diff --git a/winsup/doc/ChangeLog b/winsup/doc/ChangeLog index 61425a128..f6508248f 100644 --- a/winsup/doc/ChangeLog +++ b/winsup/doc/ChangeLog @@ -1,3 +1,9 @@ +2010-01-25 Corinna Vinschen + + * faq-setup.xml: Drop references to non-NT systems. + * faq-using.xml: Ditto. + (faq.using.sshd-in-domain): New FAQ entry. + 2010-01-25 Andy Koppe * faq-using.xml: Fix typos and remove incorrect locale-specific diff --git a/winsup/doc/faq-setup.xml b/winsup/doc/faq-setup.xml index 8de529e32..38f78ce87 100644 --- a/winsup/doc/faq-setup.xml +++ b/winsup/doc/faq-setup.xml @@ -364,7 +364,7 @@ character as a word delimiter. Under certain circumstances, it is possible to get around this with various shell quoting mechanisms, but you are much better off if you can avoid the problem entirely. -On Windows NT/2000/XP you have two choices: +You have two choices: You can rename the user in the Windows User Manager GUI and then run mkpasswd. @@ -376,10 +376,6 @@ run mkpasswd. -On Windows 95/98/ME you can create a new user and run mkpasswd, -or you can delete the offending entry from /etc/passwd. -Cygwin will then use the name in the default entry with uid 500. - diff --git a/winsup/doc/faq-using.xml b/winsup/doc/faq-using.xml index ad8a9284c..dcbc8e4d7 100644 --- a/winsup/doc/faq-using.xml +++ b/winsup/doc/faq-using.xml @@ -331,7 +331,7 @@ PostScript files on non-PostScript Windows printers). Start at http://cygwin.com/ml/cygwin/2001-04/msg00657.html. Note that the file command is now available as part of Cygwin setup. -Alternatively, on NT, you can use the Windows print +Alternatively, you can use the Windows print command. (It does not seem to be available on Win9x.) Type @@ -1017,6 +1017,76 @@ environment variable option "winsymlinks" + +How do I setup sshd in a domain? + + + +If you want to be able to logon with domain accounts to a domain member +machine, you should make sure that the "cyg_server" account under which +the sshd service is usually running, is a domain account as well. Here's +how you set this up. + + + +First of all, create a new domain account called "cyg_server". This +account must be an administrative account, so make sure it's in the +"Administrators" group. Now create a domain policy which is propagated +to all machines which are supposed to run an sshd service. This domain +policy should give the following user rights to the "cyg_server" account: + + + + Act as part of the operating system (SeTcbPrivilege) + Create a token object (SeCreateTokenPrivilege) + Replace a process level token (SeAssignPrimaryTokenPrivilege) + + + +Now to install sshd on the member machine, logon to that machine as +an admin. Make sure the aforementioend global policy has been propagated +to this machine. Examine the Local Security Policy settings and, if +necessary, call gpupdate. + + + +If everything looks ok, run bash. Starting with Windows Vista, make +sure you're running bash elevated. + + + +If "cyg_server" is not already in /etc/passwd, add it +using mkpasswd. Make sure all domain accounts which are +supposed to be able to logon via ssh are in /etc/passwd. +Also make sure that all important domain groups are in +/etc/group. If in doubt, call + + + + $ mkpasswd -l -d your_domain > /etc/passwd + $ mkgroup -l -d your_domain > /etc/group + + + +Then run ssh-host-config. Answer all questions so that "cyg_server" is +used to run the service. When done, check ownership of +/var/empty and all /etc/ssh* +files. All of them must be owned by "cyg_server". If that's ok, you're +usually all set and you can start the sshd service via + + + + $ cygrunsrv -S sshd + + +or + + + $ net start sshd + + + + Why doesn't Cygwin tcl/tk understand Cygwin paths?