X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Thu, 2 Aug 2012 11:11:19 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Seteuid "operation not permitted" error when using LSA for sshd
Message-ID: <20120802091119.GA12772@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <CAKXb5pJZX7kaz12C1E-GEk7ws7oc2xAxQmr8EaND3KZ3_GzCmg AT mail DOT gmail DOT com> <CAKXb5pJjCBvbj1ZfU8WiEohz2QqW+edUi1Dz6anhELTk2wuZ_g AT mail DOT gmail DOT com> <CAKXb5p+ETsym1MtM3Ev964XN3aTLNMabSfPkSj0KEHE53GGZeg AT mail DOT gmail DOT com> <20120529125057 DOT GD12040 AT calimero DOT vinschen DOT de> <loom DOT 20120801T202919-35 AT post DOT gmane DOT org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <loom.20120801T202919-35@post.gmane.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Aug  1 18:43, David Koppenhofer wrote:
> Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> I'm trying to get Cygwin sshd working with public key authentication on a Server
> 2008R2 box.  I don't have the "create a token object" permission either, so
> followed the information in this thread to try to get LSA working:
> I ran the /usr/bin/cyglsa-config script, downloaded the
> cygwin-inst-20120530.tar.bz2 snapshot, and extracted the cyglsa64.dll file to
> /bin/cyglsa/

Why did you install cyglsa64 from the old snapshot?  The changes to
cyglsa are supposed to be in the Cygwin 1.7.16 package anyway.  I just
checked the cyglsa64.dll binary and it looks ok.  I installed Cygwin
1.7.16 on my 2008R2 test machine, ran cyglsa-config, rebooted, and
started the sshd service, and it works for me.

> I rebooted the server, made sure the sshd service was running, but I still
> receive the "sshd: PID 3064: fatal: seteuid 1000: Operation not permitted" error.

Does the service account have TCB privileges?  That's a hard requirement
for the user switch.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple