IIS 7 and FTP 7.5 USer Isolation Issue

Hi Everyone,

Here is my sitauation, i've scoured the internet for a solution but found nothing, really hoping someone can help!

    * I have an SBS 2008 server behind an ISA 2006 firewall.
    * I have applied the IIS 7 FTP 7.5 Update on the system and my FTP site works perfectly when user isolation is not enabled.
    * My FTP root is currently set to D:\FTP Sites\ - This site allows annonymouse read access and full admin access, this works perfectly internally and externally.

My site bindings are 192.168.68.3 on port 21 with the host name field left blank.

    * If I enable "Username Directory" isolation and setup a virtual directory to point to a folder with the same username as my login account, the login fails. I just keep getting represented with the password box. This is being tried locally on the server.
    * If I enable "Username Physical Directory" and login I get redirected correctly to the folder \%ftproot%\localdomain\username - this works fine internally and externally.

However the problem is that this setting only works for my adminstrator account (note: this is not the built in one it is the one we created some time ago for administering the system). If I set this up for other users and create the respective folders under \%ftproot%\localdomain\ for thier usernames I cannot login. I just keep getting represented with the password box.

To try and fix this I have cretaed a security group called "FTPusers" and give this group full rights to the FTProot this hasn't helped at all.

Any ideas? I'm totally stuck!

Thanks very much.

Dave
TriumphLTDAsked:
Who is Participating?
 
Brad HoweConnect With a Mentor DevOps ManagerCommented:
Hi,

Here is just an example from previous posts i have answerwed.

First, In FTP Authentication. Do you have Basic Authaurization enabled?

Secondly, In FTP Authorization Rules, Did you specify all the users as

Mode:Allow Users:administraotr  Permissions:Read,Write
Mode:Allow Users:clientA        Permissions:Read
Mode:Allow Users:clientB        Permissions:Read

Are these domain users or locally craeted users? See physical directory path below for this question :)

IIS user isolation required that the phyiscal root directories be setup like such matching the user ID.

D:\FTP Sites\LocalUser\administrator
D:\FTP Sites\LocalUser\ClientA
D:\FTP Sites\LocalUser\ClientB
D:\FTP Sites\LocalUser\ClientC

The KEY folder here is "LocalUser".

Don't forget to restrict permissions so that only administrators or the Machine\Client(A|B|C) can read/write to the specified folders.

USER ISOLATION:
Select the option "User name directory (disable global virtual directories) " in the FTP user isolation feature.

Now for the administrator. Here is the trick - Create a virtual Directory in IIS Manager under the D:\FTP Sites\LocalUser\administrator\<call it Root or --Toplevel--> and have it point to the D:\FTP Sites\.  Now your admin can login and go thorugh all folders with isolation setup.

User Account Types                    Physical Home Directory Syntax
  Anonymous users                        %FtpRoot%\LocalUser\Public
  Local Windows user accounts     %FtpRoot%\LocalUser\%UserName%
  Windows domain accounts          %FtpRoot%\%UserDomain%\%UserName%
  IIS Manager or ASP.NET custom  %FtpRoot%\LocalUser\%UserName%
 

Let me know if you have any issues,

Hades666
0
 
TriumphLTDAuthor Commented:
Excellent solution and an excellent post. Thankyou!
0
 
TriumphLTDAuthor Commented:
Just so everyone knows the part that fixed this for me was adding each account that needs access into the "FTP Authorization Rules". What have actually done is create a security group called "FTPusers" and added this group into the authorisation rules. Cheers Hades!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.