|
Home > Archive > IIS FTP Server > September 2006 > FTP Server in DMZ
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| I have been tasked with moving our current FTP server into a DMZ. Currently
the FTP server is setup on a member server in our domain and we use security
groups in Active Directory to restrict access to certain folders in the FTP
site. We do not allow anonymouse access.
My question is how do I configure a new server in the DMZ that would still
allow for the security groups to work? We would still need the users to
login with thier domain accounts.
I would appreciate any info you could give me.
| |
| Jeff Cochran 2006-09-16, 1:42 pm |
| On Tue, 12 Sep 2006 09:52:01 -0700, Alan
<Alan@discussions.microsoft.com> wrote:
>I have been tasked with moving our current FTP server into a DMZ. Currently
>the FTP server is setup on a member server in our domain and we use security
>groups in Active Directory to restrict access to certain folders in the FTP
>site. We do not allow anonymouse access.
>
>My question is how do I configure a new server in the DMZ that would still
>allow for the security groups to work? We would still need the users to
>login with thier domain accounts.
>
>I would appreciate any info you could give me.
Configure your firewall to pass AD authentication between the DMZ and
LAN. See your firewall docs and an AD group for help there.
Jeff
| |
|
| Jeff,
Does that open up security risks that the DMZ would normally eliminate?
Should the FTP server be a stand alone server (workgroup) or would you set
it up as a member server in the domain?
Thanks for your help,
Alan
"Jeff Cochran" wrote:
> On Tue, 12 Sep 2006 09:52:01 -0700, Alan
> <Alan@discussions.microsoft.com> wrote:
>
>
> Configure your firewall to pass AD authentication between the DMZ and
> LAN. See your firewall docs and an AD group for help there.
>
> Jeff
>
| |
| Bernard Cheah [MVP] 2006-09-16, 1:42 pm |
| Yes, but if this is the requirement, then you have to live with it.
if you need AD auth, it has to be part of the domain.
--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/
"Alan" <Alan@discussions.microsoft.com> wrote in message
news:EC733EB6-79EB-4BE4-BEF5-C7192B4D451C@microsoft.com...[vbcol=seagreen]
> Jeff,
> Does that open up security risks that the DMZ would normally eliminate?
>
> Should the FTP server be a stand alone server (workgroup) or would you set
> it up as a member server in the domain?
>
> Thanks for your help,
> Alan
>
> "Jeff Cochran" wrote:
>
|
|
|
|
|