SFTP users are not getting to correct home directory

  • 7002954
  • 09-Apr-2009
  • 26-Apr-2012

Environment

Novell NetWare 6.5 Support Pack 8

Situation

NOTE:  Some of this document is specific to a NetWare Cluster scenario.  However, items 1, 3, & 4 in the resolution section all apply to non-cluster scenarios as well.
 
A NetWare Cluster node (i.e. NODE1) is acting as an SSH server.  The configuration (in sys:etc/ssh/sshd_config ) has been set to ignore users' Edir home directory settings, and put users in a default home directory on a certain cluster volume (i.e. CL_VOL1), which resides on the same node.  However, instead of reaching that cluster volume, the user is put in the root of the SYS volume.

Resolution

Several things can be coming into play:
 
1.  If this user is Admin, or Admin equivalent, or has supervisor rights to the node server object in eDir:  SSHD.NLM handles these users differently from other users.  It will not ignore their Edir home directory setting, even if the configuration file is set to do that.  Those users will reach their eDir home directory, or if none is set, they will reach the root of SYS.
 
2.  SSHD.NLM will not consider a Cluster volume to be associated with a server's Node name, even if the cluster volume currently resides on that node.  So if the configuration points to a certain cluster volume as the default user volume, it must also point to the cluster virtual server name as the default user server.  For example:
 
DefaultUserHomeVolume CLVOL1
DefaultUserHomeServer CLUST_CLVOL1_S
 
Note:  The cluster virtual server is a server object whose name typically is a combination of the cluster name and cluster volume name.  If the name is not known, it should be relatively easily found in the tree, in the same container as the cluster volume object.
 
3.  SSHD must be able to find the user object, volume object, and server object within the area(s) of the tree it is searching.  Those search areas are controlled by the eDirNameContext settings in sys:etc\ssh\sshd_config .  More than one setting can be made (each on separate lines) in order to search multiple contexts.  Also, entire subtrees can be searched by following the context with special scope syntax, as follows:
 
eDirNameContext ou=users.o=company?scope=subtree
eDirNameContext ou=servers.o=company?scope=subtree
 
4.  Fixes have been made to the home directory determination and validation logic in SSHD.NLM, and are present in NetWare 6.5 SP8.  If SP8 cannot yet be applied, the individual SSHD updates can be obtained and used on SP7:
 
Download new SSH files from:
 
Follow the instructions in the readme.