X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 q=dns; s=default; b=E+A9ql/lJOIR5dpS0n5aZbLGVODTZcc+TBqH1UYy3dJ
	ajaKg4Llmv1XNZBbmVrg1+TCZXeZxthv3d12GeAgWypu7FMTZtw9OyvGq8Z+7mVp
	kZ3SgPCf1tlrIHboYHNKTm2kAoNOavxa4oW9H3Q7c5zy/BR+6Ao9JeVP45trHiRw
	=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 s=default; bh=yREWM2lWsgSLXDuFVjjwPrgmF/M=; b=MhhepEXmALHd5kd5X
	i+vLIC3Gtc8E3XwL3MvbHKHnc1Seu6doNRAicZy+uTAOpzQAsd9PWmXVtt5k5dnr
	XScAO4dJYnBYAJmijrP9l20UNaxKbMZK5RWPxTkwUBwKrCiZiYdVE3wfiHDnzRHQ
	ulIhAKr2Bkmx71uAAdr89thx8A=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2
X-HELO: limerock03.mail.cornell.edu
X-CornellRouted: This message has been Routed already.
Message-ID: <534EA18D.60200@cornell.edu>
Date: Wed, 16 Apr 2014 08:28:13 -0700
From: Ken Brown <kbrown AT cornell DOT edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Still testing needed: New passwd/group AD/SAM integration
References: <20140410145323 DOT GB2437 AT calimero DOT vinschen DOT de> <53487C6E DOT 9010905 AT cornell DOT edu> <20140412111325 DOT GA3271 AT calimero DOT vinschen DOT de> <53494BAA DOT 3020005 AT cornell DOT edu> <534DA152 DOT 2080304 AT cornell DOT edu> <20140416080420 DOT GO3271 AT calimero DOT vinschen DOT de> <20140416093519 DOT GQ3271 AT calimero DOT vinschen DOT de>
In-Reply-To: <20140416093519.GQ3271@calimero.vinschen.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

On 4/16/2014 2:35 AM, Corinna Vinschen wrote:
> Hi Ken,
>
> On Apr 16 10:04, Corinna Vinschen wrote:
>> On Apr 15 14:14, Ken Brown wrote:
>>> I've come across a glitch involving sshd and cygserver.  I normally
>>> have both running, but I've discovered that I have to start sshd
>>> before I start cygserver, or else I have problems (can't ssh from a
>>> non-administrator account to an administrator account).  Here are
>>> the details on 64 bit Cygwin; I haven't tested 32 bit:
>>>
>>> I've installed the full 2014-04-12 snapshot and removed /etc/passwd
>>> and /etc/group.  I have an ordinary user kbrown and an administrator
>>> user kbrown-admin.  I now do the following:
>>>
>>> 1. Start sshd.
>>> 2. Start cygserver.
>>> 3. Start a Cygwin Terminal as user kbrown.
>>> 4. ssh into the kbrown-admin account (with publickey authentication
>>> used by default).
>>>
>>> $ ssh kbrown-admin AT localhost
>>> Enter passphrase for key '/home/kbrown/.ssh/id_rsa':
>>> setsockopt IPV6_TCLASS 16: Protocol not available:
>>> Last login: Tue Apr 15 13:57:12 2014 from fe80::9956:cbba:6928:151c%11
>>>
>>> Everything is fine.
>>>
>>> Now I close the Cygwin Terminal, stop both services, and restart
>>> them in the other order (cygserver first, then sshd).  Repeating
>>> steps 3 and 4, I can't login:
>>>
>>> $ ssh kbrown-admin AT localhost
>>> kbrown-admin AT localhost's password:
>>> Permission denied, please try again.
>>> kbrown-admin AT localhost's password:
>>>
>>> Notice that (a) I didn't get a prompt for the passphrase for my ssh
>>> key, and (b) my password wasn't accepted.
>>
>> Thanks for the report, Ken.  I'll have a look.
>
> To clarify:  This is a non-domain machine, right?  And sshd is running
> under the cyg_server account while cygserver is running under the
> LocalSystem account?

Yes to all.

> I'm just testing this, only with a domain machine and domain accounts,
> and I can't reproduce this.  I have a bit of a problem to test this on a
> non-domain machine because my network is set up for domain machines...
>
> However, I found that I made a blatant mistake in cygserver.  The
> message length was computed one byte too short, so the trailing \0 in
> the passwd/group string wasn't transmitted.  This *might* be the cause
> for your problem.
>
> I just built a new snapshot.  Can you please try if this fixes it for
> you?  Make sure to use the new cygserver!

Yes, that fixed it.  Thanks.

> While I was at it, I also added a patch to get rid of the "setsockopt
> IPV6_TCLASS 16: Protocol not available" message.

Good.  It's nice to see that anymore.

Ken

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple