Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Secure Shell

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-06-2008, 07:47 AM
jimbobmcgee jimbobmcgee is offline
Registered User
 
Join Date: Apr 2005
Posts: 21
Question VShell v3.5 not honouring Windows Groups

I am trialling VShell v3.5, having been successfully using VShell v2.5 for some time (we are upgrading our systems to Windows 2003 R2 x64, to address additional RAM).

We have installed the VShell 3.5 eval to a new domain controller and added a Group to the domain, called 'SFTP Users'. I have added the Administrator account and a couple of non-admin users to this group. I have configured an SFTP root within VShell for the group 'SFTP Users' and have permitted 'Logon', 'SFTP' and 'SCP' privileges to this group.

When I attempt to connect (using WinSCP, if it matters), I am told that Authentication Failed. The VShell log shows:

Code:
The transport was aborted with a disconnect packet: User authentication failed because all authentication methods failed. No supported authentication methods available
A (sanitised) transcript of the debug log for the session is below:

Code:
14:35:12,conn,00014: Connection accepted from AAA.AAA.AAA.AAA:3143
14:35:12,dbg ,VShell Version 3.5.0 (x64 build 351) Serial Number 53-35-000000
14:35:12,dbg ,00014: [LOCAL DEBUG] SSH2Core version 6.1.0.351 
14:35:12,dbg ,00014: [LOCAL DEBUG] Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT 
14:35:12,dbg ,00014: [LOCAL DEBUG] Using protocol SSH2 
14:35:12,dbg ,00014: [LOCAL DEBUG] RECV : Remote Identifier = "SSH-2.0-WinSCP_release_4.1.7" 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote can re-key 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote sends language in password change requests 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote sends algorithm name in PK_OK packets 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote sends algorithm name in public key packets 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote sends algorithm name in signatures 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote sends error text in open failure packets 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote sends name in service accept packets 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote includes port number in x11 open packets 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote uses 160 bit keys for SHA1 MAC 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote supports new diffie-hellman group exchange messages 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote correctly handles unknown SFTP extensions 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote correctly encodes OID for gssapi 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote correctly uses connected addresses in forwarded-tcpip requests 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote can do SFTP version 4 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote uses SHA1 hash in RSA signatures for x.509v3 
14:35:12,dbg ,00014: [LOCAL DEBUG] CAP  : Remote x.509v3 uses ASN.1 encoding for DSA signatures 
14:35:12,dbg ,00014: [LOCAL DEBUG] SEND : KEXINIT 
14:35:12,dbg ,00014: [LOCAL DEBUG] RECV : Read kexinit 
14:35:12,dbg ,00014: [LOCAL DEBUG] Available Remote Kex Methods = diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
14:35:12,dbg ,00014: [LOCAL DEBUG] Selected Kex Method = diffie-hellman-group-exchange-sha1 
14:35:12,dbg ,00014: [LOCAL DEBUG] Available Remote Host Key Algos = ssh-rsa,ssh-dss 
14:35:12,dbg ,00014: [LOCAL DEBUG] Selected Host Key Algo = ssh-dss 
14:35:12,dbg ,00014: [LOCAL DEBUG] Available Remote Send Ciphers = aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 
14:35:12,dbg ,00014: [LOCAL DEBUG] Selected Send Cipher = aes256-cbc 
14:35:12,dbg ,00014: [LOCAL DEBUG] Available Remote Recv Ciphers = aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 
14:35:12,dbg ,00014: [LOCAL DEBUG] Selected Recv Cipher = aes256-cbc 
14:35:12,dbg ,00014: [LOCAL DEBUG] Available Remote Send Macs = hmac-sha1,hmac-sha1-96,hmac-md5 
14:35:12,dbg ,00014: [LOCAL DEBUG] Selected Send Mac = hmac-sha1 
14:35:12,dbg ,00014: [LOCAL DEBUG] Available Remote Recv Macs = hmac-sha1,hmac-sha1-96,hmac-md5 
14:35:12,dbg ,00014: [LOCAL DEBUG] Selected Recv Mac = hmac-sha1 
14:35:12,dbg ,00014: [LOCAL DEBUG] Available Remote Compressors = none,zlib 
14:35:12,dbg ,00014: [LOCAL DEBUG] Selected Compressor = none 
14:35:12,dbg ,00014: [LOCAL DEBUG] Available Remote Decompressors = none,zlib 
14:35:12,dbg ,00014: [LOCAL DEBUG] Selected Decompressor = none 
14:35:12,dbg ,00014: [LOCAL DEBUG] Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE 
14:35:13,dbg ,00014: [LOCAL DEBUG] RECV : KEXDH_GEX_REQUEST 
14:35:13,dbg ,00014: [LOCAL DEBUG] SEND : KEXDH_GEX_GROUP 
14:35:13,dbg ,00014: [LOCAL DEBUG] RECV : KEXDH_INIT 
14:35:13,dbg ,00014: [LOCAL DEBUG] SEND : KEXDH_REPLY 
14:35:13,dbg ,00014: [LOCAL DEBUG] SEND : NEWKEYS 
14:35:13,dbg ,00014: [LOCAL DEBUG] Changing state from STATE_KEY_EXCHANGE to STATE_EXPECT_NEWKEYS 
14:35:13,dbg ,00014: [LOCAL DEBUG] RECV : NEWKEYS 
14:35:13,dbg ,00014: [LOCAL DEBUG] Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION 
14:35:13,dbg ,00014: [LOCAL DEBUG] RECV: SERVICE_REQUEST[ssh-userauth] 
14:35:13,dbg ,00014: [LOCAL DEBUG] SEND: SERVICE_ACCEPT[ssh-userauth] 
14:35:13,dbg ,00014: [LOCAL DEBUG] SENT : SSH_MSG_USERAUTH_BANNER 
14:35:13,auth,00014: Client specified username USERNAME, resolved as DOMAIN_NAME\USERNAME
14:35:13,auth,00014: none for user DOMAIN_NAME\USERNAME rejected because it is unavailable
14:35:14,auth,00014: Received unsigned public key; checking authorization (fingerprint: 52:97:ef:c8:cd:5e:3d:bd:8b:60:94:c8:80:06:23:13)
14:35:14,auth,00014: Searching 'E:\PATH_TO\USERNAME\PublicKey' for matching public key
14:35:14,auth,00014: 'MY_PUBLIC_KEY_FILE' contains matching public key for user DOMAIN_NAME\USERNAME
14:35:14,auth,00014: Received signed public key; attempting authentication (fingerprint: 52:97:ef:c8:cd:5e:3d:bd:8b:60:94:c8:80:06:23:13)
14:35:14,auth,00014: Searching 'E:\PATH_TO\USERNAME\PublicKey' for matching public key
14:35:14,auth,00014: 'MY_PUBLIC_KEY_FILE' contains matching public key for user DOMAIN_NAME\USERNAME
14:35:14,lsa ,#####: vdspka10 is being called through its LsaApLogonUserEx entry point
14:35:14,lsa ,Attempting to create logon token for user: DOMAIN_NAME\USERNAME
14:35:14,lsa ,00000: User DOMAIN_NAME\USERNAME found in domain DOMAIN_NAME
14:35:14,lsa ,00000: Using local machine to retrieve user information for DOMAIN_NAME\USERNAME
14:35:14,lsa ,00000: User information for DOMAIN_NAME\USERNAME have been retrieved; retrieving user groups
14:35:14,lsa ,00000: All user information DOMAIN_NAME\USERNAME has been retrieved
14:35:14,auth,00014: Login access denied for user DOMAIN_NAME\USERNAME
14:35:14,dbg ,00014: [LOCAL DEBUG] Changing state from STATE_CONNECTION to STATE_CLOSING 
14:35:14,dbg ,00014: [LOCAL DEBUG] RECV: Disconnect packet (reason: 14: User authentication failed because all available authentication methods failed. No supported authentication methods available ) 
14:35:14,dbg ,00014: [LOCAL DEBUG] Changing state from STATE_CLOSING to STATE_CLOSED 
14:35:14,dbg ,00014: [LOCAL DEBUG] Connected for 2 seconds, 2741 bytes sent, 2326 bytes received 
14:35:14,conn,00014: The transport was aborted with a disconnect packet: User authentication failed because all available authentication methods failed. No supported authentication methods available
If I add the user directly to the SFTP root and in the Access Control section, I can login without a problem, but I absolutely cannot do that in my production environment. I certainly do not have to do that in my v2.5 installation.

The above is the same regardless of whether I use the Administrator account, or otherwise.

I must be missing something. What is it?

J.
Reply With Quote
  #2  
Old 10-06-2008, 08:28 AM
kbarnette kbarnette is offline
VanDyke Technical Support
 
Join Date: Aug 2007
Posts: 587
Hi jimbobmcgee,

The following line in the VShell log is indicative of the problem:
14:35:14,auth,00014: Login access denied for user DOMAIN_NAME\USERNAME

This error will occur of either of the following configurations is found:
1. The user is not allowed 'Logon' access as defined in the Access Control category of the VShell Control panel. Alternatively, the user could be affected by an explicit 'Deny' for 'Logon' access in the VShell Control Panel.

Is anyone explicitly denied logon access in the Access Control category of the VShell Control Panel?

2. Alternatively, it could be that the user or group is not given the 'Log on locally' user right assignment in the Windows AD configuration.

Are you able to test a logon using the user's credentials (username and password) while actually sitting at the machine on which VShell is installed?
To clarify, is the user able to log on to the console of the machine?
Reply With Quote
  #3  
Old 10-06-2008, 09:18 AM
jimbobmcgee jimbobmcgee is offline
Registered User
 
Join Date: Apr 2005
Posts: 21
Quote:
Originally Posted by kbarnette
Hi jimbobmcgee,
Is anyone explicitly denied logon access in the Access Control category of the VShell Control Panel?
I've been through the config a few times now and cannot see a Deny permission set on either the Access Control or the SFTP Root screens.

Quote:
Originally Posted by kbarnette
Are you able to test a logon using the user's credentials (username and password) while actually sitting at the machine on which VShell is installed?
One of the users can login through the console (the Administrator) and one can't. Neither can access the SFTP server, though.

To reiterate; both the admin and non-admin user can access the SFTP server when they are directly added to the Access Control and SFTP Root screens, with exactly the same permissions as the group. The proof of this is in the following (sanitised) log:

Code:
16:13:19,conn,00020: Connection accepted from AAA.AAA.AAA.AAA:4133
16:13:19,dbg ,VShell Version 3.5.0 (x64 build 351) Serial Number 53-35-000000
16:13:19,dbg ,00020: [LOCAL DEBUG] SSH2Core version 6.1.0.351 
16:13:19,dbg ,00020: [LOCAL DEBUG] Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT 
16:13:19,dbg ,00020: [LOCAL DEBUG] Using protocol SSH2 
16:13:19,dbg ,00020: [LOCAL DEBUG] RECV : Remote Identifier = "SSH-2.0-WinSCP_release_4.1.7" 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote can re-key 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote sends language in password change requests 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote sends algorithm name in PK_OK packets 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote sends algorithm name in public key packets 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote sends algorithm name in signatures 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote sends error text in open failure packets 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote sends name in service accept packets 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote includes port number in x11 open packets 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote uses 160 bit keys for SHA1 MAC 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote supports new diffie-hellman group exchange messages 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote correctly handles unknown SFTP extensions 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote correctly encodes OID for gssapi 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote correctly uses connected addresses in forwarded-tcpip requests 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote can do SFTP version 4 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote uses SHA1 hash in RSA signatures for x.509v3 
16:13:19,dbg ,00020: [LOCAL DEBUG] CAP  : Remote x.509v3 uses ASN.1 encoding for DSA signatures 
16:13:19,dbg ,00020: [LOCAL DEBUG] SEND : KEXINIT 
16:13:19,dbg ,00020: [LOCAL DEBUG] RECV : Read kexinit 
16:13:19,dbg ,00020: [LOCAL DEBUG] Available Remote Kex Methods = diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
16:13:19,dbg ,00020: [LOCAL DEBUG] Selected Kex Method = diffie-hellman-group-exchange-sha1 
16:13:19,dbg ,00020: [LOCAL DEBUG] Available Remote Host Key Algos = ssh-rsa,ssh-dss 
16:13:19,dbg ,00020: [LOCAL DEBUG] Selected Host Key Algo = ssh-dss 
16:13:19,dbg ,00020: [LOCAL DEBUG] Available Remote Send Ciphers = aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 
16:13:19,dbg ,00020: [LOCAL DEBUG] Selected Send Cipher = aes256-cbc 
16:13:19,dbg ,00020: [LOCAL DEBUG] Available Remote Recv Ciphers = aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 
16:13:19,dbg ,00020: [LOCAL DEBUG] Selected Recv Cipher = aes256-cbc 
16:13:19,dbg ,00020: [LOCAL DEBUG] Available Remote Send Macs = hmac-sha1,hmac-sha1-96,hmac-md5 
16:13:19,dbg ,00020: [LOCAL DEBUG] Selected Send Mac = hmac-sha1 
16:13:19,dbg ,00020: [LOCAL DEBUG] Available Remote Recv Macs = hmac-sha1,hmac-sha1-96,hmac-md5 
16:13:19,dbg ,00020: [LOCAL DEBUG] Selected Recv Mac = hmac-sha1 
16:13:19,dbg ,00020: [LOCAL DEBUG] Available Remote Compressors = none,zlib 
16:13:19,dbg ,00020: [LOCAL DEBUG] Selected Compressor = none 
16:13:19,dbg ,00020: [LOCAL DEBUG] Available Remote Decompressors = none,zlib 
16:13:19,dbg ,00020: [LOCAL DEBUG] Selected Decompressor = none 
16:13:19,dbg ,00020: [LOCAL DEBUG] Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE 
16:13:19,dbg ,00020: [LOCAL DEBUG] RECV : KEXDH_GEX_REQUEST 
16:13:19,dbg ,00020: [LOCAL DEBUG] SEND : KEXDH_GEX_GROUP 
16:13:19,dbg ,00020: [LOCAL DEBUG] RECV : KEXDH_INIT 
16:13:19,dbg ,00020: [LOCAL DEBUG] SEND : KEXDH_REPLY 
16:13:19,dbg ,00020: [LOCAL DEBUG] SEND : NEWKEYS 
16:13:19,dbg ,00020: [LOCAL DEBUG] Changing state from STATE_KEY_EXCHANGE to STATE_EXPECT_NEWKEYS 
16:13:20,dbg ,00020: [LOCAL DEBUG] RECV : NEWKEYS 
16:13:20,dbg ,00020: [LOCAL DEBUG] Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION 
16:13:20,dbg ,00020: [LOCAL DEBUG] RECV: SERVICE_REQUEST[ssh-userauth] 
16:13:20,dbg ,00020: [LOCAL DEBUG] SEND: SERVICE_ACCEPT[ssh-userauth] 
16:13:20,dbg ,00020: [LOCAL DEBUG] SENT : SSH_MSG_USERAUTH_BANNER 
16:13:20,auth,00020: Client specified username NORW, resolved as DOMAIN_NAME\USERNAME
16:13:20,auth,00020: none for user DOMAIN_NAME\USERNAME rejected because it is unavailable
16:13:20,auth,00020: Received unsigned public key; checking authorization (fingerprint: 52:97:ef:c8:cd:5e:3d:bd:8b:60:94:c8:80:06:23:13)
16:13:20,auth,00020: Searching 'E:\SFTP\Home Folders\NORW\PublicKey' for matching public key
16:13:20,auth,00020: 'MY_PUBLIC_KEY_FILE' contains matching public key for user DOMAIN_NAME\USERNAME
16:13:21,auth,00020: Received signed public key; attempting authentication (fingerprint: 52:97:ef:c8:cd:5e:3d:bd:8b:60:94:c8:80:06:23:13)
16:13:21,auth,00020: Searching 'E:\SFTP\Home Folders\NORW\PublicKey' for matching public key
16:13:21,auth,00020: 'MY_PUBLIC_KEY_FILE' contains matching public key for user DOMAIN_NAME\USERNAME
16:13:21,lsa ,#####: vdspka10 is being called through its LsaApLogonUserEx entry point
16:13:21,lsa ,Attempting to create logon token for user: DOMAIN_NAME\USERNAME
16:13:21,lsa ,00000: User DOMAIN_NAME\USERNAME found in domain DOMAIN_NAME
16:13:21,lsa ,00000: Using local machine to retrieve user information for DOMAIN_NAME\USERNAME
16:13:21,lsa ,00000: User information for DOMAIN_NAME\USERNAME have been retrieved; retrieving user groups
16:13:21,lsa ,00000: All user information DOMAIN_NAME\USERNAME has been retrieved
16:13:21,lsa ,#####: vdspka10 is being called through its LsaApLogonUserEx entry point
16:13:21,lsa ,Attempting to create logon token for user: DOMAIN_NAME\USERNAME
16:13:21,lsa ,00000: User DOMAIN_NAME\USERNAME found in domain DOMAIN_NAME
16:13:21,lsa ,00000: Using local machine to retrieve user information for DOMAIN_NAME\USERNAME
16:13:21,lsa ,00000: User information for DOMAIN_NAME\USERNAME have been retrieved; retrieving user groups
16:13:21,lsa ,00000: All user information DOMAIN_NAME\USERNAME has been retrieved
16:13:21,auth,00020: publickey for user DOMAIN_NAME\USERNAME accepted
16:13:21,dbg ,00020: [LOCAL DEBUG] RECV: CHANNEL_OPEN[session] 
16:13:21,conn,00020: Session channel open request accepted
16:13:21,conn,00020: Received request to start subsystem sftp (Built-in Subsystem)
16:13:21,sftp,00020: SFTP subsystem initialized; remote version is 5
16:13:21,sftp,00020: Sending VERSION packet to remote (5)
16:13:21,auth,00020: Using home directory '{The virtual root}' for user DOMAIN_NAME\USERNAME
16:13:22,sftp,00020: Received vendor-id from remote client:  Vendor Name=Martin Prikryl  Product Name=WinSCP  Product Version=4.1.7  Product Build Number=000000000000019d
It's just not honouring the groups, which is a proper hurdle for us.

J
Reply With Quote
  #4  
Old 10-06-2008, 09:22 AM
kbarnette kbarnette is offline
VanDyke Technical Support
 
Join Date: Aug 2007
Posts: 587
Hi jimbobmcgee,

Upon further inspection it would appear that the LSA module is not able to retrieve a set of credentials that includes the group of which the user is a member.

I've submitted a problem report to our development team for investigation.

In the meantime, the kerberos protocol transition (KPT) option may be a viable solution in your environment. Since this mechanism will not involve the LSA module in the same way as your current configuration, we may not encounter the issue you reported or login access being reportedly denied for the user.

I have attached a document that describes the requirements for running, as well as the process of configuring KPT with VShell. The step we're most looking to have you try is to turn on the KPT option in the VShell registry and attempt the connection again.

Using this information, are you able to enable the KPT registry option in VShell?

If so, does this new setup resolve the error you reported?

Last edited by kbarnette; 10-06-2008 at 09:31 AM.
Reply With Quote
  #5  
Old 10-06-2008, 11:11 AM
jimbobmcgee jimbobmcgee is offline
Registered User
 
Join Date: Apr 2005
Posts: 21
Setting this Kerberos stuff up seemed to do the job. Are there any known negative implications for my domain using this configuration?
Reply With Quote
  #6  
Old 10-06-2008, 02:14 PM
kbarnette kbarnette is offline
VanDyke Technical Support
 
Join Date: Aug 2007
Posts: 587
Hi jimbobmcgee,

We don't know of any negative implications that could apply to your environment as has been revealed by the information you have provided.

Our development team does have a few questions in regard to debugging the initial issue you reported.
You will need to disable the KPT registry option to accurately perform the following tests.
Can the users log in with password authentication when just the group is given access?

Can you give a specific user shell access, then have them log into VShell and run "whoami /groups"?
Do this for both publickey and password authentication.

Also, can you export the VShell config and send the resulting file to us?
The following command can be used to export the VShell configuration:
vshellconfig export --exclude host-keys C:\Temp\vshellconfiguration.xml

The answers to these tests could include sensitive information. Feel free to send your response to support@vandyke.com with the subject of the e-mail set as 'Attn: Kevin Forum Thread 3229'.
Reply With Quote
  #7  
Old 10-07-2008, 07:34 AM
jimbobmcgee jimbobmcgee is offline
Registered User
 
Join Date: Apr 2005
Posts: 21
Quote:
Originally Posted by kbarnette
Hi jimbobmcgee,
Can the users log in with password authentication when just the group is given access?
Yes, provided Public Key authentication is not permitted/requested/supplied.

Quote:
Originally Posted by kbarnette
Can you give a specific user shell access, then have them log into VShell and run "whoami /groups"?
I've never used Shell -- only SFTP -- so wouldn't know where to start. I don't even think I have a client as standard (in WinXP Pro).

Quote:
Originally Posted by kbarnette
Also, can you export the VShell config and send the resulting file to us?
I'd rather not send the whole thing; is there a particular section you are looking for?

J.
Reply With Quote
  #8  
Old 10-07-2008, 09:48 AM
kbarnette kbarnette is offline
VanDyke Technical Support
 
Join Date: Aug 2007
Posts: 587
Hi jimbobmcgee,

Regarding the vshellconfig export information, we are most interested in the 'Access Control' and 'Virtual Roots' categories.
Reply With Quote
  #9  
Old 10-08-2008, 08:19 AM
jimbobmcgee jimbobmcgee is offline
Registered User
 
Join Date: Apr 2005
Posts: 21
I have sent this information to you.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 08:22 PM.