This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: LDAP integration and sshd

Corinna Vinschen writes:
>> Hmm.  Doesn't appear to be working in any combination I tried, I'm always
>> getting an "invalid user" when I'm trying to do that.  Is it possible that
>> the AD lookup doesn't work when using privilege separation?
> No idea.  Did you try?  You didn't use '@' as separator, by any chance?

No, I didn't change any settings from the default (apart from the lone
sshd entry in /etc/passwd to make the local account visible to the
sshd).  The sshd runs under the sshd local account.

So, I've tried to let certain users in only if they match a name pattern
(the pattern match is verified to work and shows up in the log) and are
in group +Administrators as resloves with getent, as soon as I specify
anything other than "*" in the AllowGroup config, these users are not
allowed to log in.  I've tried "Administrators", "+Administrators" and
even "primaryDOM+Administrators".  The same happens for another list of
users and a non-administrative group from the primary domain that
basically all users are a member of; no changes in behaviour when I
chose a domain group that I know has only a handful of users including
the test account.

+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Terratec KOMPLEXER:

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]