On Wed, Aug 1, 2018 at 2:21 PM, Michal Zindulka <michal.zindu...@gmail.com> wrote: > Hi Cygwin team, > > I'm trying to setup SSHD with 'AllowGroups' option, but I've encountered > following troubles. > > When I setup the 'AllowGroups SSHGROUP' option in 'sshd_config' file, then > a local users who are members of 'SSHGROUP' are able to login without any > issue. When I do the same for domain user, who is also member of local > group 'SSHGROUP', the login will fail with following error in the log: > > 'User SSHUSER from <IP> not allowed because non of user's groups are listed > in AllowGroups. > > When I try to list all users for my domain user using 'groups' command, it > show only domain groups where the user belong + primary groups which is set > in 'passwd' file. > > I was able to make it work, using a workaround, by set a local 'SSHGROUP' > as a primary group in 'passwd' file for my domain user. Then this groups is > was also displayed using 'groups' command and user was able to login, but > it's not a suitable solution for me. > > I've tried also to assign my domain user to 'SSHGROUP' in 'group' file, but > didn't help.
Not sure if it is related, but... On Windows domains you are supposed to follow the UGLY model. The letters of UGLY stand for: Users into Global groups Global into domain Local groups You assign permissions SSHGROUP should be a local group with members from the domain and global groups. Of course, scratch this if the machinery is doing something different. Jeff -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
