This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Domain Admins don't have permissions when logging in via SSH

From: "Sebastian Koerner" <glomix at gmx dot de>
To: cygwin at cygwin dot com
Date: Thu, 30 May 2013 13:16:52 +0200 (CEST)
Subject: Domain Admins don't have permissions when logging in via SSH
Sensitivity: Normal

Hi Cygwin,
We have some trouble with OpenSSH in Cygwin. We think, that the impersonation does not work in the 1.7 cywin, but can't figure out why.

- We followed http://cygwin.com/faq-nochunks.html#faq.using.sshd-in-domain to integrate sshd into our domain. There is a domain\cyg_server user ( c )Â with all the permissions needed.
- Test: We log on using
ÂÂÂÂÂÂÂÂÂÂÂÂ o (a) the local Windows Administrator using ssh
ÂÂÂÂÂÂÂÂÂÂÂÂ o (b) using a Domain\Administrator account
ÂÂÂÂÂÂÂÂÂÂÂÂ o (c) the Domain (Admin) Account that runs sshd server. (domain\cyg_server
Â
Problem is: The (b) Domain Administrator Account is not reported to be a member of the local Administrators group. And he has no admin rights (test: configure a Windows Service)
Â
What we observed is:
- The Domain Admin Account that the Cygwin sshd Service runs under (domain\cyg_server) has all the permissions.
- A local Administrator that connects using ssh has all the permission.
- BUT the best thing: In legacy Cygwin installations the Domain Admin Account *has* local Admin permissions
Â
Can anyone help?
Â
Â
This is the output of id, then sc service sshd start and uname -a:
Â
A Windows XP with Cygwin legacy (note the Administrators Group)
uid=11100(domainadm) gid=10512(Domain Admins) groups=544(Administrators),545(Users),1009(Debugger Users),10512(Domain Admins)
[SC] StartService FAILED 1056:
Â
An instance of the service is already running.
Â
CYGWIN_NT-5.2-WOW64 xpwks 1.5.25(0.156/4/2) 2008-03-05 19:27 i686 Cygwin
Â
Â
A Windows 7 withÂ Cygwin 1.7
uid=11100(domainadm) gid=10512(Domain Admins) groups=10512(Domain Admins),545(Users)
[SC] StartService: OpenService FAILED 5:
Â
Access is denied.
Â
CYGWIN_NT-6.1-WOW64 w7wks 1.7.9(0.237/5/3) 2011-03-29 10:10 i686 Cygwin
Â
Sebastian
Â

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]