AllowGroups in SSHD not working for domain accounts
- Date: Wed, 1 Aug 2018 20:21:51 +0200
- From: Michal Zindulka <michal.zindulka@xxxxxxxxx>
- Subject: AllowGroups in SSHD not working for domain accounts
Hi Cygwin team,
I'm trying to setup SSHD with 'AllowGroups' option, but I've encountered
When I setup the 'AllowGroups SSHGROUP' option in 'sshd_config' file, then
a local users who are members of 'SSHGROUP' are able to login without any
issue. When I do the same for domain user, who is also member of local
group 'SSHGROUP', the login will fail with following error in the log:
'User SSHUSER from <IP> not allowed because non of user's groups are listed
When I try to list all users for my domain user using 'groups' command, it
show only domain groups where the user belong + primary groups which is set
in 'passwd' file.
I was able to make it work, using a workaround, by set a local 'SSHGROUP'
as a primary group in 'passwd' file for my domain user. Then this groups is
was also displayed using 'groups' command and user was able to login, but
it's not a suitable solution for me.
I've tried also to assign my domain user to 'SSHGROUP' in 'group' file, but
I'm running Windows Server 2012 R2 with Cygwin 2.10.0. SSHD service is
running under a local user. Tried as well to run a service under a domain
user, but it didn't help as well.
Is Cygwin capable such a solution and I'm doing something wrong, or the not
listing local groups for domain users is a default behaviour?
Thanks in advance.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple