login about faq

I just setup an account (abc) from an AIX to a Windows Tectia SFTP server.

The account has been setup on the Tectia SFTP server to default to a home directory of a mapped drive (X:).

When logon from AIX using 'sftp abc@10.10.10.10', it asked for password, then successfully go into the X:.

However, after I generate and setup the private/public key between these two machine, and run the same command, it don't ask for password (as expected), but only bring me to C:. And I cannot change drive to X:.

Appreciate any idea/advise.

asked Jun 15 '11 at 19:57

lam's gravatar image

lam
1111

edited Jun 15 '11 at 23:57

Roman's gravatar image

Roman ♦♦
7735817

Hi lam, what are the versions of client and server that you are using?

(Jun 15 '11 at 20:26) Roman ♦♦ Roman's gravatar image

In Tectia Server 6.3.0 we have introduced a new feature called "Password Cache". The Password Cache feature is for users who use public-key authentication to log on to Tectia Server on Windows and want to access network resources, for example, shared folders.

I strongly recommend customers to use this feature as then end users can use SSH keys and still access network resources without additional configuration effort.

link

answered Aug 28 '12 at 18:24

Sami%20Marttinen's gravatar image

Sami Marttinen ♦
191114

You are probably running into this problem that causes virtual folders to not be accessible other than by password authentication if they are mapped to a domain resource (e.g. using mapped drives).

If the Tectia Server is running on Windows 2003 or newer, you can try the following steps (from the link above). Note that this requires that you have access to the domain controller.

With other authentication methods (such as public keys, GSSAPI, or certificates), access to virtual folders can be enabled only on Windows Server 2003 in a 2003 native domain when the following requirements are met:

  • The Kerberos extension S4U is applied
  • The delegetion is set correctly on the Domain Controller

Follow these instructions to set up the delegation in the Active Directory:

  1. Log in to the Domain Controller.
  2. Open the Active Directory Users and Computers snap-in OR open the corresponding tool in Start→Programs→Administrative Tools.
  3. Open the Computers tree and select the computer where the SSH Tectia Server is located.
  4. Right-click and select Properties.
  5. Select the Delegation tab and make the following settings:
    1. Select Trust this computer for delegation to specified services only.
    2. Select Use any authentication protocol.
    3. Click the Add button.
    4. Click the Users or Computers button.
    5. Enter the name of the host where the network share is located and click Ok.
    6. Select cifs (common internet file system) from the available services.
  6. Click Ok to close the open windows.

link

answered Jun 16 '11 at 00:04

Roman's gravatar image

Roman ♦♦
7735817

edited Jun 16 '11 at 00:08

Thanks Roman. For step 5. - 5. Enter the name of the host... If it is an AIX machine, should I enter the IP address?

(Jun 16 '11 at 02:30) lam lam's gravatar image

Besides the option of making changes to the Domain Controller, is there any other alternatives to this? Since our infrastructure team prefer not to touch on the Domain trust setting.

Thanks!

(Jun 16 '11 at 07:00) lam lam's gravatar image

In step 5, it refers to the name of the host where the share is located. Basically the location that the X: drive is mapped to. This assumes that the host where this share is located is also in the domain.

The only other alternative is to use password authentication. Due to the way it is implemented, access to domain resources using other authentication methods than password will require the above steps in order for them to be able to have access to them.

(Jun 16 '11 at 16:19) Roman ♦♦ Roman's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×63
×54
×12
×1

Asked: Jun 15 '11 at 19:57

Seen: 7,801 times

Last updated: Aug 28 '12 at 18:24

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.