LDAP integration and sshd
Achim Gratz
Stromeko@nexgo.de
Thu Jun 26 17:03:00 GMT 2014
Corinna Vinschen writes:
>> Hmm. Doesn't appear to be working in any combination I tried, I'm always
>> getting an "invalid user" when I'm trying to do that. Is it possible that
>> the AD lookup doesn't work when using privilege separation?
>
> No idea. Did you try? You didn't use '@' as separator, by any chance?
No, I didn't change any settings from the default (apart from the lone
sshd entry in /etc/passwd to make the local account visible to the
sshd). The sshd runs under the sshd local account.
So, I've tried to let certain users in only if they match a name pattern
(the pattern match is verified to work and shows up in the log) and are
in group +Administrators as resloves with getent, as soon as I specify
anything other than "*" in the AllowGroup config, these users are not
allowed to log in. I've tried "Administrators", "+Administrators" and
even "primaryDOM+Administrators". The same happens for another list of
users and a non-administrative group from the primary domain that
basically all users are a member of; no changes in behaviour when I
chose a domain group that I know has only a handful of users including
the test account.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list