Still testing needed: New passwd/group AD/SAM integration

Ken Brown kbrown@cornell.edu
Wed Apr 16 15:32:00 GMT 2014


On 4/16/2014 8:28 AM, Ken Brown wrote:
> On 4/16/2014 2:35 AM, Corinna Vinschen wrote:
>> Hi Ken,
>>
>> On Apr 16 10:04, Corinna Vinschen wrote:
>>> On Apr 15 14:14, Ken Brown wrote:
>>>> I've come across a glitch involving sshd and cygserver.  I normally
>>>> have both running, but I've discovered that I have to start sshd
>>>> before I start cygserver, or else I have problems (can't ssh from a
>>>> non-administrator account to an administrator account).  Here are
>>>> the details on 64 bit Cygwin; I haven't tested 32 bit:
>>>>
>>>> I've installed the full 2014-04-12 snapshot and removed /etc/passwd
>>>> and /etc/group.  I have an ordinary user kbrown and an administrator
>>>> user kbrown-admin.  I now do the following:
>>>>
>>>> 1. Start sshd.
>>>> 2. Start cygserver.
>>>> 3. Start a Cygwin Terminal as user kbrown.
>>>> 4. ssh into the kbrown-admin account (with publickey authentication
>>>> used by default).
>>>>
>>>> $ ssh kbrown-admin@localhost
>>>> Enter passphrase for key '/home/kbrown/.ssh/id_rsa':
>>>> setsockopt IPV6_TCLASS 16: Protocol not available:
>>>> Last login: Tue Apr 15 13:57:12 2014 from fe80::9956:cbba:6928:151c%11
>>>>
>>>> Everything is fine.
>>>>
>>>> Now I close the Cygwin Terminal, stop both services, and restart
>>>> them in the other order (cygserver first, then sshd).  Repeating
>>>> steps 3 and 4, I can't login:
>>>>
>>>> $ ssh kbrown-admin@localhost
>>>> kbrown-admin@localhost's password:
>>>> Permission denied, please try again.
>>>> kbrown-admin@localhost's password:
>>>>
>>>> Notice that (a) I didn't get a prompt for the passphrase for my ssh
>>>> key, and (b) my password wasn't accepted.
>>>
>>> Thanks for the report, Ken.  I'll have a look.
>>
>> To clarify:  This is a non-domain machine, right?  And sshd is running
>> under the cyg_server account while cygserver is running under the
>> LocalSystem account?
>
> Yes to all.
>
>> I'm just testing this, only with a domain machine and domain accounts,
>> and I can't reproduce this.  I have a bit of a problem to test this on a
>> non-domain machine because my network is set up for domain machines...
>>
>> However, I found that I made a blatant mistake in cygserver.  The
>> message length was computed one byte too short, so the trailing \0 in
>> the passwd/group string wasn't transmitted.  This *might* be the cause
>> for your problem.
>>
>> I just built a new snapshot.  Can you please try if this fixes it for
>> you?  Make sure to use the new cygserver!
>
> Yes, that fixed it.  Thanks.
>
>> While I was at it, I also added a patch to get rid of the "setsockopt
>> IPV6_TCLASS 16: Protocol not available" message.
>
> Good.  It's nice to see that anymore.
                   ^
                  not

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list