This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED])


Corinna Vinschen wrote:
Oh, btw., Charles, that's one for you.

On Jun 16 23:01, Corinna Vinschen wrote:
On May 13 11:09, Schutter, Thomas A. wrote:
The problem was that the domain sshd_server account has no right to
access the domain controller from the network.  Solution: Open the Local
Security Policy of the DC and look for the User Right "Deny access to
this computer from the network".  You'll find your sshd_server user in
there.  Remove it from this user right.  Try again:

This user right shouldn't be set anymore in the csih/cygwin-service-installation-helper.sh script. Patch follows:

* Don't disallow network logon for service user account.

Here's the patch I applied, for csih-0.1.5:


--
Chuck

diff -u -r1.7 -r1.8
--- cygwin-service-installation-helper.sh	14 Apr 2008 18:36:05 -0000	1.7
+++ cygwin-service-installation-helper.sh	19 Jul 2008 16:40:31 -0000	1.8
@@ -1636,14 +1636,13 @@
           # user not in Administrators group
           return 1
         else
-          editrights -l -u "${user}" | fgrep SeAssignPrimaryTokenPrivilege     >/dev/null 2>&1 &&
-          editrights -l -u "${user}" | fgrep SeCreateTokenPrivilege            >/dev/null 2>&1 &&
-          editrights -l -u "${user}" | fgrep SeTcbPrivilege                    >/dev/null 2>&1 &&
-          editrights -l -u "${user}" | fgrep SeDenyInteractiveLogonRight       >/dev/null 2>&1 &&
-          editrights -l -u "${user}" | fgrep SeDenyNetworkLogonRight           >/dev/null 2>&1 &&
-          editrights -l -u "${user}" | fgrep SeDenyRemoteInteractiveLogonRight >/dev/null 2>&1 &&
-          editrights -l -u "${user}" | fgrep SeIncreaseQuotaPrivilege          >/dev/null 2>&1 &&
-          editrights -l -u "${user}" | fgrep SeServiceLogonRight               >/dev/null 2>&1
+          editrights -u "${user}" -t SeAssignPrimaryTokenPrivilege     >/dev/null 2>&1 &&
+          editrights -u "${user}" -t SeCreateTokenPrivilege            >/dev/null 2>&1 &&
+          editrights -u "${user}" -t SeTcbPrivilege                    >/dev/null 2>&1 &&
+          editrights -u "${user}" -t SeDenyInteractiveLogonRight       >/dev/null 2>&1 &&
+          editrights -u "${user}" -t SeDenyRemoteInteractiveLogonRight >/dev/null 2>&1 &&
+          editrights -u "${user}" -t SeIncreaseQuotaPrivilege          >/dev/null 2>&1 &&
+          editrights -u "${user}" -t SeServiceLogonRight               >/dev/null 2>&1
           return # status of previous command-list
         fi
       fi
@@ -2106,7 +2105,6 @@
         editrights -a SeCreateTokenPrivilege -u ${username} &&
         editrights -a SeTcbPrivilege -u ${username} &&
         editrights -a SeDenyInteractiveLogonRight -u ${username} &&
-        editrights -a SeDenyNetworkLogonRight -u ${username} &&
         editrights -a SeDenyRemoteInteractiveLogonRight -u ${username} &&
         editrights -a SeIncreaseQuotaPrivilege -u ${username} &&
         editrights -a SeServiceLogonRight -u ${username} &&

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]