Still testing needed: New passwd/group AD/SAM integration
Ken Brown
kbrown@cornell.edu
Wed Apr 16 15:28:00 GMT 2014
On 4/16/2014 2:35 AM, Corinna Vinschen wrote:
> Hi Ken,
>
> On Apr 16 10:04, Corinna Vinschen wrote:
>> On Apr 15 14:14, Ken Brown wrote:
>>> I've come across a glitch involving sshd and cygserver. I normally
>>> have both running, but I've discovered that I have to start sshd
>>> before I start cygserver, or else I have problems (can't ssh from a
>>> non-administrator account to an administrator account). Here are
>>> the details on 64 bit Cygwin; I haven't tested 32 bit:
>>>
>>> I've installed the full 2014-04-12 snapshot and removed /etc/passwd
>>> and /etc/group. I have an ordinary user kbrown and an administrator
>>> user kbrown-admin. I now do the following:
>>>
>>> 1. Start sshd.
>>> 2. Start cygserver.
>>> 3. Start a Cygwin Terminal as user kbrown.
>>> 4. ssh into the kbrown-admin account (with publickey authentication
>>> used by default).
>>>
>>> $ ssh kbrown-admin@localhost
>>> Enter passphrase for key '/home/kbrown/.ssh/id_rsa':
>>> setsockopt IPV6_TCLASS 16: Protocol not available:
>>> Last login: Tue Apr 15 13:57:12 2014 from fe80::9956:cbba:6928:151c%11
>>>
>>> Everything is fine.
>>>
>>> Now I close the Cygwin Terminal, stop both services, and restart
>>> them in the other order (cygserver first, then sshd). Repeating
>>> steps 3 and 4, I can't login:
>>>
>>> $ ssh kbrown-admin@localhost
>>> kbrown-admin@localhost's password:
>>> Permission denied, please try again.
>>> kbrown-admin@localhost's password:
>>>
>>> Notice that (a) I didn't get a prompt for the passphrase for my ssh
>>> key, and (b) my password wasn't accepted.
>>
>> Thanks for the report, Ken. I'll have a look.
>
> To clarify: This is a non-domain machine, right? And sshd is running
> under the cyg_server account while cygserver is running under the
> LocalSystem account?
Yes to all.
> I'm just testing this, only with a domain machine and domain accounts,
> and I can't reproduce this. I have a bit of a problem to test this on a
> non-domain machine because my network is set up for domain machines...
>
> However, I found that I made a blatant mistake in cygserver. The
> message length was computed one byte too short, so the trailing \0 in
> the passwd/group string wasn't transmitted. This *might* be the cause
> for your problem.
>
> I just built a new snapshot. Can you please try if this fixes it for
> you? Make sure to use the new cygserver!
Yes, that fixed it. Thanks.
> While I was at it, I also added a patch to get rid of the "setsockopt
> IPV6_TCLASS 16: Protocol not available" message.
Good. It's nice to see that anymore.
Ken
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list