This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Vedr.: Re: Vedr.: Re: OpenSSH under the CYGWIN package, does not read domain groups in /etc/group file.


On Fri, Jun 25, 2004 at 03:58:39PM -0400, Larry Hall wrote:
> At 03:21 AM 6/25/2004, you wrote:
> 
> >I have been making both the passwd and group files using the -d option.
> >
> >When I log on as a domain user I get the same result as previus:
> >><snip>
> >>
> >>>Output from d:\programmer\cygwin\bin\id.exe (nontsec)
> >>>UID: ) GID: )
> >>
> >>^^^^^^^^^^^^^^^
> >>This doesn't look good.  Did you edit this output?
> >>
> >>
> >>>Output from d:\programmer\cygwin\bin\id.exe (ntsec)
> >>>UID: ) GID: )
> >>
> >>^^^^^^^^^^^^^^^^^
> >>Ditto

What happens when you run id directly from the shell, 
as a domain user, both on the server and on the workstation?

> >>
> >>
> >><snip>
> >If I log on as the local administrator I get this:
> >Output from d:\programmer\cygwin\bin\id.exe (nontsec)
> >UID: 500(Administrator) GID: 544(Administrators)
> >544(Administrators)
> >
> >Output from d:\programmer\cygwin\bin\id.exe (ntsec)
> >UID: 500(Administrator) GID: 544(Administrators)
> >0(root)                 513(None)
> >544(Administrators)     545(Users)
> >10545(mkgroup-l-d)

The strange think is that the local Administrator is part of
10545, which is the Domain Users group. I have never seen that.
Was that on the server or on the workstation?
Is either of those the Primary Domain Controller?

> >This looks much better, I think.
> >
> >I still think, this might have something to do, with my security settings.
> >When I try to run MKGROUP on the server, as the local admin. I get this
> >result:
> >$ mkgroup -d
> >NetGroupEnum() failed with 1326
> >
> >And the mkpasswd command:
> >$ mkpasswd -d -u las -p /home
> >mkpasswd: [1326] Logon failure: unknown user name or bad password.
> >
> >The way I have been making those 2 files, is I've run the commands on my
> >workstation, and copied them to the server (they are on the same domain).
>
> 
> 
> So it looks like the user you're running as can't access the domain on 
> the server.  I seem to recall a hazy memory of some problems with 
> this in the past but I can't find a reference.  Anyway, that does sound
> like a local (server machine) security configuration issue like you said.

He says he is running the command as the local admin on the server. 
It makes sense that the local admin cannot access the info on the Primary 
Domain Controller, at least if the server is different from the PDC. 
If the server is also the PDC, I am not too sure what should happen.

What machine is TWEBREP01? The server or the workstation?
Is either of them SRVDC01?
 
What happens when running mkpasswd -d -u las 
while being logged on as domain user las, 
both on the server and on the workstation?

You have never explained (AFAIK) why you think that the 
group file isn't read. In fact it's unclear what you have
done exactly. 
To get to a clean state you could try to:
- login on the server as domain user las
- mkpasswd -l -c > /etc/passwd
- mkgroup -l -c > /etc/group    (this will regenerate the files to a clean state)
  Note that there is no -d 
- Verify that there is only one user las in /etc/passwd and that his 
  home directory in /etc/passwd is on a local disk.
  Edit /etc/passwd if necessary to set it that way. 
  Do not make any other change to /etc/passwd or /etc/group
- Make sure those files are readable by everybody and / is a system mount 
- start a new bash shell from Windows and verify that you are in the home
  directory specified in /etc/passwd
- run ssh-user-config
- start the sshd daemon on the server (assuming you have already run ssh-host-config)
- ssh localhost on the server

Pierre
 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]