| | |
| ||
| ||
     |
On Windows, the user name is generally handled similarly irrespective of which user authentication method you use: password, public keys, certificates, keyboard-interactive, or GSSAPI.
By default, SSH Tectia Server on Windows treats logon user names as user accounts of the default domain in case the computer belongs to a domain, but if no match is found, the user will be treated as a local user.
In case you wish to decide specifically how the user names should be
treated, you can define it in the SSH Tectia Server configuration on the Domain
Policy page using the GUI configuration tool (see Domain Policy) or with the domain policy
setting in the XML configuration file (see description of domain-policy).
Table 5.1. Principles of user name handling on Windows hosts in a domain
| Situation | How the SSH Tectia Server treats user names |
|---|---|
| No domain policy defined: | |
No prefix → | 1. Domain user name tried first |
| 2. Local user name tried only if domain name not found | |
| Prefix defined → | According to the prefix |
| Domain policy defined in SSH Tectia Server configuration: | |
| Prefix or no prefix → | According to the domain policy |
Normally when logging on to a server, you specify the target computer and optionally your user name, for example:
$ sshg3 win-server
OR
$ sshg3 user@win-server
In case the user does not specify the user name or a prefix for it indicating whether it is a local or a domain user name, and if the Windows server belongs to a domain, the user name is assumed to be a domain user name and the name of the server's default domain is added as the prefix when checking the existence of a user account:
DOMAIN\user@win-server
If no prefix is specified by the user, and if no matching domain user name is found, the user will be treated as a local user and the local computer name is automatically added as the prefix when checking the existence of a user account:
win-server\user@win-server
If you want to make sure that the local user name is used to log on to
a Windows domain machine, you have to explicitly indicate that you are using
a local account. You can either specify the local machine name as the domain
part of the user name: win-server\user@win-server; or you
can use shorthand notation / or \
as follows: /user@win-server.
The shorthand notation with / or \ is applicable in case the user does not know the host names but connects using the IP address. The shorthand notation is also a quick way of avoiding repeating long host names.
| |
Copyright 
2008 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information