login about faq

I can configure the Tectia Server (Windows 2008) for SFTP to authentication the user by the use of their AD account and password. This setup allows the SFTP user to have their own Virtual Folder that is a remote file share being authenticated via Windows AD. This works fine. When adding to the configuration to allow the SFTP user authentication to be done via user Authorised-Keys instead of Account Password, then the Virtual Folder that is setup for the SFTP user, is no longer available. Is there a way to configure the server to maintain / authenticate for the SFTP User so that the Windows Virtual Folder is maintained when Key authentication is used for the SFTP session?

asked Jun 19 '12 at 09:57

AllanMcL's gravatar image

AllanMcL
6113


Hi AllanMcL,

it seems you are experiencing well known issue. Try to read the following articles:

Mapped drives with publickey authentication

Problems with virtual folders

The steps described in those articles should solve the issue for the key authentication. However, if your virtual folders are located on DFS share, you may be experiencing further troubles.

It is all related to fact that some features of Windows OS are not available to you, unless you explicitly provide Windows (domain) account password (Those include: EFS, DFS, certificate store and possibly some others). It is deliberate decision of Microsoft's engineers to bind certain features to user's Windows account's credentials.

For this reason SSH is bringing new feature into its Windows SSH server: Configurable Caching of User Account's Password in SSH Server to be used after non-interactive authentication method (like key authentication is). It is there solely for the purpose to enable those Windows OS features even with authentication methods that do not use explicit user account credentials. This way SSH server will create a new access token for user that has been already authenticated by other means than password (like key, certificate, gssapi, ...). The new token is created by calling LogonUser() with the password from cache.

It will be present in version 6.3.0 which is due to be released just about any time now: at the end of June 2012.

So if your issue does not get resolved with the advice in the links above, ask our support for version 6.3.0 and give try to the Password Cache.

With regards

Martin

link

answered Jun 22 '12 at 00:33

Martin%20Dobsik's gravatar image

Martin Dobsik ♦
599126

edited Jun 22 '12 at 00:35

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×38
×4
×3
×1

Asked: Jun 19 '12 at 09:57

Seen: 5,022 times

Last updated: Jun 22 '12 at 00:35

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.