X-Spam-Check-By: sourceware.org
Date: Wed, 22 Feb 2006 13:30:46 -0500 (EST)
From: Igor Peshansky <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: "Perdue, Dave T.  CIV NAVAIR 5.4.3, Bldg 2035, Rm 205, Cube 200" <david DOT perdue AT navy DOT mil>
cc: cygwin AT cygwin DOT com
Subject: Re: Unable ssh login using Windows Domain account using password  authentication
In-Reply-To: <E400628E9D6760429593FBE7A5AAD27801FA506F@NAEAPAXREX04VA.nadsusea.nads.navy.mil>
Message-ID: <Pine.GSO.4.63.0602221327540.4972@access1.cims.nyu.edu>
References: <E400628E9D6760429593FBE7A5AAD27801FA506F AT NAEAPAXREX04VA DOT nadsusea DOT nads DOT navy DOT mil>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Wed, 22 Feb 2006, Perdue, Dave T. wrote:

<http://cygwin.com/acronyms/#PCYMTWLL>.  Thanks.

> We are currently using Cygwin 1.5.12-1 on our Windows 2000 Domain as the
> ssh server for our PCs.  1.5.12-1 ssh allows us to log into the domain
> PCs remotely using our domain accounts.  I installed Cygwin 1.5.19-4 on
> one system and find that when I remotely log in using a domain account
> the native Windows "whoami" command reports my identity as "NT
> AUTHORITY\SYSTEM".  When I remotely ssh log in on the same system using
> a local account I see the correct identity.  All logins are using
> manually entered passwords.  I used the following commands to create the
> passwd and group files:
>
> mkpasswd -l > /etc/passwd
> mkpasswd -d  >> /etc/passwd
> mkgroup -l > /etc/group
> mkgroup -d >> /etc/group
>
> I configured ssh to use the sshd privilege separation account and
> specified "ntsec binmode tty".  The sshd server is configured to logon
> as the local system account.  What changes do I need to make to allow
> 1.5.19-4 to support logons using our domain account like 1.5.12-1 can?
> Thanks in advance for any help that you can provide.
>
> Also, I have noticed that an "id -G" in 1.5.12-1 produces the same
> output when logged in locally and thru an ssh session, while in 1.5.19-4
> it produces different output for the two types of logon.
>
> David Perdue

You did everything correctly, except: your default domain may not be the
domain you're logging into.  "mkpasswd/mkgroup -d" use the default domain.
You might want to explicitly specify the domain name on the command line,
like this: "mkpasswd -d YOURDOMAIN >> /etc/passwd", and similarly for
mkgroup.
HTH,
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_	    pechtcha AT cs DOT nyu DOT edu | igor AT watson DOT ibm DOT com
ZZZzz /,`.-'`'    -.  ;-;;,_		Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-'		old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/