This is the mail archive of the
mailing list for the Cygwin project.
Restrict active directory logins
- From: "E. Winston" <craddle2grave at hotmail dot com>
- To: "cygwin at cygwin dot com" <cygwin at cygwin dot com>
- Date: Mon, 31 Aug 2015 22:39:28 -0500
- Subject: Restrict active directory logins
- Authentication-results: sourceware.org; auth=none
I am running cygwin 2.2.1(0.289/5/3) and OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015 on a domain joined Windows 2012 R2 server. I am not using /etc/passwd or /etc/group and I would prefer not to use theses files as I anticipate a large number of accounts needing to be configured. As part of our group policy, NT AUTHORITY\Authenticated Users and NT AUTHORITY\Interactive are both part of the local Users group. The group policy also places NT AUTHORITY\Authenticated Users into "Log on Locally" security policy. My primary purpose is to use this as an SFTP server. I have been able to deny SSH logins and limit access to on SFTP.
What I would like to know is with this setup, is if there is a way to prevent any user in our domain from logging into the server?
Currently I have directory permissions set so they cannot see anything, but I'd rather not allow them to login at all.
I have a local group created with only the domain accounts I want to be able to explicitly login but thus far I have not been able to determine how to limit logins to just the members of this group.
Thanks in advance,
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple