Only Administrator can log in? #1745
Comments
|
@jol64 - By default, OpenSSH allows domain users, local users to login. You don't need any additional configuration in sshd_config.
|
|
@bagajjal Thanks for following up.
The first line also appears on successful login of local Administrator. At the same time I can run RDP with NLA and domain users without any problems. |
|
@jol64 - chdir("/") is from the upstream openssh code base (unix openssh repo). It changes the directory to the top of the drive i.e, "c:\" or "d:\" where openssh binary is present. coming to the actual issue of token generation, this is specific to your configuration. Is this an pure AAD (azure active directory) joined machine? Can you share these details,
|
|
Also can you try OpenSSHv8.1. |
|
samba\joachim is member of Domain Administrators and thus member of local Administrators group. I can RDP with the same user. net users does not list samba\joachim - should it? |
|
@jol64 - Does "net localgroup administrators" shows the user? With "SyslogFacility LOCAL0" in $env:programdata\ssh\sshd_config, can you run sshd -ddd to see if it throws any error. If you fail to get file based logging work then look for the errors in the event viewer. We need someone familiar with the AD to guide us further. I will check if I can get hold off windows auth team experts. |
|
Hello, I work on the Windows authentication stack. This sounds like the same issue as #1543 - the S4U2Self transaction with a Samba DC is failing for some reason. Wireshark traces showing the interactions between the Windows server and the Samba DC should help us understand why. |
|
closing this as it's external to openssh. |
|
Had the same issue. The reason was that within "local security policies" the access of all local accounts to the computer was disabled |
I installed openssh today, using instructions at https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse. I then tried to ssh using putty and tried to authenticate with my domain user and failed, only succeeded with Administrator. My domain user is a member of the Administrators group.
Please answer the following
"OpenSSH for Windows" version
7.7.2.2
Server OperatingSystem
Hyper-V Server 2019
Client OperatingSystem
Windows 10 Pro 20H2, putty 0.73
What is failing
I did not succeed with my domain user, nor with configuring sshd to allow domain users.
Having read #1640 I guess I just put the AllowGroups in the wrong place, but as a hint to novice users like me, what about adding a commented line into the default settings that marks the expected location? And I definitely would like to support that all Administrators are enabled by default. Whether you do this by allowing the SID or by code, I don´t really care.
I might also be caught by not exactly knowing how to specify my domain user.
Expected output
Actual output
The text was updated successfully, but these errors were encountered: