When using public key authentication to log on to a Windows domain, the user does not automatically have access to shared network folders, such as \remotemachine\sharedfolder. This is different from password authentication, where these folders are automatically available. What is the proper procedure? |
When using public key authentication to log on to a Windows domain, the user does not automatically have access to shared network folders, such as \remotemachine\sharedfolder. This is different from password authentication, where these folders are automatically available. In domains with functional level Windows 2003 it is possible to enable access to shared folders in the network even for users who use public key authentication. Two things are needed: Enabling the access in the Active Directory Taking the resource into use during the ssh session Setting up the delegation in Active Directory In the Domain Controller, open the Active Directory Users and Computers snap-in (or the corresponding tool in Start->Programs->Administrative Tools). Open the Computers tree and select the computer where the SSH Tectia Server is located. Right-click and select Properties. Select the Delegation tab select Trust this computer for delegation to specified services only select Use any authentication protocol Click the Add button Click the Users or Computers button Enter the name of the host where the network share is located and click Ok Select cifs (common internet file system) from the available services Click Ok to close the open windows Taking the resource into use during the ssh session To take a shared folder on a remote machine into use during an ssh session, give the command net use \computername\sharename. No password is needed for the net use command. Note: In Tectia 5.1.0 and later, if the remote folder's UNC path (\computername\sharename) is defined as a virtual folder in the sftp configuration, the resource is automatically taken into use when accessed with sftp. In this case the net use command is not needed. |