When executing the script directly from my AFX server onto remote MSSQL from the command line, I have no issues. The issue pops up when connecting to the same AFX server via SSH (Cygwin) and then, running it. On the other hand, when using SQL logon (SQL account), and providing userid and password, that works. The problem seems to be between Cygwin and Windows integrated logon process.
Below are the steps followed :
- In order to be able to manage local SQL accounts on remote MSSQL databases, an AFX connector has been configured to connect to a remote Windows server running Cygwin. This is to allow SSH connections.
- Once connection is made, a powershell is executed to manage remote systems. Powershell runs in the context of Cygwin BASH shell.
- This works as intended when managing Windows accounts.
When this PS script is executed
directly on a Windows machine (the one AFX connector establishes connection with via SSH), the command executes as expected:
d:\cygwin64\home\afxusr99\Provisioning\db>powershell -File dbCreateAccount.ps1
The same command executed through SSH connection generates following error:
afxusr99@ITSUSMPW01209 [/home/afxusr99/Provisioning/db] - AFX Win Dev
$ powershell -InputFormat None -File ./dbCreateAccount.ps1
Exception calling "Fill" with "1" argument(s): "Login failed. The login is from
an untrusted domain and cannot be used with Windows authentication."
At D:\cygwin64\home\afxusr99\Provisioning\db\dbCreateAccount.ps1:44 char:17
+ $SqlAdapter.Fill <<<< ($DataSet)
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
The script was executed exactly from the same machine. One directly and the other through Cygwin, but the Cygwin is throwing an error.
Any help would be appreciated!!
Is sshd running as a local user or a domain user? By default in the ssh-host-config steps it will be configured to use a local account, but in order to access other machines on the domain it needs to be running as a domain user.
Can you try running through the steps in the Switching the user who runs the service section here (HOWTO setup the Cygwin SSH daemon on a Windows 2003 server) and see if that helps?