Domain Admins don't have permissions when logging in via SSH
Sebastian Koerner
glomix@gmx.de
Thu May 30 12:24:00 GMT 2013
Hi Cygwin,
We have some trouble with OpenSSH in Cygwin. We think, that the impersonation does not work in the 1.7 cywin, but can't figure out why.
- We followed http://cygwin.com/faq-nochunks.html#faq.using.sshd-in-domain to integrate sshd into our domain. There is a domain\cyg_server user ( c ) with all the permissions needed.
- Test: We log on using
o (a) the local Windows Administrator using ssh
o (b) using a Domain\Administrator account
o (c) the Domain (Admin) Account that runs sshd server. (domain\cyg_server
Problem is: The (b) Domain Administrator Account is not reported to be a member of the local Administrators group. And he has no admin rights (test: configure a Windows Service)
What we observed is:
- The Domain Admin Account that the Cygwin sshd Service runs under (domain\cyg_server) has all the permissions.
- A local Administrator that connects using ssh has all the permission.
- BUT the best thing: In legacy Cygwin installations the Domain Admin Account *has* local Admin permissions
Can anyone help?
This is the output of id, then sc service sshd start and uname -a:
A Windows XP with Cygwin legacy (note the Administrators Group)
uid=11100(domainadm) gid=10512(Domain Admins) groups=544(Administrators),545(Users),1009(Debugger Users),10512(Domain Admins)
[SC] StartService FAILED 1056:
An instance of the service is already running.
CYGWIN_NT-5.2-WOW64 xpwks 1.5.25(0.156/4/2) 2008-03-05 19:27 i686 Cygwin
A Windows 7 with Cygwin 1.7
uid=11100(domainadm) gid=10512(Domain Admins) groups=10512(Domain Admins),545(Users)
[SC] StartService: OpenService FAILED 5:
Access is denied.
CYGWIN_NT-6.1-WOW64 w7wks 1.7.9(0.237/5/3) 2011-03-29 10:10 i686 Cygwin
Sebastian
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list