dswope79
asked on
FTP Server and Server 2008 R2 Problems
I am at my wits end with the new features and setup of FTP with Server 2008 R2. I simply cannot get
it to function properly.
What I want to accomplish (and what I have acimplished in 2003 R2) is:
Domain users log on to FTP using their AD credentials and are isolated to their virtual directory.
Virtual directories do match the names of the AD accounts.
The steps that I have taken are as follows
1. Add FTP Site
2. Name FTP Site
3. Physical Path (pointed to previously create "FTP" directory on root of C:\)
4. Binding, IP address set to local server IP, port 21
5. No SSL
6. Authentication set to Basic
7. Authorization, allow access to "specified roles or user groups"
8. Typed in "Domain Users"
9. Permissions set to Read/Write
10. Finish
This is all basic FTP setup minus the new Authorization in step 7. When clicking on the FTP Site, FTP
Authntication is set to Basic (with domain name added). FTP Authorzation Rules set to "Specified
roles or user groups" (Domain Users).
To go a little deeper this is what my FTP directory structure looks like
C:\FTP\
domainname (LocalUser on 2003)\
Customer
Downloads
Users
The directories above have appropriate NTFS permissions added. From my local machine I can browse and
see the shares, I get prompted for credentials in IE when going to ftp://servername but cannot login
(not even with domain admin)
I am going to continue to play with this but this is utterly ridiculous at this point. I don't
understand why MS has to make this more difficult than it has to be and has been in 2003 R2?
it to function properly.
What I want to accomplish (and what I have acimplished in 2003 R2) is:
Domain users log on to FTP using their AD credentials and are isolated to their virtual directory.
Virtual directories do match the names of the AD accounts.
The steps that I have taken are as follows
1. Add FTP Site
2. Name FTP Site
3. Physical Path (pointed to previously create "FTP" directory on root of C:\)
4. Binding, IP address set to local server IP, port 21
5. No SSL
6. Authentication set to Basic
7. Authorization, allow access to "specified roles or user groups"
8. Typed in "Domain Users"
9. Permissions set to Read/Write
10. Finish
This is all basic FTP setup minus the new Authorization in step 7. When clicking on the FTP Site, FTP
Authntication is set to Basic (with domain name added). FTP Authorzation Rules set to "Specified
roles or user groups" (Domain Users).
To go a little deeper this is what my FTP directory structure looks like
C:\FTP\
domainname (LocalUser on 2003)\
Customer
Downloads
Users
The directories above have appropriate NTFS permissions added. From my local machine I can browse and
see the shares, I get prompted for credentials in IE when going to ftp://servername but cannot login
(not even with domain admin)
I am going to continue to play with this but this is utterly ridiculous at this point. I don't
understand why MS has to make this more difficult than it has to be and has been in 2003 R2?
ASKER
Yes, I opened them using the exact same commands you have there.
ASKER
When using FileZila I keep getting the following error
atus: Resolving address of server@domain.local
Status: Connecting to x.x.x.x:21...
Status: Connection established, waiting for welcome message...
Response: 220-Microsoft FTP Service
Response: 220 Company Name
Command: USER user@domain.local
Response: 331 Password required for user@domain.local.
Command: PASS *********
Response: 530 User cannot log in, home directory inaccessible.
Error: Critical error
Error: Could not connect to server
Status: Delaying connection for 5 seconds due to previously failed connection attempt...
The above was an internal attempt at connecting.
atus: Resolving address of server@domain.local
Status: Connecting to x.x.x.x:21...
Status: Connection established, waiting for welcome message...
Response: 220-Microsoft FTP Service
Response: 220 Company Name
Command: USER user@domain.local
Response: 331 Password required for user@domain.local.
Command: PASS *********
Response: 530 User cannot log in, home directory inaccessible.
Error: Critical error
Error: Could not connect to server
Status: Delaying connection for 5 seconds due to previously failed connection attempt...
The above was an internal attempt at connecting.
ASKER
Some omre steps I have taken with no success
Added firewall exceptions
netsh advfirewall firewall add rule name="FTP (no SSL)" action=allow protocol=TCP dir=in localport=21
netsh advfirewall set global StatefulFtp enable
Added program exception per
http://www.bunkerhollow.com/blogs/matt/archive/2010/05/02/windows-server-2008-r2-ftp-and-firewall-setup.aspx
Followed this for isolation process
http://learn.iis.net/page.aspx/305/configuring-ftp-75-user-isolation/
Which is where I followed the directions and created the "domain name" folder under the FTP root instead of "LocalUser" as done in 2003 R2
"Windows domain accounts
(requires basic authentication)
%FtpRoot%\%UserDomain%\%Us erName%"
Added firewall exceptions
netsh advfirewall firewall add rule name="FTP (no SSL)" action=allow protocol=TCP dir=in localport=21
netsh advfirewall set global StatefulFtp enable
Added program exception per
http://www.bunkerhollow.com/blogs/matt/archive/2010/05/02/windows-server-2008-r2-ftp-and-firewall-setup.aspx
Followed this for isolation process
http://learn.iis.net/page.aspx/305/configuring-ftp-75-user-isolation/
Which is where I followed the directions and created the "domain name" folder under the FTP root instead of "LocalUser" as done in 2003 R2
"Windows domain accounts
(requires basic authentication)
%FtpRoot%\%UserDomain%\%Us
ASKER
This works as long as I remove isolation and select "user name directory" under "Do not isolate users. Start in". Some small piece is missing here
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I got this on my own
You can run these commands and try again
netsh advfirewall firewall add rule name="FTP (no SSL)" action=allow protocol=TCP dir=in localport=21
netsh advfirewall set global StatefulFtp enable