Win32-OpenSSH icon indicating copy to clipboard operation
Win32-OpenSSH copied to clipboard

Published 20 hours ago verified publisher icon PowerShell

OpenSSH fails to authenticate user with AD group

Open Visheeeee opened this issue 2 years ago • 3 comments
trafficstars

Prerequisites

  • [X] Write a descriptive title.
  • [X] Make sure you are able to repro it on the latest version
  • [X] Search the existing issues.

Steps to reproduce

I have installed and setup OpenSSH on Windows 2019. I have edited the sshd_config file to allow access to a particular AD group as shown below :

AllowGroups domain\group_name

When I try to login to the server using my WinSCP, it authenticates successfully when I just provide the user ID without the domain name or user ID with the domain as the prefix Ex : user1 or domain\user1 and not user1@domain. However, when I enter user1@domain instead of just user1, it fails to authenticate and log me into the server. Subsequently, when I try the first method of using just user1, it continues to fail to authenticate. At this point I am forced to reinstall OpenSSH as restarting the sshd service or the system has no effect.

Expected behavior

The expected behavior should be such that user1, domain\user1 as well as user1@domain should be authenticated successfully while logging into the server using WinSCP.

Actual behavior

However, only the first two methods work successfully while the third method fails.

Error details

No response

Environment data

Name                           Value                                                                                                                                                                                                                             
----                           -----                                                                                                                                                                                                                             
PSVersion                      5.1.17763.3770                                                                                                                                                                                                                    
PSEdition                      Desktop                                                                                                                                                                                                                           
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                                                                                                           
BuildVersion                   10.0.17763.3770                                                                                                                                                                                                                   
CLRVersion                     4.0.30319.42000                                                                                                                                                                                                                   
WSManStackVersion              3.0                                                                                                                                                                                                                               
PSRemotingProtocolVersion      2.3                                                                                                                                                                                                                               
SerializationVersion           1.1.0.1

Version

5.1.17763.3770

Visuals

No response

Visheeeee avatar Mar 01 '23 14:03 Visheeeee

@Visheeeee, is this machine domain joined?

maertendMSFT avatar Mar 06 '23 19:03 maertendMSFT

@Visheeeee I can't repro this issue on my side. Can you give us some more details on your setup? What version of OpenSSH are you using? Are both the client and server machines domain joined?

vthiebaut10 avatar Mar 08 '23 22:03 vthiebaut10

@Visheeeee Could you please share the DEBUG3 server side logs so we can help you debug? To get the server side logs, change the sshd_config logging settings to:

# Logging
SyslogFacility LOCAL0
LogLevel DEBUG3

Then restart SSHD ("net stop sshd", "net start sshd") and repeat the failing scenario. The logs will be written to C:\ProgramData\ssh\logs\sshd.logs.

vthiebaut10 avatar Mar 09 '23 16:03 vthiebaut10