X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:from:to:subject:date:content-type
	:content-transfer-encoding:mime-version; q=dns; s=default; b=b0L
	s6bX+ZqUjgoazXAOqcfaUR1jsWjXmiwN/i4lSCgY4/LHpmlCE3z6DcWzXxrLrFfI
	V7ip6qxJMCM+LZtzvnnBru6SVkrc5+zljaiDjx5QutXhvsf2EaglhedAsK9CHqzd
	g2KOXJln2KF6I3ia/ahcST/b9ZGKEynXUvdGrlso=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:from:to:subject:date:content-type
	:content-transfer-encoding:mime-version; s=default; bh=s1OpSM0Vy
	HRQgqdbFT4s8NVFAX0=; b=YILfwK+pEznklCkjywZDnBNIT6ZqKu6vHZSDZ3rG/
	ZVuSxl5EPRkvJnQbNyCICDNB45OYli+CgZvt7MldZOjIFl+Jz/WGVMc5lvGRANrk
	+uL16t1MlVu6KDAfpBIEiAIjI0Qav+9r44WeOwuDzEaVZ10QDUY6asSFlS6HorZV
	fo=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=2.6 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO: BAY004-OMC1S20.hotmail.com
X-TMN: [IomPt4qWeVrvql4/TG3Yff70Hnif947c]
Message-ID: <BAY177-W41E7CF6FFF336C3E845A8EE36A0@phx.gbl>
From: "E. Winston" <craddle2grave AT hotmail DOT com>
To: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject: Restrict active directory logins
Date: Mon, 31 Aug 2015 22:39:28 -0500
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id t813dp4T009130

Hi all,

I am running cygwin 2.2.1(0.289/5/3) and OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015 on a domain joined Windows 2012 R2 server. I am not using /etc/passwd or /etc/group and I would prefer not to use theses files as I anticipate a large number of accounts needing to be configured. As part of our group policy, NT AUTHORITY\Authenticated Users and NT AUTHORITY\Interactive are both part of the local Users group. The group policy also places  NT AUTHORITY\Authenticated Users into "Log on Locally"  security policy. My primary purpose is to use this as an SFTP server. I have been able to deny SSH logins and limit access to on SFTP. 

What I would like to know is with this setup, is if there is a way to prevent any user in our domain from logging into the server? 

Currently I have directory permissions set so they cannot see anything, but I'd rather not allow them to login at all.

I have a local group created with only the domain accounts I want to be able to explicitly login but thus far I have not been able to determine how to limit logins to just the members of this group. 

Thanks in advance,

-Ed 		 	   		  
--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple