Recently we got an issue reported, where non admin local user were unable to do RSH from member server.
Below were our observation based on our testing:
- As per our testing on lab machines, we found that the issue was coming when we were logged in as a non-admin local account
- The error message was message “rcmd: unknown user: localusr”.
- Reinstalling SUA SDK on the member server did not resolve the issue
- Also, we were able to do a ‘rsh’ while logged in as local administrator account
- If we take the machine out of the domain, then the local non admin users had no issue doing ‘rsh’
- With, further research, we found that the issue was with the “PrincipalDomain” which was set for SUA
- Running the pdomain command from the korn shell gave the “PrincipalDomain” name. This was set to the domain name on the member server.
- Hence when we were running the command as domain user, rsh was working and local account was failing.
- So, as a first step, we created a user with the same name (as local account) in the domain. Now, we got different error while running the rsh command "Operation not permitted”.
- Hence we changed the “PrincipalDomain” which was set for SUA and this resolved the issue.
Steps to change the “PrincipalDomain” forSUA: (Resolution)
- Open regedit
- Browse to the location HKLM\Software\Microsoft\SUA
- Click on new String Value and put the name as PrincipalDomain
- Edit the registry key and put the hostname of the local machine
- Reboot the machine
- Once the box is rebooted, login with the non-admin local account
- Open Korn shell (ksh –l) and run the pdomain command
- It should show the hostname of the machine instead of the domain name.
- Now run the rsh command. This should works.
BTW, making the changes will not affect running rsh command as domain user