Hi Thomas, On May 13 11:09, Schutter, Thomas A. wrote: > Except that is not what I am seeing. When I run "id" from a console > cygwin shell: > $ id > uid=18718(tschutter) gid=10513(Domain Users) > groups=544(Administrators),545(Users),10513(Domain > Users),18169(FDSV-GG-PrxBLD),22611(FDSV-GG-PrxPCAdmins) > > But when I run "id" from a ssh shell: > $ id > uid=18718(tschutter) gid=10513(Domain Users) > groups=545(Users),10513(Domain Users) > > So when I am using pubkey authentication, the user token is not a member > of the "Administrators", "FDSV-GG-PrxBLD", or "FDSV-GG-PrxPCAdmins" > groups.
Dunno if you fixed this problem in the meantime? I tested this myself and debugged this situation. It turned out (in *my* local scenario), the the PDC refused to list the groups the user is member of: $ id uid=11001(corinna) gid=10513(DomUsers) groups=545(Users),10513(DomUsers) The problem was that the domain sshd_server account has no right to access the domain controller from the network. Solution: Open the Local Security Policy of the DC and look for the User Right "Deny access to this computer from the network". You'll find your sshd_server user in there. Remove it from this user right. Try again: $ id uid=11001(corinna) gid=10513(DomUsers) groups=544(Administrators), 545(Users),10512(DomAdmins),10513(DomUsers) If that doesn't help, you'll probbaly have an overriding Domain Controller Security Policy set. Look there, set (or reset) the "Deny access to this computer from the network" user right accordingly and try again. HTH, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
