[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSHD user-switching under Cygwin/XP (was Re: Case insensitivity ad n
From: |
Derek Robert Price |
Subject: |
Re: SSHD user-switching under Cygwin/XP (was Re: Case insensitivity ad nauseum) |
Date: |
Fri, 05 Dec 2003 13:30:29 -0500 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Max Bowsher wrote:
>Derek Robert Price wrote:
>
>>My research so far leads me to believe that the problem is that the
>>Local System Account does not have permission to access the drive.
>
>...
>
>>>>it set up for nightly testing (if anyone knows how to get Cygwin sshd to
>>>>allow access to a mounted Samba share via its login shell, I could use
>>>>some assistance).
>
>
>I haven't been following the case-insensitivity thread, but is this the
>problem:
>
>You are logging in to Cygwin sshd using publickey auth (i.e. no password),
>and you cannot access a Samba/Windows share that your user should be able
>to?
Yes.
>If so, the explanation is this:
>
>sshd runs as the Windows SYSTEM user (or other user with sufficient rights)
>to create Windows authentication tokens. These are fully valid on the local
>machine, *but* if you do not log in with a password, the token does not
>contain a password (because there is no way to know what it is - it is
>hashed in the Windows password database). Therefore, no password =
unable to
>authenticate to remote machines, therefore unable to access network shares.
>
>There is no elegant solution. Inelegant solutions include:
>* Only log into sshd with a password.
I can't. I want to make this part of hte automated nightly testing and
currently, for security reasons, the testing account doesn't even have a
password.
>* Put your password into a file only readable by you, and use it with the
>Windows "net use" command during your .profile, to connect to the network
>share.
It took me some time to figure out the syntax, but I've now tried
various permutations of net use. I mostly am causing it to generate a
lot of system errors:
> address@hidden ~
> $ net use z: '\\empress\oberon' /user:oberon 'password'
> System error 5 has occurred.
>
> Access is denied.
>
>
> address@hidden ~
> $
and
> address@hidden ~
> $ net use '\\empress\oberon' /user:address@hidden 'password'
> System error 86 has occurred.
>
> The specified network password is not correct.
>
>
> address@hidden ~
> $ net use '\\empress\oberon' /user:oberon 'password'
> System error 1312 has occurred.
>
> A specified logon session does not exist. It may already have been
> terminated.
>
>
> address@hidden ~
> $ net use z: '\\empress\oberon' /user:oberon
> Enter the password for 'oberon' to connect to 'empress': Enter the
> password for
> 'oberon' to connect to 'empress': System error 5 has occurred.
>
> Access is denied.
>
> The password is invalid for \\empress\oberon.
>
>
>
>
> address@hidden ~
> $ net use z: '\\empress\oberon' /user:oberon
> Enter the password for 'oberon' to connect to 'empress': Enter the
> password for
> 'oberon' to connect to 'empress': System error 5 has occurred.
>
> Access is denied.
>
> The password is invalid for \\empress\oberon.
>
>
>
>
> address@hidden ~
> $ net use z: '\\empress\oberon' /user:oberon 'password'
> System error 5 has occurred.
>
> Access is denied.
>
>
> address@hidden ~
> $
Note that in the cases where I do not supply a password, the prompt that
is presented times out with the error message in milliseconds. There is
not nearly enough time for me to even hit a key.
SSHD does appear to be performing the user switch correctly. I think
that is the reason I show up in the Administrators group, and I can
access my local files:
> address@hidden ~
> $ id
> uid=1009(oberon) gid=513(None)
> groups=513(None),544(Administrators),545(Users)
>
> address@hidden ~
> $
When the drive is already mounted from the XP desktop, the following
command claims to work:
> address@hidden ~
> $ net use z:
> Local name z:
> Remote name \\Empress\oberon
> Resource type Disk
> The command completed successfully.
>
>
> address@hidden ~
> $
But the drive still doesn't appear, even after issuing mount commands:
> address@hidden ~
> $ ls /cygdrive/
> c
>
> address@hidden ~
> $ ls /cygdrive/z/
> ls: /cygdrive/z/: No such file or directory
>
> address@hidden ~
> $
I will note that `net use' still reports the Z: drive is inaccessible
after the previous command returns success:
> address@hidden ~
> $ net use
> New connections will be remembered.
>
>
> Status Local Remote Network
>
>
-
-------------------------------------------------------------------------------
> Unavailable Z: \\Empress\oberon Microsoft Windows Network
> The command completed successfully.
>
>
> address@hidden ~
> $
Any more hints?
Regards,
Derek
- --
*8^)
Email: address@hidden
Get CVS support at <http://ximbiot.com>!
- --
Were it left for me to decide whether we should have a government
without newspapers, or newspapers without a government, I should not
hesitate a moment to prefer the latter.
- Thomas Jefferson
(appeared
http://hotwired.lycos.com/special/lawsuit/ )
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org
iD8DBQE/0M7ELD1OTBfyMaQRAkMGAKDV6wXX6IRA6I0L5mmPLgKFOIaJCQCdH1EW
HbrBiZtc91TIL02Rv3Hq8do=
=ZGcB
-----END PGP SIGNATURE-----
- Re: SSHD user-switching under Cygwin/XP (was Re: Case insensitivity ad nauseum), Max Bowsher, 2003/12/05
- Re: SSHD user-switching under Cygwin/XP (was Re: Case insensitivity ad nauseum),
Derek Robert Price <=
- Re: SSHD user-switching under Cygwin/XP (was Re: Case insensitivity ad nauseum), Nathan Kidd, 2003/12/05
- Re: SSHD user-switching under Cygwin/XP (was Re: Case insensitivity ad nauseum), Derek Robert Price, 2003/12/10
- Re: SSHD user-switching under Cygwin/XP (was Re: Case insensitivity ad nauseum), Derek Robert Price, 2003/12/10
- Re: SSHD user-switching under Cygwin/XP (was Re: Case insensitivity ad nauseum), Nathan Kidd, 2003/12/10
- Re: SSHD user-switching under Cygwin/XP (was Re: Case insensitivity ad nauseum), Derek Robert Price, 2003/12/10
- Re: SSHD user-switching under Cygwin/XP (was Re: Case insensitivity ad nauseum), David Wood, 2003/12/10
- Re: SSHD user-switching under Cygwin/XP (was Re: Case insensitivity ad nauseum), Derek Robert Price, 2003/12/10
How to select files from other directories in WinCVS, Phil Labonte, 2003/12/05