LDAP integration and sshd
Achim Gratz
Stromeko@nexgo.de
Fri Jun 27 19:08:00 GMT 2014
Corinna Vinschen writes:
> The Admin group is a BUILTIN group, so it's always +Administrators
> under the default prefixing rule, as outlined in my preliminary
> documentation.
Yeah, I was just trying the other variants out of desperation.
> And it works fine for me with the latest from CVS (== latest snapshot),
> I just tested it.
I'm using the latest snapshot, although the behaviour is the same with
the previous one.
> If I add
>
> AllowGroups +Administrators
>
> I can still login with my admin account and get a refusal when logging
> in with a non-admin account.
>
> In contrast, If I add
>
> DenyGroups +Administrators
>
> it's the opposite.
Yes, that's exactly what isn't working. Even in debug mode the messages
from sshd are not very enlightening, but through experimentation I found
that the only thing that works is +Authenticated* (for Authenticated
Users, obviously). I don't know what's going on, but it seems that when
the user credentials are resolved by sshd, the domain accounts are
completely inaccessible. Switching off privilege separation doesn't
seem to make a difference.
> Are you, by any chance, using a non-English OS version? You know that
> the administrators group has a localized name, right? In german, for
> instance, it's called Administratoren.
Not that I know of (I didn't install it), it reports as a bog standard
2012R2 server and all local display is in english.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Samples for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldSamplesExtra
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list