This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Windows Server 2012R2 64bit and 32bit Cygwin sshd


On Aug 19 19:21, Achim Gratz wrote:
> Corinna Vinschen writes:
> > This is a call to the Win32 API call NetUserGetGroups creating an
> > exception due to an "access denied".  The difference between 32 and 64
> > bit is probably a result of the differences in exception handling, and
> > given that an ExceptionCode 5 will be ignored by Cygwin's exception
> > handler, it's probably the next handler in the chain.
> 
> Well, as I said, Cygwin64 dutifully ignores the exception and then goes
> to fetch my password from the registry and forks off the command given
> to ssh.

Yeah, as I said.

> > Are you running sshd under a local cyg_server account or under a domain
> > cyg_server account?  Is it possible that this is a local cyg_server
> > account, and as a non-domain account actually gets an "access denied"
> > when trying to request AD user information?
> 
> It's a local account, actually I've got a separate account cyg_server32
> for that.  I've double checked that this is set up the same way as the
> original cyg_server account except for the home directory.

It doesn't matter if it's the same.  An exception is generated and 32
and 64 bit versions react differently for whatever reason.  It's also
really unnecessary to generate two accounts for this.

> > If your cyg_server is a local account I'd suggest to try with an
> > AD account per https://cygwin.com/faq/faq.html#faq.using.sshd-in-domain
> 
> I can try but the AD admins are still sitting on their thumbs for the
> sshd domain account, so I don't have high hopes for fast enough
> turnaround.  Plus, they have new rules that forbid administrative
> accounts that have unlimited activation, so I don't know how much use
> this is.

Setting up sshd should be the job of an admin in the first place.  The
domain account is a service starter account, not just some arbitrary
administrative account.  That, and much easier maintainance domain-wide
should be blatantly obvious to the admins.

> > Other than that I have a funny idea how to workaround this problem from
> > inside Cygwin.  If you want to give it a try, I'll send you a pointer
> > to a 32 bit DLL via PM.
> 
> Yes please.  As long as I don't get sshd to work, I can't use this
> installation for its intended purpose anyway.

Thanks, coming...


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpVGzJ35SU77.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]