X-Spam-Check-By: sourceware.org
Date: Wed, 16 Aug 2006 23:11:08 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: group"S-1-2-0"(users who login locally)in ssh;windows 2003
Message-ID: <20060816211108.GD27256@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <200608161821 DOT k7GIL5VW024015 AT tigris DOT pounder DOT sol DOT net> <ebvsj3$bu7$1 AT sea DOT gmane DOT org> <200608162049 DOT k7GKnTTE024729 AT tigris DOT pounder DOT sol DOT net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200608162049.k7GKnTTE024729@tigris.pounder.sol.net>
User-Agent: Mutt/1.4.2i
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Aug 16 15:49, Tom Rodman wrote:
> On Wed 8/16/06 14:44 CDT mwoehlke wrote:
> > Tom Rodman wrote:
> > > Hosts effected:
> > > 
> > >   several boxes running windows 2003 server w/cygwin (1.5.20s(0.155/4/2) 20060403 13:33:45)
> > > 
> > > Problem (or feature?): 
> > > 
> > >   when you ssh to these boxes, and run:
> > > 
> > >     $WINDIR/system32/whoami /all |grep -q S-1-2-0 || echo OOPs # "OOPS" echos :-<
> > > 
> > >     "S-1-2-0" == "Users who log on to terminals locally (physically) connected to the system."
> > > [...]
> > FWIW, on my 2k3 box, I show up as a member in S-1-2-0 both logged in 
> > "locally" (via Remote Desktop Sharing, with which I have never had 
> > anything "not work") and via Cygwin sshd. 
> 
> That's encouraging. The tool that fails for us (only in ssh) has been
> doing so on several previous versions of cygwin, in all cases under
> windows 2003; my hunch is there is something specific about our setup
> that is causing the ssh session to not be in S-1-2-0. Days (or weeks from
> now) I will try upgrading cygwin, and followup with cygcheck output if
> the problem persists.

Maybe there's a difference between password and pubkey authentication?
Or it's some security setting?  I could easily imagine there's a switch
in "local Security Settings" or "Domain Security Settings" which drops
the LOCAL group from the token.  There's a lot of mysterious stuff in
2K3...

Whatever it is, it must be something related to 2K3.  Cygwin doesn't
differ the different OSes in terms of authentication.  I also have the
LOCAL group as part of my user token on 2K3.

Temporary Workaround:  Add the user to the local group by adding them to
a manually created entry in /etc/group:

  local:S-1-2-0:2:user1,user2,...


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/