|
Home > Archive > IIS FTP Server > November 2006 > Provide each AD user with individual FTP folder
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Provide each AD user with individual FTP folder
|
|
| yevgeller@gmail.com 2006-11-03, 1:18 pm |
| Hello All,
I have Win2K Server with IIS 5.0, and I need each Active Directory user
in the domain to be provided with an ftp folder for which he/she should
only have access. How do I do that?
Thank you.
| |
|
|
| yevgeller@gmail.com 2006-11-07, 1:29 am |
| Bernard,
Thank you for your reply. It looked like
http://support.microsoft.com/?id=239120 was talking exactly about what
I needed, but once I got all that set up, I could not figure out how to
access ftp from client. I tried browsing to ftp://server/ (no luck), as
well as using the ftp from command line (when I typed in ftp
server_name, it asked for login and pass. I used user's login and pass
from AD, and it did not accept it).
Oh well, I thought, and set up virtual directories in IIS (5.0), and
created folders for each user (with their matching name) in /ftproot,
and set permissions in the "Security" tab. That did not quite work:
When I have the anonymous access allowed, all users can access folders
of other users (I don't want that). Ok, I had "Everyone" allowed to
read in each of the subfolders. I removed "Everyone" from the users
(Security tab, Permissions), and nobody can access subfolders. Ok, I
disallow anonymous access to the ftp site (it is called "Default FTP
site" if that matters), then every time I browse to ftp://server_name ,
a box pops up asking to enter credentials. Oh, and I added AD users to
the operators of that ftp site. What does it want?
Besides advising on what I am doing wrong, could anybody also answer
the following: why does the ftp want to use anonymous access wherever
possible instead of authenticating against AD. Is that because AD
authentication is insecure because it sends password as clear text?
Thank you!
Bernard Cheah [MVP] wrote:[vbcol=seagreen]
> IIS 5 doesn't offer any user isolation feature. so what you can do is create
> ftp folder for each user and control access by manipulating the NTFS
> permissions. Some reading...
>
> HOW TO: Limit FTP Access in Windows 2000
> http://support.microsoft.com/?id=318712
> How to create a security-enhanced FTP directory that uses Password
> Authentication
> http://support.microsoft.com/?id=239120
> Information About the IIS File Transmission Protocol (FTP) Service
> http://support.microsoft.com/?id=283679
> How To Set Up an FTP Site So That Users Log Onto Their Folders
> http://support.microsoft.com/?id=201771
> --
> Regards,
> Bernard Cheah
> http://www.iis.net/
> http://www.iis-resources.com/
> http://msmvps.com/blogs/bernard/
>
>
> <yevgeller@gmail.com> wrote in message
> news:1162579749.116983.297650@m7g2000cwm.googlegroups.com...
| |
| Bernard Cheah [MVP] 2006-11-08, 1:24 am |
| Ok.
a) post the output when you login via ftp.exe. error 530?
b) don't know add user into operator tab. that's for administrative usage.
if 530. try
Error message in IIS: "530 User <Username> cannot log in. Login failed."
http://support.microsoft.com/?id=200475
--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/
<yevgeller@gmail.com> wrote in message
news:1162865379.793664.3620@m7g2000cwm.googlegroups.com...
> Bernard,
>
> Thank you for your reply. It looked like
> http://support.microsoft.com/?id=239120 was talking exactly about what
> I needed, but once I got all that set up, I could not figure out how to
> access ftp from client. I tried browsing to ftp://server/ (no luck), as
> well as using the ftp from command line (when I typed in ftp
> server_name, it asked for login and pass. I used user's login and pass
> from AD, and it did not accept it).
>
> Oh well, I thought, and set up virtual directories in IIS (5.0), and
> created folders for each user (with their matching name) in /ftproot,
> and set permissions in the "Security" tab. That did not quite work:
>
> When I have the anonymous access allowed, all users can access folders
> of other users (I don't want that). Ok, I had "Everyone" allowed to
> read in each of the subfolders. I removed "Everyone" from the users
> (Security tab, Permissions), and nobody can access subfolders. Ok, I
> disallow anonymous access to the ftp site (it is called "Default FTP
> site" if that matters), then every time I browse to ftp://server_name ,
> a box pops up asking to enter credentials. Oh, and I added AD users to
> the operators of that ftp site. What does it want?
>
> Besides advising on what I am doing wrong, could anybody also answer
> the following: why does the ftp want to use anonymous access wherever
> possible instead of authenticating against AD. Is that because AD
> authentication is insecure because it sends password as clear text?
>
> Thank you!
>
>
> Bernard Cheah [MVP] wrote:
>
|
|
|
|
|