X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; q=dns; s= default; b=QnQ4LhPKHgwgWkXSKHDg3V5afVWb5zePaLgbOK7B6Vc2IP4bXnEWB 8D96MbcVx6EWq4V6JxL39KjcxhOGrZZe/xMObig4PTgeMzHrGK9Z8nSKKFdpa76c 9vlfmZ9b/7oYZo08Oym4uqUIid44T8OeeRu4DJkslhoFnIdFb67xCI= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; s=default; bh=lcrTYDC6cJ0DeZHVMOYaTQBVtTY=; b=fev/JtQkYwhlv53ribaehYUBW+2i dhEo+QQBdBlfcPaP/h20W/safQGY1h+Y7rq7igEaioYyZeVQGWrW9Z3IgMwvD65A dfcKIAU3acbBCaPgDHrAiAher1m36ncavkJAvZB/5aDlUuzO/Q2qpRnuN5vVcDUu mqYzXCKLPvveJVc= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 X-HELO: calimero.vinschen.de Date: Wed, 16 Apr 2014 11:35:19 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: Still testing needed: New passwd/group AD/SAM integration Message-ID: <20140416093519.GQ3271@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <20140410145323 DOT GB2437 AT calimero DOT vinschen DOT de> <53487C6E DOT 9010905 AT cornell DOT edu> <20140412111325 DOT GA3271 AT calimero DOT vinschen DOT de> <53494BAA DOT 3020005 AT cornell DOT edu> <534DA152 DOT 2080304 AT cornell DOT edu> <20140416080420 DOT GO3271 AT calimero DOT vinschen DOT de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4hmTAJAngH+SZkLl" Content-Disposition: inline In-Reply-To: <20140416080420.GO3271@calimero.vinschen.de> User-Agent: Mutt/1.5.21 (2010-09-15) --4hmTAJAngH+SZkLl Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Ken, On Apr 16 10:04, Corinna Vinschen wrote: > On Apr 15 14:14, Ken Brown wrote: > > I've come across a glitch involving sshd and cygserver. I normally > > have both running, but I've discovered that I have to start sshd > > before I start cygserver, or else I have problems (can't ssh from a > > non-administrator account to an administrator account). Here are > > the details on 64 bit Cygwin; I haven't tested 32 bit: > >=20 > > I've installed the full 2014-04-12 snapshot and removed /etc/passwd > > and /etc/group. I have an ordinary user kbrown and an administrator > > user kbrown-admin. I now do the following: > >=20 > > 1. Start sshd. > > 2. Start cygserver. > > 3. Start a Cygwin Terminal as user kbrown. > > 4. ssh into the kbrown-admin account (with publickey authentication > > used by default). > >=20 > > $ ssh kbrown-admin AT localhost > > Enter passphrase for key '/home/kbrown/.ssh/id_rsa': > > setsockopt IPV6_TCLASS 16: Protocol not available: > > Last login: Tue Apr 15 13:57:12 2014 from fe80::9956:cbba:6928:151c%11 > >=20 > > Everything is fine. > >=20 > > Now I close the Cygwin Terminal, stop both services, and restart > > them in the other order (cygserver first, then sshd). Repeating > > steps 3 and 4, I can't login: > >=20 > > $ ssh kbrown-admin AT localhost > > kbrown-admin AT localhost's password: > > Permission denied, please try again. > > kbrown-admin AT localhost's password: > >=20 > > Notice that (a) I didn't get a prompt for the passphrase for my ssh > > key, and (b) my password wasn't accepted. >=20 > Thanks for the report, Ken. I'll have a look. To clarify: This is a non-domain machine, right? And sshd is running under the cyg_server account while cygserver is running under the LocalSystem account? I'm just testing this, only with a domain machine and domain accounts, and I can't reproduce this. I have a bit of a problem to test this on a non-domain machine because my network is set up for domain machines... However, I found that I made a blatant mistake in cygserver. The message length was computed one byte too short, so the trailing \0 in the passwd/group string wasn't transmitted. This *might* be the cause for your problem. I just built a new snapshot. Can you please try if this fixes it for you? Make sure to use the new cygserver! While I was at it, I also added a patch to get rid of the "setsockopt IPV6_TCLASS 16: Protocol not available" message. I just *love* it if Microsoft defines socket options in their headers, but then simply returns WSAENOPROTOOPT when the appliction dares to use them... Thanks, Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --4hmTAJAngH+SZkLl Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTTk7XAAoJEPU2Bp2uRE+g4xYP+wTHWb1/P9KAFjP6Fof0X2P6 h8oSYGfK5kj5OBtwtx+K5ZiiFoWuxK6515Nq8UJTH+VvRkvcoDU1fM1v6lk9CuMv aIw8eeHGaF7UiT5dOFkCKee9vZkmv1hPf3/IWd5Db6dxiimlvsKiRvXgEqmNV9JB KpmIsWFs/OdLl+1cEE8sA0eRLCDROFWZxrt+Rf1AaJHWkUDhxX0l7m99PmLdSXYS 6swodbQvHfwv6eXkx3sxt9Ei4WnfdJH6d1cfy4+Y8WRkd1vEYG4UDuexwqJSjAw1 pHO+sn5gms1N1Li2lEtgzGdSBTfrDh3678jB32KZWuUTRMk3IC7ABeLniq66oIkX OGgCtqelpvxCWvY7+FAZVI1hmJOLlSMZBlKn04Wk4kxn5UTusTyhG2KZAeyND3gS bx0BcozShAa/0GoFY09yP4VGouQ8h+vfPRSeGIB6sPQSZ7B9+yZorM5eJ201KC06 MvpH/cSKLO56BOOTc00aZ7KPy+mE6lMwuDqWhlDxp4DibNm1aLMkGE47n5iStomU TTO5yU1EVh+9ZL/6jPnchhumtZCrMZsF6Kwe0wdYWpc6ygYnTn7MxrOm5mZOUSgj DQH1dS3pMBdMQK/O2pnC3RXLqOM7fzxfqzJi5XNMmew2EZQrPf4bPZvEylDWVzsE vv55Rc5159DUdBba7e3D =a1x1 -----END PGP SIGNATURE----- --4hmTAJAngH+SZkLl--