This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: LDAP integration and sshd

Corinna Vinschen writes:
> The Admin group is a BUILTIN group, so it's always +Administrators
> under the default prefixing rule, as outlined in my preliminary
> documentation.

Yeah, I was just trying the other variants out of desperation.

> And it works fine for me with the latest from CVS (== latest snapshot),
> I just tested it.

I'm using the latest snapshot, although the behaviour is the same with
the previous one.

> If I add
>   AllowGroups +Administrators
> I can still login with my admin account and get a refusal when logging
> in with a non-admin account.
> In contrast, If I add
>   DenyGroups +Administrators
> it's the opposite.

Yes, that's exactly what isn't working.  Even in debug mode the messages
from sshd are not very enlightening, but through experimentation I found
that the only thing that works is +Authenticated* (for Authenticated
Users, obviously).  I don't know what's going on, but it seems that when
the user credentials are resolved by sshd, the domain accounts are
completely inaccessible.  Switching off privilege separation doesn't
seem to make a difference.

> Are you, by any chance, using a non-English OS version?  You know that
> the administrators group has a localized name, right?  In german, for
> instance, it's called Administratoren.

Not that I know of (I didn't install it), it reports as a bog standard
2012R2 server and all local display is in english.

+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Samples for the Waldorf Blofeld:

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]