Using Bitvise SSH Server in a domain
Bitvise SSH Server fully supports environments with domain, domain forest, and Unix realm authentication. Since version 5.50, changes to Active Directory settings are no longer necessary to authenticate against the SSH server.
Windows domain order
Since version 5.50, Bitvise SSH Server no longer requires the Domain Order setting to enable login with non-fully-qualified usernames. Domain users are now able to log in, without providing a domain name as part of their username, using default SSH server settings.
The Windows domain order feature is still supported for administrators who wish to explicitly configure the order in which non-fully-qualified usernames should be looked up, to ensure predictable results.
Loading Windows Profiles
When configuring Bitvise SSH Server to provide SFTP and SCP access for domain users, users may have large Windows profiles that will be loaded before the user's file transfer session can start. Very large profiles may delay session startup. If you wish to prevent the SSH server from loading Windows profiles, please note that any of the following conditions will cause Bitvise SSH Server to load a user's Windows profile:
- "Map remote home directory" is enabled for the user in Advanced settings.
- "Map remembered shares" is enabled for the user in Advanced settings.
- There is an on-logon or on-logoff command configured to run in the user's context, and the "Do not load profile" option in the settings for the command is disabled.
- A terminal shell is opened by the client.
- An exec request is executed by the client.
- The client starts an SCP or SFTP session, and the "Load profile for SCP and SFTP" setting is enabled for the user in Advanced settings.
If you wish to prevent the SSH server from loading Windows profiles, you will need to make sure that none of the above conditions apply.