X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; q=dns; s= default; b=oxrgwQgo32Phr3gFOC4fwNS1/S8Ux1CVE7eu3EFP7HmOmxi2/tST6 s/5PRdisI5UFQ1+WHCS6m+1Oae9/2C8si1+gYfU01C1kosDoMHt8MrmCXwn/t3Ax IZhNt6dcTgGwjYugN0/fx77TeQ8xamBrplM+SN6aUeacFYQL/8A54U= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; s=default; bh=J44+Vh2brm0jCEZhVl+gdzE2sjI=; b=EyIUzG7I7JDmEu2IZ6pyvOfZKV/k pDMmSEJiDX9BM1nsR66+khSdkeivVMbULS9XJtSkbM1ooYh048J36EjTHez9DziG IV0WJa3CQO0h38Gt+NKuTZSGXz5KNQ8By5PzoynREThAzBYH7PHSu3cxSnVBWxO7 E5Hd00UZZgm3GQk= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 X-HELO: calimero.vinschen.de Date: Thu, 26 Jun 2014 12:50:45 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: LDAP integration and sshd Message-ID: <20140626105045.GU1803@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <20140625130727 DOT GQ1803 AT calimero DOT vinschen DOT de> <20140626083253 DOT GA25654 AT calimero DOT vinschen DOT de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="A7FgPGrDEcSmmdo/" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) --A7FgPGrDEcSmmdo/ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Jun 26 09:37, Achim Gratz wrote: > Corinna Vinschen cygwin.com> writes: > > In theory, no. AllowGroups is admin-settable in the config file while > > the "sshd" user request is built into the code. Just use the names as > > you get them: > >=20 > > AllowGroups bla MACHINE+blub DOMAIN+blubber ... >=20 > Hmm. Doesn't appear to be working in any combination I tried, I'm always > getting an "invalid user" when I'm trying to do that. Is it possible that > the AD lookup doesn't work when using privilege separation? No idea. Did you try? You didn't use '@' as separator, by any chance? Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --A7FgPGrDEcSmmdo/ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTq/sFAAoJEPU2Bp2uRE+gw/8P/3K2Omdonsewa7wCeoAVXZUD N030cxH8kOyzPlQmAsnR2vGu1HbGy3QAb+/J7wzt/OZuFgAvJjVPmOy0e/SITUNT GDtgAOZ70+rAcejfwOHDii9lxFuGLJc3Hpv4NA5s4NYK1hqUPwq62I5oYyxD8w4J 9p3AtI4J0io7uvlhwOjO6Ff2kwaLxvUtBTFF23EZXcs1CqhjboI5EmPwxsDAODXh dUHa8B9Au0pFgli9ZasChSSsoZ3twuOXlhsKu4YT+GN+GDOfpHRPT0IZpMceH95M c1ba+85dn7cY/o09RUJCvTMidBW7QC8EfHBZod8X0fqk1q1l8rgkVkR6SwRtA/zl lXGWCIQpcyK1zhtrYKtFlxHh61+CkHZsMr6UbpTSegijPymLNi1pXi+B+q/M9h5D CyCD2Dq9ODthamiZbFOrqZDN3IxCGsQJ7QUaibqbPNiiOgKUZAUWhxeWGOAKVSh0 oYIsLeekmbiqOean+IBtH+GExQGtBKR7irn+ozYaIxwL9+j1g28bqDI+6akedWHg lsgBke9d5I4w1P4A+5O+WRD4+CYB3CKa+j6EcbCRYsQurcWhimuzkj7mw1TM7PML f8EceivVTDIPSXjffWLPvOrX2D6KeXoQfzg6fHDOoiQlGGg7k2J5CDOHT/l1WZmY JuuXdhUq3BnB+JIb7BBH =ATct -----END PGP SIGNATURE----- --A7FgPGrDEcSmmdo/--