• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 995
  • Last Modified:

FTP Server and Server 2008 R2 Problems

I am at my wits end with the new features and setup of FTP with Server 2008 R2. I simply cannot get

it to function properly.

What I want to accomplish (and what I have acimplished in 2003 R2) is:

Domain users log on to FTP using their AD credentials and are isolated to their virtual directory.

Virtual directories do match the names of the AD accounts.

The steps that I have taken are as follows

1. Add FTP Site
2. Name FTP Site
3. Physical Path (pointed to previously create "FTP" directory on root of C:\)
4. Binding, IP address set to local server IP, port 21
5. No SSL
6. Authentication set to Basic
7. Authorization, allow access to "specified roles or user groups"
8. Typed in "Domain Users"
9. Permissions set to Read/Write
10. Finish

This is all basic FTP setup minus the new Authorization in step 7. When clicking on the FTP Site, FTP

Authntication is set to Basic (with domain name added). FTP Authorzation Rules set to "Specified

roles or user groups" (Domain Users).

To go a little deeper this is what my FTP directory structure looks like

C:\FTP\
            domainname (LocalUser on 2003)\
                                                                   Customer
                                                                   Downloads
                                                                   Users
       
The directories above have appropriate NTFS permissions added. From my local machine I can browse and

see the shares, I get prompted for credentials in IE when going to ftp://servername but cannot login

(not even with domain admin)

I am going to continue to play with this but this is utterly ridiculous at this point. I don't

understand why MS has to make this more difficult than it has to be and has been in 2003 R2?
0
dswope79
Asked:
dswope79
  • 6
1 Solution
 
lalocehCommented:
Did you open the necessary ports in the Firewall?

You can run these commands and try again

netsh advfirewall firewall add rule name="FTP (no SSL)" action=allow protocol=TCP dir=in localport=21
netsh advfirewall set global StatefulFtp enable

0
 
dswope79Author Commented:
Yes, I opened them using the exact same commands you have there.
0
 
dswope79Author Commented:
When using FileZila I keep getting the following error

atus:      Resolving address of server@domain.local
Status:      Connecting to x.x.x.x:21...
Status:      Connection established, waiting for welcome message...
Response:      220-Microsoft FTP Service
Response:      220 Company Name
Command:      USER user@domain.local
Response:      331 Password required for user@domain.local.
Command:      PASS *********
Response:      530 User cannot log in, home directory inaccessible.
Error:      Critical error
Error:      Could not connect to server
Status:      Delaying connection for 5 seconds due to previously failed connection attempt...


The above was an internal attempt at connecting.
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
dswope79Author Commented:
Some omre steps I have taken with no success

Added firewall exceptions

netsh advfirewall firewall add rule name="FTP (no SSL)" action=allow protocol=TCP dir=in localport=21
netsh advfirewall set global StatefulFtp enable


Added program exception per

http://www.bunkerhollow.com/blogs/matt/archive/2010/05/02/windows-server-2008-r2-ftp-and-firewall-setup.aspx

Followed this for isolation process

http://learn.iis.net/page.aspx/305/configuring-ftp-75-user-isolation/

Which is where I followed the directions and created the "domain name" folder under the FTP root instead of "LocalUser" as done in 2003 R2

"Windows domain accounts
(requires basic authentication)
%FtpRoot%\%UserDomain%\%UserName%"




 

0
 
dswope79Author Commented:
This works as long as I remove isolation and select "user name directory" under "Do not isolate users. Start in". Some small piece is missing here
0
 
dswope79Author Commented:
I got it figured out
0
 
dswope79Author Commented:
I got this on my own
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now