Subscribe for automatic updates: RSS icon RSS

Login icon Sign in for full access | Help icon Help
Advanced search

Pages: [1]
  Reply  |  Print  
Author Topic: Version 3.00.21 build-15390 - @LUSR command @LEGACYUSR  (Read 12985 times)
carl k.
Posts: 8


« on: August 21, 2017, 02:05:57 am »

Hi Support ,
the kerberos/SSO authentication process needs a combination of the legacy usr  and the locally signed in account .
We need to use the @LEGACYUSR setting for the 3.0 client . Previously we were using the @LUSR setting on the 2.4/2.5 clients .

What we are finding is some of our users have been logging into their pc's with a mixed case username , as such this is being passed through to one of the steps of the authentication process (looks like the initial step) . As such it fails as an unknown user on the Unix/Linux servers .

is there anyway we can get a patch or another command to force Lowercase and legacy user ?

Carl Keogh







carl k.
Posts: 8


« Reply #1 on: August 21, 2017, 02:18:30 am »

further to this , is there a setting in the putty section of the config.xml that can be changed to use the legacyusr as well ?
maybe the UserNameFromEnvironment ?
unfortunately I cant find any help on this in the putty helpfiles , or in 4js  ?

<FglttyConfigDiff>
        <Entry key="BugIgnore2" value="0"/>
        <Entry key="BugMaxPkt2" value="0"/>
        <Entry key="CRImpliesLF" value="0"/>
        <Entry key="GSSCustom" value=""/>
        <Entry key="GSSLibs" value="gssapi32,sspi,custom"/>
        <Entry key="KEX" value="dh-gex-sha1,dh-group14-sha1,dh-group1-sha1,WARN,rsa"/>
        <Entry key="LogHost" value=""/>
        <Entry key="PingIntervalSecs" value="30"/>
        <Entry key="SshBanner" value="1"/>
        <Entry key="TCPKeepalives" value="1"/>
        <Entry key="UserNameFromEnvironment" value="0"/>
        <Entry key="WindowClass" value=""/>
        <Entry key="X11AuthFile" value=""/>
      </FglttyConfigDiff>


Hi Support ,
the kerberos/SSO authentication process needs a combination of the legacy usr  and the locally signed in account .
We need to use the @LEGACYUSR setting for the 3.0 client . Previously we were using the @LUSR setting on the 2.4/2.5 clients .

What we are finding is some of our users have been logging into their pc's with a mixed case username , as such this is being passed through to one of the steps of the authentication process (looks like the initial step) . As such it fails as an unknown user on the Unix/Linux servers .

is there anyway we can get a patch or another command to force Lowercase and legacy user ?

Carl Keogh








Reuben B.
Four Js
Posts: 1046


« Reply #2 on: September 04, 2017, 09:42:59 am »

Hi Carl,

I notice there hasn't been a response on this, but also that you started the mail "Hello Support"

The forum isn't the proper support channel.  If you want to raise a support call then you should do it via the proper channel.  If you don't have access to that area on the website but have your support provided via a 3rd party (which I believe is the case with you), then you need to raise it with that 3rd party.  If they don't know the answer they will escalate it up the chain.

If some fellow customers know the answer then they are welcome to provide an answer here in the forum but it isn't guaranteed that they will do so.

To give you some background for the issue you are facing, around Genero 3.0, the value that provides USR and LUSR was changed from SAMAccountName to UserPrincipalName as part of a bug-fix.  I won't go into the details of why this happened as part of a maintenance release and there was no upgrade note written http://4js.com/online_documentation/fjs-gdc-manual-html/#c_gdc_MI30x.html, suffice to say hopefully we have learned our lesson.  LEGACYUSR was added for those that were inconvenienced when they found USR returned a different value, and there could be an argument made for a lower case version of LEGACYUSR and I'd encourage you to do that via proper support channels if required.  Before that though I would encourage you to review your user naming attributes.  A page like this https://msdn.microsoft.com/en-us/library/ms677605(v=vs.85).aspx makes me wonder why anyone is still using SAMAccountName, and that perhaps instead of us adding LEGACYUSR we should be encouraging users to review UserNamingAttributes in order to keep our codebase simple.

Reuben

Product Consultant (Asia Pacific)
Developer Relations Manager (Worldwide)
Author of https://4js.com/ask-reuben
Contributor to https://github.com/FourjsGenero
Pages: [1]
  Reply  |  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines