This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Cygwin ssh and Windows authentication




On 2015-07-22 23:46, Andrey Repin wrote:
Greetings, Jarek!

So why are they not needed as your comment doesn't really explain that
Read 1.7.35 changelog.
In short, username resolution was completely reworked, thanks to Corinna, and
Cygwin now directly address domain controllers for it.
OK so it addresses DCs to check some settings or priviliges. I don't
suppose it just asks 'hey DS, can contoso\johnd access sshd on server1?'
Indirectly, that can be done, i.e., by including a user in "SSH" group and
allow only "DOMAIN+SSH" group to authorize on server.
I assume the group name is arbitrary and can be named anything.
Of course. I have a generic "RemoteUsers" group for all users that allowed
remote access (VPN, SSH, etc.)

I went thrugh local rights on my sshserver and I see the Everyone, and
Users local groups have Allow to access this computer via network.
I take it the 'Act as part of the OS','Create a token object' and
'Replace a process level token' rights are only for the account running
the sshd service.
Yes, these are only used by service itself, and not propagated to the users
connected.

Verbose logging from both client and server may give some insight, too.
Here is what I get from the logs on the client when attempting to
connect with WinSCP
Try using only username to login. Without domain prefix.
And disable other auth mechanics, while you are testing namely I see it trying
GSSAPI, which wouldn't work unless explicitly configured and allowed.

Please attach long listings as files or provide links to pastebin service of
your choice.


Hi Andrey,

As much as I don't like giving up, after lots of testing I found the only way I can get a domain user to access my server is by creating the /etc/passwd file and adding the users there. I don't understand the workings behind this but at least it works. Thank you very much for your help and patience. Due to tons of other things I have to work on now I wont be persuing this further but hey, Microsoft are yet again working on ssh. Maybe they suceed this time.
All the best.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]