amlydiate
asked on
Help with Isolated FTP Access on Server 2008 R2
Hi All,
Really need some urgent help with a problem please.
I've set up a virtual 2008 R2 Server for use by a number of different external clients to transfer files to my main client. This is a system I've set up successfully twice before on a real server and recently on another virtual server so I thought I knew what I was doing.
My problem is I've set up the FTP Site in IIS and set up an FTP Folder on the local Disk C: in which I have created 16 individual folders named FTPUser01 - FTPUser16. The physical path to the folders is as follows: C:\FTP\DomainName\ and in there are the folders FTPUser01 e.t.c.
I've shared each FTPUser sub folder on the network and made sure I can open the share using the UNC name. The share name is \\SERVERNAME\FTP\DOMAINNAM
I've created AD users named FTPUser01 - FTPUser16 and gone into the Attribute Editor in each user and set the msIIS-FTPDir to the appropriate subfolder name i.e. FTPUser01 and the msIIS-FTPRoot to \\SERVERNAME\FTP\DOMAINNAM
I've logged on to the FTP site from another computer and for testing purposes have entered username FTPuser01 and the appropriate password but each time I end up looking at the root folder (C:\FTP\DOMAINNAME) rather than the sub folder of C:\FTP\DOMAINNAME\FTPUser0
Can anyone please tell me where I may have gone wrong as it's driving me mad and it's urgent I get it working properly so that each username logs on to their own subfolder.
Many thanks
Adam
Really need some urgent help with a problem please.
I've set up a virtual 2008 R2 Server for use by a number of different external clients to transfer files to my main client. This is a system I've set up successfully twice before on a real server and recently on another virtual server so I thought I knew what I was doing.
My problem is I've set up the FTP Site in IIS and set up an FTP Folder on the local Disk C: in which I have created 16 individual folders named FTPUser01 - FTPUser16. The physical path to the folders is as follows: C:\FTP\DomainName\ and in there are the folders FTPUser01 e.t.c.
I've shared each FTPUser sub folder on the network and made sure I can open the share using the UNC name. The share name is \\SERVERNAME\FTP\DOMAINNAM
I've created AD users named FTPUser01 - FTPUser16 and gone into the Attribute Editor in each user and set the msIIS-FTPDir to the appropriate subfolder name i.e. FTPUser01 and the msIIS-FTPRoot to \\SERVERNAME\FTP\DOMAINNAM
I've logged on to the FTP site from another computer and for testing purposes have entered username FTPuser01 and the appropriate password but each time I end up looking at the root folder (C:\FTP\DOMAINNAME) rather than the sub folder of C:\FTP\DOMAINNAME\FTPUser0
Can anyone please tell me where I may have gone wrong as it's driving me mad and it's urgent I get it working properly so that each username logs on to their own subfolder.
Many thanks
Adam
Last Comment
ASKER
Ah thanks, that's a new one on me and have never had to select it in the past, however I've gone into IIS and selected Isolate Users - Restrict users to the following directory (username directory) as per the link in your post. Now unfortunately when I try to authenticate via FTP it won't accept the password and just asks for it again and again whereas before it would authenticate but take me to the wrong directory. I'm sure we're close and would really appreciate a bit more help if possible..
Thanks very much
Adam
Thanks very much
Adam
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Ok I deleted the site and added it again, pointed it to the root directory and it automatically picked up all the FTPUser folders so I tested again. Didn't work same as before.
Checked the Windows Security logs and get the following event when I try to log on as FTPUser01 in FTP:
Event 4776: The computer attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_P
Logon Account: FTPUser01
Source Workstation: SCMAINFTP
Error Code: 0x0
I've also found an FTP log file which says:
2013-01-08 16:11:38 SERVERIPADDRESS - MYIPADDRESS ControlChannelOpened - - 0 0 2d3a484f-fe20-4a63-9a26-c2
2013-01-08 16:11:38 SERVERIPADDRESS- MYIPADDRESSUSER FTPUser01 331 0 0 2d3a484f-fe20-4a63-9a26-c2
2013-01-08 16:11:38 SERVERIPADDRESS DOMAINNAME\FTPUser01 SERVERIPADDRESS 21 PASS *** 530 3 3 2d3a484f-fe20-4a63-9a26-c2
2013-01-08 16:11:38 SERVERIPADDRESS- MYIPADDRESSControlChannelC
None of which means a thing to me!
Checked the Windows Security logs and get the following event when I try to log on as FTPUser01 in FTP:
Event 4776: The computer attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_P
Logon Account: FTPUser01
Source Workstation: SCMAINFTP
Error Code: 0x0
I've also found an FTP log file which says:
2013-01-08 16:11:38 SERVERIPADDRESS - MYIPADDRESS ControlChannelOpened - - 0 0 2d3a484f-fe20-4a63-9a26-c2
2013-01-08 16:11:38 SERVERIPADDRESS- MYIPADDRESSUSER FTPUser01 331 0 0 2d3a484f-fe20-4a63-9a26-c2
2013-01-08 16:11:38 SERVERIPADDRESS DOMAINNAME\FTPUser01 SERVERIPADDRESS 21 PASS *** 530 3 3 2d3a484f-fe20-4a63-9a26-c2
2013-01-08 16:11:38 SERVERIPADDRESS- MYIPADDRESSControlChannelC
None of which means a thing to me!
ASKER
OK. So I've started again from scratch and created a new FTP Site. I've created some new User folders and pointed the IIS Site to the root of that folder and it's picked up all of the subfolders o.k. I've removed the msIIS-FTPDir and msIIS-FTPRoot settings in the Attribute Editor section of the username in ADUC (just in case this was causing a problem)
I've allowed all users Read/Write access to FTPUser01 Folder in IIS but NOT set FTP User Isolation. When I connect via FTP to FTPUser01 it authenticates but sends me to the root directory.
The moment I then enable FTP User Isolation and select User name directory (disable global virtual directories) I can no longer authenticate.
Does this help at all?
Thanks
Adam
I've allowed all users Read/Write access to FTPUser01 Folder in IIS but NOT set FTP User Isolation. When I connect via FTP to FTPUser01 it authenticates but sends me to the root directory.
The moment I then enable FTP User Isolation and select User name directory (disable global virtual directories) I can no longer authenticate.
Does this help at all?
Thanks
Adam
ASKER
Fixed it!
O.K. Here's what I did. I deleted the whole C:\FTP folder and started again. I created C:\FTP then a subfolder named after the domain but this time I left off the domain extension (before I had the subfolder as domain.com) so now with the folder structure as C:\FTP\DOMAIN\FTPuser01 e.t.c. I can enable User Isolation in IIS and it works perfectly.
Thanks very much for your help, I think the problem all along was actually the domain subfolder incorrectly having the .com at the end and the FTPuser Isolation setting in IIS is probably the same as going into the attribute editor in ADUC and adding the FTP root folder and the user folder however i'm awarding you the points anyway as you've been really helpful and pointed me in the right direction
O.K. Here's what I did. I deleted the whole C:\FTP folder and started again. I created C:\FTP then a subfolder named after the domain but this time I left off the domain extension (before I had the subfolder as domain.com) so now with the folder structure as C:\FTP\DOMAIN\FTPuser01 e.t.c. I can enable User Isolation in IIS and it works perfectly.
Thanks very much for your help, I think the problem all along was actually the domain subfolder incorrectly having the .com at the end and the FTPuser Isolation setting in IIS is probably the same as going into the attribute editor in ADUC and adding the FTP root folder and the user folder however i'm awarding you the points anyway as you've been really helpful and pointed me in the right direction
Glad you got it fixed, and you're probably 100% correct about the the isolation control just changing the relevant ADUC settings anyway, just going on the basis that with IIS perms being fairly awkward to fix once they're wrong, and creating sites with the right settings being so easy tearing it down and starting again's often the smart option.
Interesting about the folder extension though, I'll do a bit of testing with that if I get bored and find out what's going on...
Interesting about the folder extension though, I'll do a bit of testing with that if I get bored and find out what's going on...
Windows Server 2008
Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
http://www.orcsweb.com/blog/terri/how-to-set-up-ftp-access-for-multiple-users-with-user-isolation/
This will allow you to disable the global default ftp folder, and isolate the users to folders called <username>.