login about faq

After looking fairly exhaustively, I am unable to find the answer to this issue. I had public key authentication working on our Windows Tectia 6.1.3.44 server and then it just started failing with "Failed to get user info for <user>" in the error message. I am not seeing anything glaring in the application log other than the when the user attempts to login. Our Domain admins assure me that nothing changed on the domain or the domain controller. As far as I can tell, nothing changed on the server.

Server: Windows 2003 R2 32 bit SSH: Tectia Server 6.1.3.44

The Tectia config is unchanged. All the entries, from General to Domain Policy, etc, are identical to when the server was functional. It is only failing on the public key authentication. Users can still SFTP to the server using their normal login and password.

Here are some relevant lines from the troubleshooting log: (User and domain information has been replaced with Generic names)

[Mar 22 15:55:29] 9324 22/03/2012 15:55:29:758 SecShServerHooks/secsh_server_hooks.c:972: Authentication successful.
[Mar 22 15:55:29] 2700 debug[9324]: 22/03/2012 15:55:29:758 SecShServerHooks/secsh_server_hooks.c:972: Authentication successful.
[Mar 22 15:55:30] 9324 debug[9324]: LOG EVENT (auth,informational): 702 Auth_methods_completed, Username: DOMAIN\USER, Auth methods: publickey, Src IP: 12.26.7.151, Src Port: 34256, Ver: SSH-2.0-Sun_SSH_1.1.1, Session-Id: 1
[Mar 22 15:55:30] 9324 \\DOMAIN_CONTROLLER
[Mar 22 15:55:30] 9324 debug[9324]: 22/03/2012 15:55:30:086 SshUser/sshwinuser.c:2175: Querying domain user account info.
[Mar 22 15:55:34] 9324 debug[9324]: 22/03/2012 15:55:34:383 SshUser/sshwinuser.c:2209: Failed to get user info for USER.(997):RETRYING after 1 second(s).
[Mar 22 15:55:36] 9324 debug[9324]: 22/03/2012 15:55:36:836 SshUser/sshwinuser.c:2209: Failed to get user info for USER.(997):RETRYING after 2 second(s).
[Mar 22 15:55:37] 9324 debug[9324]: 22/03/2012 15:55:37:790 SecShUserProcess/secsh_user_process_win.c:202: process 1 removed
[Mar 22 15:55:37] 9324 debug[9324]: 22/03/2012 15:55:37:790 SecShUserProcess/secsh_user_process_win.c:912: GetExitCodeProcess: ctx->handle_process=1148 exit_code=0
[Mar 22 15:55:40] 9324 debug[9324]: 22/03/2012 15:55:40:086 SshUser/sshwinuser.c:2209: Failed to get user info for USER.(997):RETRYING after 4 second(s).
[Mar 22 15:55:49] 9324 debug[9324]: 22/03/2012 15:55:48:946 SshUser/sshwinuser.c:2209: Failed to get user info for USER.(997):RETRYING after 7 second(s).
[Mar 22 15:55:59] 9324 debug[9324]: 22/03/2012 15:55:59:837 SshUser/sshwinuser.c:2216: Failed to get user info for USER.(997):
[Mar 22 15:56:00] 9324 debug[9324]: LOG EVENT (daemon,informational): 115 Servant_info, "Failed to get info on user DOMAIN\USER. for user 'DOMAIN\USER'.", Session-Id: 1
[Mar 22 15:56:00] 2700 debug[9324]: 22/03/2012 15:55:59:946 SecShConnection/secsh_connection.c:1016: Local disconnect invoked, reason 11: Failed to get info on user DOMAIN\USER.
[Mar 22 15:56:00] 9324 debug[9324]: 22/03/2012 15:56:00:055 SecShConnection/secsh_connection.c:1016: Local disconnect invoked, reason 14: No more authentication methods available

Any idea what I may be missing or where to go from here?

I am a bit stumped and unsure what to look at next.

Thanks,

Jim

asked Mar 23 '12 at 17:41

jscottRT's gravatar image

jscottRT
1111

edited Mar 23 '12 at 20:52

Roman's gravatar image

Roman ♦♦
7735817


I would first just upgrade the server as the version you are currently running is rather old.

For example, the Tectia Server v6.1.7 has the following fix but I am not sure whether your current issue is related to this particular fix:

  • Windows: Retrieving user information will no longer fail in certain conditions when DNS suffixes are used. This used to cause an authentication failure for that user.

The Tectia Server's upgrade process is very easy: just install on top. In addition, if you have a valid maintenance agreement with us, you can just go and download the most up-to-date packages from our Customer Download Center.

The current Tectia Server release is v6.2.4.

Regs, SamiM

link

answered Mar 23 '12 at 18:09

Sami%20Marttinen's gravatar image

Sami Marttinen ♦
191114

edited Mar 23 '12 at 19:15

Post wasn't showing up for some reason so I'm trying to repost it.

I would first just upgrade the server as the version you are currently running is rather old.

For example, the Tectia Server v6.1.7 has the following fix but I am not sure whether your current issue is related to this particular fix:

  • Windows: Retrieving user information will no longer fail in certain conditions when DNS suffixes are used. This used to cause an authentication failure for that user.

The Tectia Server's upgrade process is very easy: just install on top. In addition, if you have a valid maintenance agreement with us, you can just go and download the most up to date packages from our Customer Download Center.

The current Tectia Server release is v6.2.4.

Regs, SamiM

link

answered Mar 23 '12 at 18:55

Joe%20-%20Tectia%20Support's gravatar image

Joe - Tectia Support ♦♦
55215

edited Mar 23 '12 at 19:07

Sami and Joe, Thanks for directing me toward that fix. It sounds like it might be the ticket, as we are doing cross-domain authentication. I am going to implement and see if that resolves the issue. I will update the case when I have the instance upgraded and tested. Jim

(Mar 23 '12 at 19:15) jscottRT jscottRT's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×82
×19
×12
×2

Asked: Mar 23 '12 at 17:41

Seen: 10,245 times

Last updated: Mar 23 '12 at 20:52

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.