[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 502
  • Last Modified:

IIS 6 FTP server won't accept AD domain account logins

I've got a problem setting up an FTP server on IIS6. I have a dedicated webserver which is part of a domain (it's being run as an application server only). My web site is set up and working fine. However, I cannot get the FTP server set up so that only certain domain users can login.

What happens is that no matter how I have it set up, it asks for a user name and password, and will not accept the admin accounts I enter. It will not accept any domain accounts. It will accept anonymous logins if I check that option in the FTP properties, but still will not accept domain account logins. I've tried all the admin accounts, and I've made sure that the folder permissions indicate that these users have full control.

I've quadruple checked the permissions, and I do *not* have the "accept only anonymous logins" function checked for this.

I have another web server with this same setup, and it works fine. I've tried to make the settings identical, but still no-go. I'm obviously missing something. Something that's probably obvious. :)

Any help with this is appreciated; I'd like to take the server live soon, and without FTP access to the website, I can't do it yet.
0
purplegenie93
Asked:
purplegenie93
  • 3
  • 2
1 Solution
 
LazarusCommented:
I'm not exactly sure you you have things setup from your question but you might try this MS article: http://support.microsoft.com/Default.aspx?id=184319
Also an excellent source for IIS FTP isScott Forsyth's WebLog : http://weblogs.asp.net/owscott/archive/2004/03/10/87262.aspx

Between those two you should be able to get your FTP working.
0
 
LazarusCommented:
Hmm.. sorry but please refer to PART 1 of the Forsyth article.. http://weblogs.asp.net/owscott/archive/2004/02/05/68423.aspx The above link was part 2 of it.
0
 
purplegenie93Author Commented:
It seems that the issue had to do with the FTP server being on an application server and not one of the DCs. I found that I needed to either create a local account for an FTP login (this worked fine) or had to prefix my username with the domain name (even though it's an admin account, and the FTP server is on the domain).

I opted to us the local account log-in only, for security reasons.

My question is now, why are the Built-in security accounts in the AD not available on my web/ftp server in assigning permissions -- even though it's not a DC, shouldn't I still be able to assign those groups, just as I would on a workstation?
0
 
LazarusCommented:
No they shouldn't... You have to be DCPROMO it to be able to have that access to the AD. Other wise it's just a server and does not know AD.
0
 
purplegenie93Author Commented:
This solves the mystery, thanks! (I'm just learning Windows Server 2003, and have big holes in my knowledge; I appreciate the help!)
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now