KpyM Telnet/SSH Server - Forum
SFTP Permissions trouble
JasonG SFTP Permissions trouble
Hi there,

I'm trying to configure sftp access for a specific domain user and have added the read/execute permissions for this user on the file-transfer.allowed (actually on all 3 for troubleshooting).

Yet, in the log I see the line:
1112 : 6856 2011- 4-18 15:51: 9 4 : 0: login refused: [ userName ] - Logon failure: the user has not been granted the requested logon type at this computer.

What makes me wonder is a domain user who is a member of machine\Administrators via the Domain Admins (has full control of file-transfer.allowed) is able to connect via sftp.

Anyone has ideas what I'm missing?

Kroum Grigorov
>Logon failure: the user has not been granted the requested logon type at this computer.

You need "logon locally" right granted to your user on the machine. This is the OS itself that denies logon to the user. Internally KTS will spawn a thread/proces under the indentity of your user but windows does not allow it since your user is denied to log on this machine.

Revert back your custom security on the *.allowed files, adjust the user rights on this machine and confirm your user can start a terminal session.

Then you can continue securing your box through *.allowed files


Thank you Kroum, you hit the nail on the head.

Guess I'm stuck with this (there's an AD policy for this OU denying logon locally for domain users) and need to move this service onto a different machine.

I can see the simplicity of the local thread running as a user. But maybe someday sftp can be a separate service which multiplex user sessions as separate threads under the service account. It's a thought anyway but then makes a lot of complication for security.

Thank you again and it is instructional reading through the code.


© 2007 - 2008 Kroum Grigorov
Powered by phpBB © 2001, 2005 phpBB Group