LDAP integration and sshd

Achim Gratz Stromeko@nexgo.de
Thu Jun 26 17:03:00 GMT 2014


Corinna Vinschen writes:
>> Hmm.  Doesn't appear to be working in any combination I tried, I'm always
>> getting an "invalid user" when I'm trying to do that.  Is it possible that
>> the AD lookup doesn't work when using privilege separation?
>
> No idea.  Did you try?  You didn't use '@' as separator, by any chance?

No, I didn't change any settings from the default (apart from the lone
sshd entry in /etc/passwd to make the local account visible to the
sshd).  The sshd runs under the sshd local account.

So, I've tried to let certain users in only if they match a name pattern
(the pattern match is verified to work and shows up in the log) and are
in group +Administrators as resloves with getent, as soon as I specify
anything other than "*" in the AllowGroup config, these users are not
allowed to log in.  I've tried "Administrators", "+Administrators" and
even "primaryDOM+Administrators".  The same happens for another list of
users and a non-administrative group from the primary domain that
basically all users are a member of; no changes in behaviour when I
chose a domain group that I know has only a handful of users including
the test account.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list