Error GetAccountSid in passwd file

2 posts / 0 new
Last post
Anonymous
Error GetAccountSid in passwd file

The next problem was reported earlier by a colleague of mine, but was not published because of the login name, domain name and SID. I have therefore anonymized his text in the hope that you publish this version.

We have CopSSH 5.7.0 x64 installed on a Windows 2012 R2 server. During the installation we supplied a domain account as service account. This resulted in the following entry in ICW\etc\passwd:

accountname:unused::999:U-domain\accountname,ERROR GetAccountSid:/var/svc:/bin/false

There are 2 errors in this entry:

    no UID (between "unused:" and ":999"
    ERROR GetAccountSid

The server and the service account are part of the same domain.

We determined the SID with the Sysinternals tools PsGetSid, and changed this entry into:

accountname:unused:0:999:U-domain\accountname,SID:/var/svc:/bin/false

With this modification the CopSSH SFTP server works as expected for users with SFTP-only access.

Problem is when we activate or deactivate a user with the CopSSH control panel the erroneous passwd file entry reappears.

GetAccountSid seems to work fine for local accounts, but in our case not for domain accounts. Is it possible to update GetAccountSid to support domain accounts like PsGetSid does?
 

itefix
Offline
Last seen: 5 hours 33 min ago
Joined: 01.05.2008 - 21:33
 

 

Domain users as service account are actually supported. We will try to verify it in our test environment.