Re: Weird SSH issue on 2000 domain controller

Thanks to all for the replies. I actually did search the archives before I
addressed the list. I eventually found the answer about 5pm when everyone
started replying to my post. Sorry to clog up the list.

Again, thanks to all! I found the problem with the logon issue... Now I
just gotta sort out these permission issues.

DC

----- Original Message -----
From: "McLaughlin, Michael M" <michael.mclaughlin@mnsu.edu>
To: "Secure Shell Discussions" <ssh-l@erdelynet.com>
Sent: Thursday, June 05, 2003 11:39 PM
Subject: RE: Weird SSH issue on 2000 domain controller

> Sorry ben if I had seen it sooner I would have invited stuffehead to take
this "Off group" but you are correct about the problem.
>
> The trick is indeed in the Domain Controller Security policy. You need to
disable the "Deny Login Locally" policy in the Domain Controller policy and
enable "Deny Login Locally" in the local computer policy for each DC in your
active directory that to maintain the security level. Recommend just copying
the settings from the Domain Controller Policy for the Local Policy (Works
the best instead of hacking a policy together.)
>
> This unlocks the DC that you want to allow access to while keeping a tight
policy on your other DC's
>
> I can certainly walk you through this process in fact I think I have a
word doc with the instructions somewhere. I am going camping tomorrow and
won't be back until sunday so if you don't hear from me I am roasting beer.
>
> Michael Mclaughlin
>
> -----Original Message-----
> From: Ben Voigt [mailto:bvoigt@kas.com]
> Sent: Thu 6/5/2003 5:13 PM
> To: 'Secure Shell Discussions'
> Cc:
> Subject: RE: Weird SSH issue on 2000 domain controller
>
>
>
> This issue has been dealt with in the list archives... I think you need to
> change the policy for "Log in locally" in Local Security Policies under
> Administrative Tools (or Domain Policies if you want to roll the change
out
> to all servers, or Domain Controller Policies for limited roll out to just
> DCs).
>
> Hope this helps.
>
> -----Original Message-----
> From: ssh-l-bounces@erdelynet.com [mailto:ssh-l-bounces@erdelynet.com]On
> Behalf Of Chris K Ellsworth
> Sent: Thursday, June 05, 2003 3:35 PM
> To: Secure Shell Discussions
> Subject: Re: Weird SSH issue on 2000 domain controller
>
>
> on a domain server no one is allowed to log in unless they are domain
> admins, i know theres way to change it (did it in my mcse classes), but
dont
> remember how.
>
> ----- Original Message -----
> From: "Stuffeshead" <stuffeshead@hotmail.com>
> To: <ssh-l@erdelynet.com>
> Sent: Thursday, June 05, 2003 9:45 AM
> Subject: Weird SSH issue on 2000 domain controller
>
>
> Hello, all...
>
>
> I have a weird issue that I can't seem to fix. It has to be something
> simple that someone else has encountered, so I was hoping someone could
give
> me a "Duh!" heads up on where to look.
>
> I have a 2000 server with OpenSSH running on it. Everything WAS working
> perfectly. Then, we needed to install active directory on the server to
> start replicating data on it. As soon as we did, SSH broke. Now, the
only
> way to allow someone to ssh into the server is to make them part of the
> domain admins group. Otherwise, we get the message "refused connection."
>
> Any ideas?
>
> DC
>
>
>
> --
> List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
> List Archives: http://erdelynet.com/archive/ssh-l/
> To Unsubscribe: Go to http://tech.erdelynet.com/mailman/listinfo/ssh-l/
and enter your email address at the bottom to "Edit Options". If you don't
know your password, have it emailed to you. Then unsubscribe.
>

--
List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
List Archives:    http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Go to http://tech.erdelynet.com/mailman/listinfo/ssh-l/ and enter your email address at the bottom to "Edit Options". If you don't know your password, have it emailed to you. Then unsubscribe.