This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: group"S-1-2-0"(users who login locally)in ssh;windows 2003


On Aug 16 15:49, Tom Rodman wrote:
> On Wed 8/16/06 14:44 CDT mwoehlke wrote:
> > Tom Rodman wrote:
> > > Hosts effected:
> > > 
> > >   several boxes running windows 2003 server w/cygwin (1.5.20s(0.155/4/2) 20060403 13:33:45)
> > > 
> > > Problem (or feature?): 
> > > 
> > >   when you ssh to these boxes, and run:
> > > 
> > >     $WINDIR/system32/whoami /all |grep -q S-1-2-0 || echo OOPs # "OOPS" echos :-<
> > > 
> > >     "S-1-2-0" == "Users who log on to terminals locally (physically) connected to the system."
> > > [...]
> > FWIW, on my 2k3 box, I show up as a member in S-1-2-0 both logged in 
> > "locally" (via Remote Desktop Sharing, with which I have never had 
> > anything "not work") and via Cygwin sshd. 
> 
> That's encouraging. The tool that fails for us (only in ssh) has been
> doing so on several previous versions of cygwin, in all cases under
> windows 2003; my hunch is there is something specific about our setup
> that is causing the ssh session to not be in S-1-2-0. Days (or weeks from
> now) I will try upgrading cygwin, and followup with cygcheck output if
> the problem persists.

Maybe there's a difference between password and pubkey authentication?
Or it's some security setting?  I could easily imagine there's a switch
in "local Security Settings" or "Domain Security Settings" which drops
the LOCAL group from the token.  There's a lot of mysterious stuff in
2K3...

Whatever it is, it must be something related to 2K3.  Cygwin doesn't
differ the different OSes in terms of authentication.  I also have the
LOCAL group as part of my user token on 2K3.

Temporary Workaround:  Add the user to the local group by adding them to
a manually created entry in /etc/group:

  local:S-1-2-0:2:user1,user2,...


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]