SSH/SFTP login problem for non-Admin users, W2K Server

From: Ben <bda20_at_**********.***>
Date: Wed Sep 08 2004 - 03:46:29 EDT

Hi,

I'm sorry to ask something which has probably been done to death but I've
tried searching the list archives and all the references I've found to
potential solutions appear to be either missing or harder to find than I'm
capable of after a few long days in the office!

Anyway.

I used to run Michael Erdely's OpenSSH package under NT4 Server in
SFTP-only mode (see below) and everything was fine. I've just moved that
machine to W2K Server and joined it to a domain of a few other servers and
recreated the same setup (I think). I've made the modifications as
mentioned by Hans Olai Martinsen in this message
(http://erdelynet.com/archive/ssh-l/2003-10/msg00083.php) but no matter
what I do, only administrative level users can log in using an SFTP
application. If I change /usr/sbin/sftp-server to /bin/switch they can ssh
in too. All other users get "permission denied, please try again." no
matter what the shell is set to.

I don't know what I'm missing. I remember something about allowing normal
users to log on locally to the server under NT4, but it's been a while
since I did it. Can someone please suggest some things I could try?

Many thanks,

Example line from passwd:

Administrator:unused_by_nt/2000/xp:10500:10513:U-CHEESE\Administrator,S-1-5-21-725345543-2000478354-682003330-500:/cygdrive/D/Home/:/usr/sbin/sftp-server
abc123:unused_by_nt/2000/xp:14606:10513:Andy Carter,U-CHEESE\abc123,S-1-5-21-725345543-2000478354-682003330-4606:/cygdrive/D/Home/abc123:/usr/sbin/sftp-server

Andy Carter is a member of both "Domain Users" and "Room 1a Users".

Example line from group:

Domain Admins:S-1-5-21-725345543-2000478354-682003330-512:10512:
Domain Users:S-1-5-21-725345543-2000478354-682003330-513:10513:
Room 1a Users:S-1-5-21-725345543-2000478354-682003330-2106:12106:

Do you need any other information?

Ben 

-- 
Sysadmin, Faculty of History, University of Cambridge, England
Tel: +44 (0)1223 (3)35315  |  Email: Ben@hist.cam.ac.uk
Plugger of wire, typer of keyboard, imparter of Clue
	Life Is Short.		It's All Good.
--
List Information: https://mail.erdelynet.com/mailman/listinfo/ssh/
List Archives:    http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Go to https://mail.erdelynet.com/mailman/options/ssh#subscribers
and enter your email address at the bottom.
If you don't know your password, have it emailed to you. Then unsubscribe.
Received on Wed Sep 8 03:49:08 2004

This archive was generated by hypermail 2.1.8 : Fri Jul 29 2005 - 17:34:13 EDT