detach, and > won't be under cygrunsrv's control). Also, the "-d" option will cause > sshd to exit after the first connection. The "-A" is a typo, should be "-a". I tried both the "-D" (normally used option) and also "-d" during testing to get the additional debugging info. > > bash>cygrunsrv -S sshd > > then login as Steve via sshd using password authentication > > (I have NOT set up authentication with keys), it says: > > "debug1: permanently_set_uid 14896/544" > > It lets me login as Steve with my password, but > > bash>"net use s: '\\rem_mach\rem_share'" immedidately gives: > > "System error 1312 has occured." > > "net helpmsg 1312" shows that this error means that "A specified logon > session does not exist. It may already have been terminated." > > > This also happens with > > bash>net use s: '\\rem_mach\rem_share' /user:Steve > > but > > bash>net use s: '\\rem_mach\rem_share' '/user:FDE\Steve' mypassword > > works (seems to be the only combination that does work). > > It doesn't seem to matter if I ssh in from a remote machine or locally > > (bash>ssh localhost). > > You should also be able to issue a "net use s: '\\rem_mach\rem_share' > /user:Steve '*'", which will prompt you for a password. I tried that, it immediately responds with the 1312 error; does not prompt for a password (or if it does, it doesn't wait for a response...) BTW, if I login via ssh and try bash>cd //different_rem_mach/different_rem_share I get a "permission denied" error > > I thought that if I used password authentication with sshd, that the > > process had all the correct user tokens to access shares on the domain? > > This should be correct. > I wonder if this is related to the recent WindowStation changes in > Cygwin's fhandler_console... > > > I've attached the output of "cgycheck -svr". > > Which looks normal, BTW -- the only weird thing is that the userid for > "Steve" is 4896, not 14896 as you indicated in your /etc/passwd quote > above. Yes, let me explain. For some odd reason, the mkpasswd script added 10000 to the Win RIDs of 4896/544 to generate a UID/GID of 14896/ 10544 in the /etc/passwd file. When my ssh login problems started, I manually edited the passwd file to make the UID/GID 4896/544 to agree with the SID entry in /etc/passwd. I've tried both ways (UID=4896 and UID=14896, with reboots in between), the error is the same. I assume that as far as user authentication is concerned, it's the SID in /etc/passwd and the user-supplied password that matters, not the UNIX UID? > If you're willing to build Cygwin from CVS, try commenting out lines > 149-151 of fhandler_console.cc and see if that makes your problem go away. > That should tell us if my guess is correct and the WindowStation changes > were the culprit. Thanks, I may try that later in the week. Steve __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/