activating domain users

11 posts / 0 new
Last post
itefix
Online
Last seen: 9 min 6 sec ago
Joined: 01.05.2008 - 21:33
activating domain users

Hi,
I installed copssh on a Windows 2003 server, and this server plus many others won't actually have local accounts that need to access it, but rather domain accounts. I tested changing the activate.sh to look for the account in the domain and add it if it finds it in the domain using the -d switch on mkpasswd. I didn't, however, do anything with groups. It runs ok, creates the passwd entry, the home directory with .ssh directory and correct permissions, but when the user tries to ssh from another system, they get the error: Read from socket failed: Connection reset by peer. Using the -v switch from ssh doesn't show me much different except that it does do the connection. Is there still something I have to activate for domain users on the Windows side? I am a Unix system administrator, not Windows, so I'm not sure what it is looking for. Any help is appreciated, we have a major project depending on it!

Thanks!!!

itefix
Online
Last seen: 9 min 6 sec ago
Joined: 01.05.2008 - 21:33
Re: activating domain users

Hi,
I must admit that domain user support in copSSH is minimal. copSSH is designed for accessing remote servers for console-based or -tunnelled administration, by using local users.

I will investigate this problem and try to come with a solution.

itefix
Online
Last seen: 9 min 6 sec ago
Joined: 01.05.2008 - 21:33
Re: activating domain users

I wrote two experimental scripts that can be downloaded here.
Rgrds Tev

itefix
Online
Last seen: 9 min 6 sec ago
Joined: 01.05.2008 - 21:33
Re: activating domain users

Thank you for the scripts. I am testing them out now, and will report here if they work. Thanks so much!
Jackie

itefix
Online
Last seen: 9 min 6 sec ago
Joined: 01.05.2008 - 21:33
Re: activating domain users

The activation works great. However, when I run the deactiate script and deactivate a user, then any other users that were previously activated then stop working and get the "Read from socket failed: Connection reset by peer" error. If I then add another user using the domain activation script, the other userids then start working again as well until the next deactivation.
Thanks!

itefix
Online
Last seen: 9 min 6 sec ago
Joined: 01.05.2008 - 21:33
Re: activating domain users

Hmm :-) Can you update the script as follows and try again ?
-------------
# Update /etc/group
mkgroup -l -u > /etc/group
mkgroup -l -g users >> /etc/group
-------------

Replace users with "Domain Users".

itefix
Online
Last seen: 9 min 6 sec ago
Joined: 01.05.2008 - 21:33
Re: activating domain users

By the way, I never reported back that this works great, the domain users works like a charm. Thank you so much for your development, support and packaging of this product! Saved me a lot of time!
[quote="support"]Hmm :-) Can you update the script as follows and try again ?

-------------
# Update /etc/group
mkgroup -l -u > /etc/group
mkgroup -l -g users >> /etc/group
-------------

Replace users with "Domain Users".
[/quote]

itefix
Online
Last seen: 9 min 6 sec ago
Joined: 01.05.2008 - 21:33
Re: activating domain users

Hi,I get the following error even when I try the new script to activate a domain user. Any idea what could be going wrong?

Do you want to activate a (l)ocal or a (d)omain user [l/d] ?d
Enter a user account for activation : flace
Enter a domain name for activation: fly.net
Directory /home/flace does already exist. Remove it ? (y/n) n
mkpasswd (731): [2453] Could not find domain controller for this domain.

Thanks
f!ace

itefix
Online
Last seen: 9 min 6 sec ago
Joined: 01.05.2008 - 21:33
Re: activating domain users

It seems that the problem is related to mkpasswd utility. Try to give the name of your domain controller as domain name.

itefix
Online
Last seen: 9 min 6 sec ago
Joined: 01.05.2008 - 21:33
Re: activating domain users

It's worth mentioning that the manual changes described here, have been incorporated into the source code and exist in the current build of CopSSH. Pulling the 2 .sh files referenced in this thread and adding them to your build would actually downgrade those files instead of upgrade them.

itefix
Online
Last seen: 9 min 6 sec ago
Joined: 01.05.2008 - 21:33
Re: activating domain users

Hi,
Thank you for your warning. As you mention, activating domain users is supported by copSSH as of version 1.3.3.

Rgrds Tev

Topic locked