Re: strange cygwin sshd user generated (user name includes machine name)

2016-03-31 Thread Pete Moore 
RESOLVED! =)

I’m happy to report Brian McGeorge found a solution, which was kindly
passed on to me via Ben Stragnell. The answer is to set the
environment variable LOGONSERVER to \\%COMPUTERNAME%.

This works by not executing the body of the if statement in:
https://cygwin.com/git/gitweb.cgi?p=cygwin-csih.git;a=blob;f=cygwin-service-installation-helper.sh;h=10ab4fb6d47803c9ffabdde51923fc2c3f0496bb;hb=7ca191bebb52ae414bb2a2e37ef22d94f2658dc7#l2884

(lines 2884 to 2890)

My working user data now looks like this (note - you need to see both
links for context - different parts of the same user data file).

   * 
https://github.com/taskcluster/generic-worker/blob/b0786db002921d3ec7d40053ac2e6799679ab290/worker_types/win2012r2/userdata#L4
   * 
https://github.com/taskcluster/generic-worker/blob/b0786db002921d3ec7d40053ac2e6799679ab290/worker_types/win2012r2/userdata#L81-L101

The addition to the powershell script was simply:

   $env:LOGONSERVER = "\\" + $env:COMPUTERNAME

I can confirm this fix works! Thanks again to Brian and Ben. =)

Pete

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: strange cygwin sshd user generated (user name includes machine name)

2016-03-31 Thread Peter Moore 
RESOLVED! =)

I’m happy to report Brian McGeorge found a solution, which was kindly passed on 
to me via Ben Stragnell. The answer is to set the environment variable 
LOGONSERVER to \\%COMPUTERNAME%.

This works by not executing the body of the if statement in: 
https://cygwin.com/git/gitweb.cgi?p=cygwin-csih.git;a=blob;f=cygwin-service-installation-helper.sh;h=10ab4fb6d47803c9ffabdde51923fc2c3f0496bb;hb=7ca191bebb52ae414bb2a2e37ef22d94f2658dc7#l2884

(lines 2884 to 2890)

My working user data now looks like this (note - you need to see both links for 
context - different parts of the same user data file).

* 
https://github.com/taskcluster/generic-worker/blob/b0786db002921d3ec7d40053ac2e6799679ab290/worker_types/win2012r2/userdata#L4
* 
https://github.com/taskcluster/generic-worker/blob/b0786db002921d3ec7d40053ac2e6799679ab290/worker_types/win2012r2/userdata#L81-L101

The addition to the powershell script was simply:

$env:LOGONSERVER = "\\" + $env:COMPUTERNAME

I can confirm this fix works! Thanks again to Brian and Ben. =)

Pete



> On 03 Oct 2015, at 20:27, Peter Moore  wrote:
> 
> After a little bit more digging, I think the cygwin name is coming from the 
> output of getent here:
> 
> https://cygwin.com/git/gitweb.cgi?p=cygwin-csih.git;a=blob;f=cygwin-service-installation-helper.sh;h=10ab4fb6d47803c9ffabdde51923fc2c3f0496bb;hb=7ca191bebb52ae414bb2a2e37ef22d94f2658dc7#l2705
> 
> At this point, I’m not sure what causes getent to return different values 
> when run in automation, and when run manually. I wonder if there is some kind 
> of race condition, such that some subsystem is still updating at the point I 
> install cygwin sshd.
> 
> For reference, this is the powershell script, see lines 77 onwards:
> https://hg.mozilla.org/try/file/4905af7c52e5/testing/taskcluster/worker_types/win2012r2/aws_userdata
> 
> Thanks!
> Pete
> 
> 
> 
>> On 03 Oct 2015, at 19:12, Peter Moore  wrote:
>> 
>> Hi,
>> 
>> I have a powershell script for installing cygwin and setting up sshd which I 
>> am using as UserData when firing up a Windows 2012 R2 instance in AWS EC2.
>> 
>> The same command succeeds when run manually, but fails when called from 
>> automation. I’m trying to understand what it is that is different, so I can 
>> fix it in automation.
>> 
>> The command called is:
>> 
>> ssh-host-config -y -c 'ntsec mintty' -u 'cygwinsshd' -w 'qwe123QWE!@#'
>> 
>> When I run manually, logged in as Administrator, I get a log line like this 
>> (notice the correct “Cygwin name”):
>> 
>> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' 
>> (Cygwin name: ‘cygwinsshd')? (yes/no) yes
>> 
>> When I run from automation, the log line looks like this (notice the 
>> incorrect “Cygwin name”):
>> 
>> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' 
>> (Cygwin name: 'win-efpdim0saup+cygwinsshd')? (yes/no) yes
>> 
>> It seems the extended “Cygwin name” which I get in automation causes 
>> ssh-host-config to fail. I’m trying to establish what causes the cygwin name 
>> to get the prefix of the machine name, since this seems to cause the problem.
>> 
>> For reference, below I’ve put the logs in both the successful (manual) case, 
>> and the failing (automated) case.
>> 
>> If anyone can point me to the source code of ssh-host-config I’m also happy 
>> to dig - I couldn’t find it online. So if you’re not sure, but know where 
>> the source is, I’m happy to look.
>> 
>> Many thanks in advance!
>> Pete
>> 
>> 
>> 
>> SUCCESSFUL run (when executed manually):
>> 
>> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' 
>> (Cygwin name: ‘cygwinsshd')? (yes/no) yes
>> *** Info: User ‘cygwinsshd' has been created with password 'qwe123QWE!@#'.
>> *** Info: If you change the password, please remember also to change the
>> *** Info: password for the installed services which use (or will soon use)
>> *** Info: the ‘cygwinsshd' account.
>> 
>> *** Info: The sshd service has been installed under the ‘cygwinsshd'
>> *** Info: account.  To start the service now, call `net start sshd' or
>> *** Info: `cygrunsrv -S sshd'.  Otherwise, it will start automatically
>> *** Info: after the next reboot.
>> *** Info: Host configuration finished. Have fun!
>> 
>> 
>> FAILED run (when called in automation):
>> 
>> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' 
>> (Cygwin name: 'win-efpdim0saup+cygwinsshd')? (yes/no) yes
>> *** Info: User 'win-efpdim0saup+cygwinsshd' has been created with password 
>> 'qwe123QWE!@#'.
>> *** Info: If you change the password, please remember also to change the
>> *** Info: password for the installed services which use (or will soon use)
>> *** Info: the 'win-efpdim0saup+cygwinsshd' account.
>> 
>> *** Warning: Setting password expiry for user 'win-efpdim0saup+cygwinsshd' 
>> failed!
>> *** Warning: Please check that password never expires or set it to your 
>> needs.
>> No

Re: strange cygwin sshd user generated (user name includes machine name)

2015-10-09 Thread Linda Walsh 

Peter Moore wrote:

Hi,

I have a powershell script for installing cygwin and setting up sshd which I am 
using as UserData when firing up a Windows 2012 R2 instance in AWS EC2.

The same command succeeds when run manually, but fails when called from 
automation. I’m trying to understand what it is that is different, so I can fix 
it in automation.



I have both a domain account (Bliss) and a local account on my 
winclient(Athenae): Bliss\linda & linda


Using Domain account on client -> Domain server
ssh Bliss 

server logs say:
... sshd[49322]: pam_winbind(sshd:account): user 'Bliss\linda' granted access
using

ssh linda@Bliss, server logs say:

sshd[51179]: pam_winbind(sshd:account): user 'linda' granted access


Using local account on client ->Domain:

ssh Bliss

server says:
Oct  9 20:51:21 Ishtar sshd[51787]: pam_winbind(sshd:account): user 'linda' 
granted access
if I want to login to the domain account, I need to specify it as the user:

ssh 'Bliss\linda'@Bliss

server says:
sshd[51982]: pam_winbind(sshd:account): user 'Bliss\linda' granted access

so in the above case, I am seeing a similar "symptom" -- where it uses
'domain\user' when I'm logged in my domain account 
and just 'user' if I specify 'user@Domain'.


Both login to the *same* account on the PDC -- because on the PDC
local users are domain users -- because the SID of the local machine
is the same as the domain SID.

I.e. on the domain server, I can display the domain or the local machine SID:


net getlocalsid   #note, it equates local machine name as a domain name in this 
case

SID for domain ISHTAR is: S-1-5-21-3-7-3

When I ask for the domain sid: it displays both:


net getdomainsid

SID for local machine ISHTAR is: S-1-5-21-3-7-3
SID for domain BLISS is: S-1-5-21-3-7-3


So first, obvious question is "are domains involved",
but 2nd question ... are the machine 'SIDS' the same in both cases?

I.e. when you run 'live' vs. run under automation, maybe the 'automation'
looks like a different machine name and uses a different 'sid'?  
That'd be my best guess...I only replied because I have seen the same

symptom depending on usage of the domain vs. local account.


Good luck!




--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: strange cygwin sshd user generated (user name includes machine name)

2015-10-03 Thread Peter Moore 
After a little bit more digging, I think the cygwin name is coming from the 
output of getent here:

https://cygwin.com/git/gitweb.cgi?p=cygwin-csih.git;a=blob;f=cygwin-service-installation-helper.sh;h=10ab4fb6d47803c9ffabdde51923fc2c3f0496bb;hb=7ca191bebb52ae414bb2a2e37ef22d94f2658dc7#l2705

At this point, I’m not sure what causes getent to return different values when 
run in automation, and when run manually. I wonder if there is some kind of 
race condition, such that some subsystem is still updating at the point I 
install cygwin sshd.

For reference, this is the powershell script, see lines 77 onwards:
https://hg.mozilla.org/try/file/4905af7c52e5/testing/taskcluster/worker_types/win2012r2/aws_userdata

Thanks!
Pete



> On 03 Oct 2015, at 19:12, Peter Moore  wrote:
> 
> Hi,
> 
> I have a powershell script for installing cygwin and setting up sshd which I 
> am using as UserData when firing up a Windows 2012 R2 instance in AWS EC2.
> 
> The same command succeeds when run manually, but fails when called from 
> automation. I’m trying to understand what it is that is different, so I can 
> fix it in automation.
> 
> The command called is:
> 
> ssh-host-config -y -c 'ntsec mintty' -u 'cygwinsshd' -w 'qwe123QWE!@#'
> 
> When I run manually, logged in as Administrator, I get a log line like this 
> (notice the correct “Cygwin name”):
> 
> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' 
> (Cygwin name: ‘cygwinsshd')? (yes/no) yes
> 
> When I run from automation, the log line looks like this (notice the 
> incorrect “Cygwin name”):
> 
> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' 
> (Cygwin name: 'win-efpdim0saup+cygwinsshd')? (yes/no) yes
> 
> It seems the extended “Cygwin name” which I get in automation causes 
> ssh-host-config to fail. I’m trying to establish what causes the cygwin name 
> to get the prefix of the machine name, since this seems to cause the problem.
> 
> For reference, below I’ve put the logs in both the successful (manual) case, 
> and the failing (automated) case.
> 
> If anyone can point me to the source code of ssh-host-config I’m also happy 
> to dig - I couldn’t find it online. So if you’re not sure, but know where the 
> source is, I’m happy to look.
> 
> Many thanks in advance!
> Pete
> 
> 
> 
> SUCCESSFUL run (when executed manually):
> 
> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' 
> (Cygwin name: ‘cygwinsshd')? (yes/no) yes
> *** Info: User ‘cygwinsshd' has been created with password 'qwe123QWE!@#'.
> *** Info: If you change the password, please remember also to change the
> *** Info: password for the installed services which use (or will soon use)
> *** Info: the ‘cygwinsshd' account.
> 
> *** Info: The sshd service has been installed under the ‘cygwinsshd'
> *** Info: account.  To start the service now, call `net start sshd' or
> *** Info: `cygrunsrv -S sshd'.  Otherwise, it will start automatically
> *** Info: after the next reboot.
> *** Info: Host configuration finished. Have fun!
> 
> 
> FAILED run (when called in automation):
> 
> *** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' 
> (Cygwin name: 'win-efpdim0saup+cygwinsshd')? (yes/no) yes
> *** Info: User 'win-efpdim0saup+cygwinsshd' has been created with password 
> 'qwe123QWE!@#'.
> *** Info: If you change the password, please remember also to change the
> *** Info: password for the installed services which use (or will soon use)
> *** Info: the 'win-efpdim0saup+cygwinsshd' account.
> 
> *** Warning: Setting password expiry for user 'win-efpdim0saup+cygwinsshd' 
> failed!
> *** Warning: Please check that password never expires or set it to your needs.
> No user or group 'win-efpdim0saup+cygwinsshd' known.
> *** Warning: Assigning the appropriate privileges to user 
> 'win-efpdim0saup+cygwinsshd' failed!
> *** ERROR: There was a serious problem creating a privileged user.
> 



signature.asc
Description: Message signed with OpenPGP using GPGMail

strange cygwin sshd user generated (user name includes machine name)

2015-10-03 Thread Peter Moore 
Hi,

I have a powershell script for installing cygwin and setting up sshd which I am 
using as UserData when firing up a Windows 2012 R2 instance in AWS EC2.

The same command succeeds when run manually, but fails when called from 
automation. I’m trying to understand what it is that is different, so I can fix 
it in automation.

The command called is:

ssh-host-config -y -c 'ntsec mintty' -u 'cygwinsshd' -w 'qwe123QWE!@#'

When I run manually, logged in as Administrator, I get a log line like this 
(notice the correct “Cygwin name”):

*** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' 
(Cygwin name: ‘cygwinsshd')? (yes/no) yes

When I run from automation, the log line looks like this (notice the incorrect 
“Cygwin name”):

*** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' 
(Cygwin name: 'win-efpdim0saup+cygwinsshd')? (yes/no) yes

It seems the extended “Cygwin name” which I get in automation causes 
ssh-host-config to fail. I’m trying to establish what causes the cygwin name to 
get the prefix of the machine name, since this seems to cause the problem.

For reference, below I’ve put the logs in both the successful (manual) case, 
and the failing (automated) case.

If anyone can point me to the source code of ssh-host-config I’m also happy to 
dig - I couldn’t find it online. So if you’re not sure, but know where the 
source is, I’m happy to look.

Many thanks in advance!
Pete



SUCCESSFUL run (when executed manually):

*** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' 
(Cygwin name: ‘cygwinsshd')? (yes/no) yes
*** Info: User ‘cygwinsshd' has been created with password 'qwe123QWE!@#'.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the ‘cygwinsshd' account.

*** Info: The sshd service has been installed under the ‘cygwinsshd'
*** Info: account.  To start the service now, call `net start sshd' or
*** Info: `cygrunsrv -S sshd'.  Otherwise, it will start automatically
*** Info: after the next reboot.
*** Info: Host configuration finished. Have fun!


FAILED run (when called in automation):

*** Query: Create new privileged user account 'WIN-EFPDIM0SAUP\cygwinsshd' 
(Cygwin name: 'win-efpdim0saup+cygwinsshd')? (yes/no) yes
*** Info: User 'win-efpdim0saup+cygwinsshd' has been created with password 
'qwe123QWE!@#'.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the 'win-efpdim0saup+cygwinsshd' account.

*** Warning: Setting password expiry for user 'win-efpdim0saup+cygwinsshd' 
failed!
*** Warning: Please check that password never expires or set it to your needs.
No user or group 'win-efpdim0saup+cygwinsshd' known.
*** Warning: Assigning the appropriate privileges to user 
'win-efpdim0saup+cygwinsshd' failed!
*** ERROR: There was a serious problem creating a privileged user.



signature.asc
Description: Message signed with OpenPGP using GPGMail