|
Home > Archive > IIS FTP Server > February 2005 > FTP, Internet Explorer, and FTP user names with UPN suffix
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
FTP, Internet Explorer, and FTP user names with UPN suffix
|
|
|
| Folks,
I'm confounded by some problems with MS FTP and especially using IE.
Try this as an experiment:
1. Set up an Active Directory user account that is greater than 20
characters (up to 30 characters), not including the UPN suffix. For example
(e.g., christopher.abbazabba123456789@mydomain.com)
2. Set up a virtual directory to isolate the user using their user name
(christopher.abbazabba123456789@mydomain.com).
3. Set up Modify permissions for the user on that folder.
4. Log in to an FTP server from the command line. You should be able to get
in.
4. Then try any other FTP program (except Microsoft Internet Explorer). You
should get in fine.
5. Now try Internet Explorer. It seems to not recognize the "@mydomain.com"
UPN suffix and will not allow access to the FTP site.
Is this by design, or am I experiencing an anomaly? What's the deal with not
being able to handle the long user names?
--Pete
| |
| Bernard 2005-01-28, 2:47 am |
| This should be client side issue (IE) and not Ftp server.
take look at ftp log file and see what username IE is sending.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Pete" <Pete@discussions.microsoft.com> wrote in message
news:92C44E9A-9005-456A-8C7C-B2F9596C49FA@microsoft.com...
> Folks,
>
> I'm confounded by some problems with MS FTP and especially using IE.
>
> Try this as an experiment:
>
> 1. Set up an Active Directory user account that is greater than 20
> characters (up to 30 characters), not including the UPN suffix. For
> example
> (e.g., christopher.abbazabba123456789@mydomain.com)
>
> 2. Set up a virtual directory to isolate the user using their user name
> (christopher.abbazabba123456789@mydomain.com).
>
> 3. Set up Modify permissions for the user on that folder.
>
> 4. Log in to an FTP server from the command line. You should be able to
> get
> in.
>
> 4. Then try any other FTP program (except Microsoft Internet Explorer).
> You
> should get in fine.
>
> 5. Now try Internet Explorer. It seems to not recognize the
> "@mydomain.com"
> UPN suffix and will not allow access to the FTP site.
>
> Is this by design, or am I experiencing an anomaly? What's the deal with
> not
> being able to handle the long user names?
>
> --Pete
| |
|
| Hi Bernard,
Do you mean check the FTP log file on the client side? Where would I find
that in IE?
On the server site, I checked the FTP log and performed a test. Once I
logged in using IE and once I logged in using WS-FTP LE. In both cases, I see
no difference between the log entries for a user who logs in via IE and a
user that logs in via another FTP program. In both cases, the user can
connect, and I get "positive" messages from the FTP server
USER myuser@mydomain.com 331
PASS 230
Only problem is that in IE, I don't see the remote files and can't upload to
the folder, whereas in WS-FTP LE, I can see the remote files and can upload
successfully.
So in both cases, it is connecting, but in IE, it's not getting through to
the correct folder.
"Bernard" wrote:
> This should be client side issue (IE) and not Ftp server.
> take look at ftp log file and see what username IE is sending.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Pete" <Pete@discussions.microsoft.com> wrote in message
> news:92C44E9A-9005-456A-8C7C-B2F9596C49FA@microsoft.com...
>
>
>
| |
| Bernard 2005-02-01, 2:47 am |
| I meant server site, looking at the log entries you posted, it shows IE
logged in to ftp. what's next ? have to depend on the other log entires, as
this didn't tell any problem with IE nor ftp server.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Pete" <Pete@discussions.microsoft.com> wrote in message
news:F523A0E4-D150-4499-ABCD-9500D3CF97A1@microsoft.com...[vbcol=seagreen]
> Hi Bernard,
>
> Do you mean check the FTP log file on the client side? Where would I find
> that in IE?
>
> On the server site, I checked the FTP log and performed a test. Once I
> logged in using IE and once I logged in using WS-FTP LE. In both cases, I
> see
> no difference between the log entries for a user who logs in via IE and a
> user that logs in via another FTP program. In both cases, the user can
> connect, and I get "positive" messages from the FTP server
>
> USER myuser@mydomain.com 331
> PASS 230
>
> Only problem is that in IE, I don't see the remote files and can't upload
> to
> the folder, whereas in WS-FTP LE, I can see the remote files and can
> upload
> successfully.
>
> So in both cases, it is connecting, but in IE, it's not getting through to
> the correct folder.
>
> "Bernard" wrote:
>
| |
|
| Thanks again for your help Bernard.
Here's what happens in the FTP log file.
USER and PASS go correctly. As soon as I try to drag & drop a sample text
file from my desktop to the server, looks like the connection is quit (QUIT),
and the transfer tries to happen as an anonymous user (USER anonymous). On
the client side (in IE FTP), twhen I drag & drop, I get prompted to re-enter
the user name and password, which I do & click OK, but nothing happens: the
file is not uploaded, nor do I get a further error message.
18:49:48 USER myuser@mydomain.com 331 0 0 -
18:49:48 myuser@mydomain.com [95865]PASS - 230 0 0 -
18:49:53 [95869]QUIT - 220 0 0 -
18:50:17 anonymous [95870]USER anonymous 331 0 0 -
18:50:17 [95870]PASS IEUser@ 530 0 0 -
18:50:28 myuser@mydomain.com [95871]USER myuser@mydomain.com 331 0 0 -
18:50:28 myuser@mydomain.com [95871]PASS - 230 0 0 -
Thanks,
Pete
"Bernard" wrote:
> I meant server site, looking at the log entries you posted, it shows IE
> logged in to ftp. what's next ? have to depend on the other log entires, as
> this didn't tell any problem with IE nor ftp server.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Pete" <Pete@discussions.microsoft.com> wrote in message
> news:F523A0E4-D150-4499-ABCD-9500D3CF97A1@microsoft.com...
>
>
>
| |
| Bernard 2005-02-02, 7:47 am |
| You should look for log entry with [95865] connection id.
that's other user connection [95869].
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Pete" <Pete@discussions.microsoft.com> wrote in message
news:881E5FCC-0DAA-4C10-8E96-E427CD7C879F@microsoft.com...[vbcol=seagreen]
> Thanks again for your help Bernard.
>
> Here's what happens in the FTP log file.
>
> USER and PASS go correctly. As soon as I try to drag & drop a sample text
> file from my desktop to the server, looks like the connection is quit
> (QUIT),
> and the transfer tries to happen as an anonymous user (USER anonymous). On
> the client side (in IE FTP), twhen I drag & drop, I get prompted to
> re-enter
> the user name and password, which I do & click OK, but nothing happens:
> the
> file is not uploaded, nor do I get a further error message.
>
> 18:49:48 USER myuser@mydomain.com 331 0 0 -
> 18:49:48 myuser@mydomain.com [95865]PASS - 230 0 0 -
> 18:49:53 [95869]QUIT - 220 0 0 -
> 18:50:17 anonymous [95870]USER anonymous 331 0 0 -
> 18:50:17 [95870]PASS IEUser@ 530 0 0 -
> 18:50:28 myuser@mydomain.com [95871]USER myuser@mydomain.com 331 0 0 -
> 18:50:28 myuser@mydomain.com [95871]PASS - 230 0 0 -
>
> Thanks,
> Pete
>
> "Bernard" wrote:
>
| |
|
| Hi Bernard,
I don't understand. The log file excerpt below is exactly (without IP
addresses & other comments) how it displays in my FTP log. There are only 2
log entries for [95865]. I believe the [95869] and [95870] are being caused
when I try to drag and drop a file from my desktop into the FTP site in IE. I
am then prompted again by IE for my FTP user name and password, and then it
quits again. I am able to verify that [95865] and [95870] are bein initiated
by the same IP address (i.e., my computer making the FTP requests).
--Pete
"Bernard" wrote:
> You should look for log entry with [95865] connection id.
> that's other user connection [95869].
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Pete" <Pete@discussions.microsoft.com> wrote in message
> news:881E5FCC-0DAA-4C10-8E96-E427CD7C879F@microsoft.com...
>
>
>
| |
| Bernard 2005-02-03, 2:48 am |
| Ok. but you are already logged on, why would IIS FTP prompt for login again
?
if based on the log after pass 230, there should be some 'activity', instead
of a QUIT with different connection id. it mess everythings up. Do you see
where I'm going ? we are trying to see what's wrong via the log file, but
the log file seems 'weird' itself.
Anyway, just a side topic. IE sux when it comes to ftp 
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Pete" <Pete@discussions.microsoft.com> wrote in message
news:0500721E-8A50-4E83-8C3D-B628764895B0@microsoft.com...[vbcol=seagreen]
> Hi Bernard,
>
> I don't understand. The log file excerpt below is exactly (without IP
> addresses & other comments) how it displays in my FTP log. There are only
> 2
> log entries for [95865]. I believe the [95869] and [95870] are being
> caused
> when I try to drag and drop a file from my desktop into the FTP site in
> IE. I
> am then prompted again by IE for my FTP user name and password, and then
> it
> quits again. I am able to verify that [95865] and [95870] are bein
> initiated
> by the same IP address (i.e., my computer making the FTP requests).
>
> --Pete
>
>
>
> "Bernard" wrote:
>
| |
|
| Hi Bernard,
I'm using W3C Extended Log File Format for my FTP loggin, should I be using
something else?
The funny thing is, I'm almost 100% positive this is attributed to user
names & virtual folders.
Say I have a AD user account pat.smith@mydomain.com. This is their
userPrincipalName, and pat.smith is their sAMAccountName.
Right now I have a virtual FTP folder called "pat.smith@mydomain.com" to
point the user to the correct physical FTP folder
(c:\inetpub\ftproot\patsmith).
If I rename the virtual FTP folder to "pat.smith" (same as the
sAMAccountName) and have the user logon with their sAMAccountName
(pat.smith), they can connect to FTP via IE with no problems whatsoever.
Yeah, IE FTP does suck. But we're trying to make sure our clients can access
FTP via any possible method (FrontPage, Dreamweaver, IE, other clients,
commandline, etc). Funny thing is, it's only IE FTP that's not working right.
--Pete
"Bernard" wrote:
> Ok. but you are already logged on, why would IIS FTP prompt for login again
> ?
> if based on the log after pass 230, there should be some 'activity', instead
> of a QUIT with different connection id. it mess everythings up. Do you see
> where I'm going ? we are trying to see what's wrong via the log file, but
> the log file seems 'weird' itself.
>
> Anyway, just a side topic. IE sux when it comes to ftp
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Pete" <Pete@discussions.microsoft.com> wrote in message
> news:0500721E-8A50-4E83-8C3D-B628764895B0@microsoft.com...
>
>
>
| |
| Bernard 2005-02-04, 7:51 am |
| 1) Yes, I used W3C format for all services.
2) "If I rename the virtual FTP folder to "pat.smith" "
I think that should be the way, rather than pat.smith@mydomain.com as the
virtual folder name.
if using pat.smith, everything working like other ftp clients?
I'm still curious about the ftp log entries..
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Pete" <Pete@discussions.microsoft.com> wrote in message
news:5E3E903F-1AEF-4F1D-B866-4EC6ED3D08BE@microsoft.com...[vbcol=seagreen]
> Hi Bernard,
>
> I'm using W3C Extended Log File Format for my FTP loggin, should I be
> using
> something else?
>
> The funny thing is, I'm almost 100% positive this is attributed to user
> names & virtual folders.
>
> Say I have a AD user account pat.smith@mydomain.com. This is their
> userPrincipalName, and pat.smith is their sAMAccountName.
>
> Right now I have a virtual FTP folder called "pat.smith@mydomain.com" to
> point the user to the correct physical FTP folder
> (c:\inetpub\ftproot\patsmith).
>
> If I rename the virtual FTP folder to "pat.smith" (same as the
> sAMAccountName) and have the user logon with their sAMAccountName
> (pat.smith), they can connect to FTP via IE with no problems whatsoever.
>
> Yeah, IE FTP does suck. But we're trying to make sure our clients can
> access
> FTP via any possible method (FrontPage, Dreamweaver, IE, other clients,
> commandline, etc). Funny thing is, it's only IE FTP that's not working
> right.
>
> --Pete
>
> "Bernard" wrote:
>
| |
|
| Well, pat.smith does work. BUT, say I want to use UPN logon. Microsoft does
say it's OK to use UPN logon with Microsoft FTP (see:
http://support.microsoft.com/defaul...b;EN-US;Q313820), so that
shouldn't be an issue.
To use UPN logon via FTP, you MUST specify user names which include the UPN
suffix, such as "pat.smith@mydomain.com". This is because if you have a user
name of more than 20 characters (i.e., a user name that is longer than the
sAMAccountName), a user will NOT be able to logon to Microsoft FTP without
this style of logon name.
The rule with MS FTP logon redirection seems to be that the "user name must
match the virtual folder name" and only then will the user be directed to the
correct physical folder as specified by the virtual directory. I have tested
this fairly extensively; if you can give me a scenario/example to disprove
this, I'd like to see it.
In any case, the virtual folder redirection using the name
"pat.smith@mydomain.com" DOES work correctly with all FTP clients except for
IE. As I mentioned before, no problems from the command line, WS-FTP or
Dreamweaver, so I believe it should work everywhere else.
The more I look into this, the more it seems to be an IE FTP "bug".
"Bernard" wrote:
> 1) Yes, I used W3C format for all services.
> 2) "If I rename the virtual FTP folder to "pat.smith" "
> I think that should be the way, rather than pat.smith@mydomain.com as the
> virtual folder name.
> if using pat.smith, everything working like other ftp clients?
>
> I'm still curious about the ftp log entries..
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Pete" <Pete@discussions.microsoft.com> wrote in message
> news:5E3E903F-1AEF-4F1D-B866-4EC6ED3D08BE@microsoft.com...
>
>
>
| |
| Bernard 2005-02-14, 2:51 am |
| Sorry, was on a long Chinese New Year break.
I have the same feeling like i stated in my first reply. IE doesn't work
'well' with ftp.
you might want to try IE newsgroup, maybe expert there know some workaround
on this.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Pete" <Pete@discussions.microsoft.com> wrote in message
news:7DA2683A-3FEA-425E-9C3B-D48C099BC0B6@microsoft.com...[vbcol=seagreen]
> Well, pat.smith does work. BUT, say I want to use UPN logon. Microsoft
> does
> say it's OK to use UPN logon with Microsoft FTP (see:
> http://support.microsoft.com/defaul...b;EN-US;Q313820), so that
> shouldn't be an issue.
>
> To use UPN logon via FTP, you MUST specify user names which include the
> UPN
> suffix, such as "pat.smith@mydomain.com". This is because if you have a
> user
> name of more than 20 characters (i.e., a user name that is longer than the
> sAMAccountName), a user will NOT be able to logon to Microsoft FTP without
> this style of logon name.
>
> The rule with MS FTP logon redirection seems to be that the "user name
> must
> match the virtual folder name" and only then will the user be directed to
> the
> correct physical folder as specified by the virtual directory. I have
> tested
> this fairly extensively; if you can give me a scenario/example to disprove
> this, I'd like to see it.
>
> In any case, the virtual folder redirection using the name
> "pat.smith@mydomain.com" DOES work correctly with all FTP clients except
> for
> IE. As I mentioned before, no problems from the command line, WS-FTP or
> Dreamweaver, so I believe it should work everywhere else.
>
> The more I look into this, the more it seems to be an IE FTP "bug".
>
>
>
>
>
> "Bernard" wrote:
>
|
|
|
|
|