Corinna Vinschen writes: > The Admin group is a BUILTIN group, so it's always +Administrators > under the default prefixing rule, as outlined in my preliminary > documentation.
Yeah, I was just trying the other variants out of desperation. > And it works fine for me with the latest from CVS (== latest snapshot), > I just tested it. I'm using the latest snapshot, although the behaviour is the same with the previous one. > If I add > > AllowGroups +Administrators > > I can still login with my admin account and get a refusal when logging > in with a non-admin account. > > In contrast, If I add > > DenyGroups +Administrators > > it's the opposite. Yes, that's exactly what isn't working. Even in debug mode the messages from sshd are not very enlightening, but through experimentation I found that the only thing that works is +Authenticated* (for Authenticated Users, obviously). I don't know what's going on, but it seems that when the user credentials are resolved by sshd, the domain accounts are completely inaccessible. Switching off privilege separation doesn't seem to make a difference. > Are you, by any chance, using a non-English OS version? You know that > the administrators group has a localized name, right? In german, for > instance, it's called Administratoren. Not that I know of (I didn't install it), it reports as a bog standard 2012R2 server and all local display is in english. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Samples for the Waldorf Blofeld: http://Synth.Stromeko.net/Downloads.html#BlofeldSamplesExtra -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple