This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: CSIH patch (Re: Unable to run sshd under a domain sshd_server account [SOLVED])


On Jul 19 12:51, Charles Wilson wrote:
> Corinna Vinschen wrote:
>> Oh, btw., Charles, that's one for you.
>> On Jun 16 23:01, Corinna Vinschen wrote:
>>> On May 13 11:09, Schutter, Thomas A. wrote:
>>> The problem was that the domain sshd_server account has no right to
>>> access the domain controller from the network.  Solution: Open the Local
>>> Security Policy of the DC and look for the User Right "Deny access to
>>> this computer from the network".  You'll find your sshd_server user in
>>> there.  Remove it from this user right.  Try again:
>> This user right shouldn't be set anymore in the
>> csih/cygwin-service-installation-helper.sh script.  Patch follows:
>> 	* Don't disallow network logon for service user account.
>
> Here's the patch I applied, for csih-0.1.5:

Thanks Chuck.

However, I sent a second patch in
http://cygwin.com/ml/cygwin/2008-06/msg00453.html
The Interactive Logon Right is also necessary for this account.

What also doesn't work well is this:  In a domain I might want a
cyg_server domain account, rather than a local account on each
machine.  The reason is that the rights of the domain account can
be nicely controlled via group policy.  That won't work for local
accounts on the domain member machines.  Therefore, if a cyg_server
account exists in /etc/passwd, I think it should be used.


Thanks again,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]