DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=Mc/URvKGxNsSP9AM
	2EOJTqsjB2UgyZDDvkuQRp7gOBgpOgxCUY4cKsOsdQH9EIXAY6Zkz6bX5nHrKS2k
	xnpGymuHlkbNZEfnUSBw84Dq9I+pLNbWSxXdmRDwGn8W8U+5f9bQpHRV+mQ6VFvP
	srYqhldbVPhkrNQZ4+OH+fCw55A=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Date: Sat, 21 Feb 2015 03:47:40 +0300
From: Andrey Repin <anrdaemon AT yandex DOT ru>
Reply-To: cygwin AT cygwin DOT com
Message-ID: <995093673.20150221034740@yandex.ru>
To: Len Giambrone <Leonard DOT Giambrone AT intersystems DOT com>, cygwin AT cygwin DOT com
Subject: Re: bug in csih?
In-Reply-To: <54E7C402.80306@intersystems.com>
References: <54E7C402 DOT 80306 AT intersystems DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Greetings, Len Giambrone!

> Running the latest version:

> $ cygcheck -c cygwin openssh csih
> Cygwin Package Information
> Package              Version        Status
> csih                 0.9.8-5        OK
> cygwin               1.7.34-6       OK
> openssh              6.7p1-2        OK

> When I run

>     ssh-host-config -y -w XXXXX


> I get this:

> *** Query: Create new privileged user account 'WX64LG\cyg_server' 
> (Cygwin name: 'cyg_server')? (yes/no) yes
> *** Info: User 'cyg_server' has been created with password 'XXXXX'.
> *** Info: If you change the password, please remember also to change the
> *** Info: password for the installed services which use (or will soon use)
> *** Info: the 'cyg_server' account.

> *** Warning: Expected privileged user 'cyg_server' does not exist.
> *** Warning: Defaulting to 'SYSTEM'

> Even though it successfully creates the account, it refuses to use it.  
> I believe this is because of the following code in 
> csih_service_should_run_as()

>      if csih_privileged_account_exists "$csih_PRIVILEGED_USERNAME" 1>&2
>      then
>        # it already existed before this script was launched
>        echo "$csih_PRIVILEGED_USERNAME"
>        return
>      elif /usr/bin/getent passwd "${csih_PRIVILEGED_USERNAME}" 
 >>/dev/null 2>&1
>      then
>        # we probably just created it
>        echo "$csih_PRIVILEGED_USERNAME"
>        return
>      else
>        # a failure somewhere
>        csih_warning "Expected privileged user 
> '${csih_PRIVILEGED_USERNAME}' does not exist." 1>&2
>        csih_warning "Defaulting to 'SYSTEM'" 1>&2
>        echo "SYSTEM"
>        return
>      fi

> I am on a machine in a domain.  /usr/bin/getent passwd cyg_server 
> returns nothing:
> $ getent passwd cyg_server

That's not right. But setting up SSH in a domain environment is problematic.
You'd need an /etc/passwd file with one line mentioning local cyg_server
account.

Try
mkpasswd -l | grep cyg_server
or, perhaps,
getent -w passwd cyg_server

Sorry, I don't have AD on hand right now, can't help with tests.

> Running it through strace, I see it's looking for DOMAIN\cyg_server, and
> not the local account.

That's expected, and as far as I know unavoidable. Please see above for a
workaround.


--
WBR,
Andrey Repin (anrdaemon AT yandex DOT ru) 21.02.2015, <03:43>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple