Corinna Vinschen wrote: > On May 13 11:49, Schutter, Thomas A. wrote: > > Corinna Vinschen wrote: > > > > Except that is not what I am seeing. When I run "id" from a > console > > > > cygwin shell: > > > > $ id > > > > uid=18718(tschutter) gid=10513(Domain Users) > > > > groups=544(Administrators),545(Users),10513(Domain > > > > Users),18169(FDSV-GG-PrxBLD),22611(FDSV-GG-PrxPCAdmins) > > > > > > > > But when I run "id" from a ssh shell: > > > > $ id > > > > uid=18718(tschutter) gid=10513(Domain Users) > > > > groups=545(Users),10513(Domain Users) > > > > > > > > So when I am using pubkey authentication, the user token is not a > > > member > > > > of the "Administrators", "FDSV-GG-PrxBLD", or "FDSV-GG- > PrxPCAdmins" > > > > groups. > > > > > > That wasn't what I was talking about. I was just referring to the > > > assertion that Windows doesn't know about user impersonation or > > > user switching. > > > > > > As for your user token, Cygwin tries to get information about the > user > > > by asking the local machine what local and global groups the user > is > > > member in. Some local groups are only in the user's group list, > > > because > > > one of the global grouyps is in turn member of a local group, which > is > > > probably the case for the Admin's group. For some reason your > local > > > machine doesn't return any of the information about the global > domain > > > groups your user is member in. Possible reasons are that > retrieving > > > the > > > PDC for the user's domain fails, or that the PDC refuses to list > the > > > user's groups for some reason. That's something you would have to > > > debug > > > in your local installation. > > > > Ahh. From my original email from a console cygwin shell: > > $ echo $USERDOMAIN > > FLOODDATA > > > > But when I login via ssh: > > $ echo $USERDOMAIN > > FDSVBLD01SGRAPE > > > > So when I login via ssh, the USERDOMAIN is set to the local machine > > rather than the domain. So I would suspect that the PDC is not even > > being queried. > > You're jumping to conclusions. The reason why USERNAME and USERDOMAIN > are wrong I explained in my first reply. Both values don't matter when > Cygwin tries to connect to the PDC, as long as the /etc/passwd pw_gecos > field contains a valid U-DOMAIN\username entry. This information is > used to connect to the PDC. > > > Corinna
OK. My /etc/passwd file was generated with the "mkpasswd -l -d" command. The /etc/passwd pw_gecos field for tschutter is just "U-FLOODDATA\tschutter". So what debugging step can I take next? -- Tom Schutter First American - Proxix Solutions (512) 977-6822 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
