Re: FTP problem with more than 2 users configured
- From: "Ynte Broekhuizen" <ynte@xxxxxxxx>
- Date: Tue, 17 May 2005 01:25:32 +0200
Thanks for your suggestions Bernard.
I did as you said. I created a copy of the user that can log in, and I
also created a new user from scratch and set all attributes/groups/etc
the same. I even gave them the same password. I also made sure their
homedirs/permissions were similar to the first user. And lastly, I set
their FTPRoot and FTPDir AD attribs to match these directories.
Note: all users in my 'FTP Users' group have local log on and network
access rights.
The result: Neither of these 2 new users could log in. Both got 530
homedir inaccessable.
After this I ran Filemon and set it to filter on "inetinfo".
Logging on with the working user gave something like this:
12:55:34 AM inetinfo.exe:3816 OPEN C:\ftp\homes\DOMAIN1\user1\ SUCCESS
Options: Open Access: All
12:55:34 AM inetinfo.exe:3816 QUERY INFORMATION
E:\ftp\homes\DOMAIN1\user1\ BUFFER OVERFLOW FileFsVolumeInformation
12:55:34 AM inetinfo.exe:3816 QUERY INFORMATION
E:\ftp\homes\DOMAIN1\user1\ BUFFER OVERFLOW FileAllInformation
12:55:35 AM inetinfo.exe:3816 CLOSE C:\ftp\homes\DOMAIN1\user1\ SUCCESS
Logging on with the two new users gave... nothing! Not a single event
showed in Filemon.
This indicated to me that the problem lies not in the file/folder
permissions. To double check this I created a folder and set it to deny
access to user1 (the one that can log in).
I logged on thru ftp and tried to access this folder. Filemon gave me
(as it should):
12:59:39 AM inetinfo.exe:3816 OPEN C:\ftp\testdir ACCESS DENIED
DOMAIN1\test1
12:59:39 AM inetinfo.exe:3816 OPEN C:\ftp\testdir ACCESS DENIED
DOMAIN1\test1
So, I think you'll agree that file permissions are not the issue here.
Any thoughts?
--
Ynte Broekhuizen
In article <uLxzFLfWFHA.2796@xxxxxxxxxxxxxxxxxxxx>, Bernard
<qbernard@xxxxxxxxxxxxxxxxxxx> wrote:
> If you got 530, can't login. then it might be due to logon policy or
> account disabled, locked up, etc.
> For home directory inaccessible, mostly is due to permissions...
>
> if you 'clone' that user to another account, you able to login?
> how about recreate the account ?
>
> have you try filemon (sysinternals.com) ?
>
>
> "Ynte Broekhuizen" <ynte@xxxxxxxx> wrote in message
> news:118ff8lhrl3770b@xxxxxxxxxxxxxxxxxxxxx
>> I'm having the exact same problem as the original poster. I'm using
>> IIS 6 on Windows Server 2003.
>>
>> One user can log on. All the others get "530 User test1 cannot log
>> in, home directory inaccessible."
>>
>> All permissions and AD attributes FTProot and FTPdir are set
>> correctly as far as I can see. A second server in regular (non-AD)
>> user isolation mode, mapped to the same physical root dir works
>> without any problem; all users can log on to their respective
>> homedirs.
>>
>> And there's another funny thing... in the past user isolation using
>> Active Directory HAS worked perfectly for all users. The problem
>> began after the installation of Exchange Server 2003.
>>
>> Exchange Server modifies the group policy to restrict local log on
>> and network access rights. I suspect this is somehow the cause,
>> altough it doesn't explain why one user can still log on. This user
>> is not in Administrators, nor any other extended rights group.
>>
>> Also, I have manually enabled 'local log on' and 'access this
>> computer from the network' for other users with the Group Policy
>> Editor. This didn't change anything. These users still get the
>> mentioned 530 error.
>>
>> Did anybody find the solution to this very strange problem?
>>
>> I'm ready to give up and settle for regular user isolation...
>>
>> --
>> Ynte Broekhuizen
>>
>> On Bernard wrote:
>>> Thanks for the update - if you have the outcome, pls let me know.
>>>
>>> Cheers.
>>>
>>>
>>> "Richard L Rosenheim" <richard@xxxxxxx> wrote in message
>>> news:ewsopawNFHA.2580@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Oh, it definitely doesn't make sense.
>>>>
>>>> I have tried creating several different users, all with the same
>>>> results. I'm also in contact with Microsoft attempting to resolve
>>>> this issue. I was
>>>> posting in this newsgroup in case someone else had encountered the
>>>> same problem.
>>>>
>>>> Thanks for taking the time to reply,
>>>>
>>>> Richard Rosenheim
>>>>
>>>>
>>>>
>>>> "Bernard" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in message
>>>> news:%23AadjrmNFHA.3560@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> Well, it just doesn't make sense right ? so for now, I will try to
>>>>> create a new user and see if the same thing happen. And bottom
>>>>> line is I think it's
>>>>> related NTFS permissions and filemon should show you more detail
>>>>> as of why....
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Bernard Cheah
>>>>> http://www.tryiis.com/
>>>>> http://support.microsoft.com/
>>>>> http://www.msmvps.com/bernard/
>>>>>
>>>>>
>>>>> "Richard L Rosenheim" <richard@xxxxxxx> wrote in message
>>>>> news:%23Cd41ZcNFHA.2252@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> I ran filemon on the ftp server (SBS 2003). The home folder is
>>>>>> on the local
>>>>>> machine. There's is nothing special about the user. That's what
>>>>>> has made this problem so baffling. The user was created the same
>>>>>> was as the first two users.
>>>>>>
>>>>>> Richard Rosenheim
>>>>>>
>>>>>>
>>>>>> "Bernard" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in message
>>>>>> news:eMO5KpZNFHA.2252@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>> are you running filemon on the ftp server ?
>>>>>>> what so special about this user ? is the home folder on local
>>>>>>> machine or remote ?
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>> Bernard Cheah
>>>>>>> http://www.tryiis.com/
>>>>>>> http://support.microsoft.com/
>>>>>>> http://www.msmvps.com/bernard/
>>>>>>>
>>>>>>>
>>>>>>> "Richard L Rosenheim" <richard@xxxxxxx> wrote in message
>>>>>>> news:e7THk7YNFHA.3668@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>>> We tried that. It didn't show anything helpful.
>>>>>>>>
>>>>>>>> Richard Rosenheim
>>>>>>>>
>>>>>>>> "Bernard" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in message
>>>>>>>> news:%23bbECn0MFHA.580@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>>>> I would try filemon (sysinternals.com) and trace 'where' IIS
>>>>>>>>> ftp is sending the user. It will also show if there's
>>>>>>>>> permission related error msgs.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Regards,
>>>>>>>>> Bernard Cheah
>>>>>>>>> http://www.tryiis.com/
>>>>>>>>> http://support.microsoft.com/
>>>>>>>>> http://www.msmvps.com/bernard/
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "Richard L Rosenheim" <richard@xxxxxxx> wrote in message
>>>>>>>>> news:%23d3hVnpMFHA.4028@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>>>>> I'm trying to configure the FTP portion of a SBS 2003
>>>>>>>>>> install.
>>>>>>>>>>
>>>>>>>>>> I'm using AD User Isolation. The first two users that I
>>>>>>>>>> create and configure (using the IISFTP /SetADProp script)
>>>>>>>>>> works fine. But, I
>>>>>>>>>> can't
>>>>>>>>>> get
>>>>>>>>>> more than two users to work. Any additional users that I
>>>>>>>>>> create, I get a
>>>>>>>>>> "503 ... home directory inaccessible" error message when they
>>>>>>>>>> attempt
>>>>>>>>>> to
>>>>>>>>>> establish a FTP connection. The first two users still works
>>>>>>>>>> fine.
>>>>>>>>>>
>>>>>>>>>> I have even done a complete reinstall in case something got
>>>>>>>>>> screwed up the
>>>>>>>>>> first time. I still getting the same issues.
>>>>>>>>>>
>>>>>>>>>> All that I have installed is SBS 2003 itself, the FTP add-on
>>>>>>>>>> to IIS, and
>>>>>>>>>> the
>>>>>>>>>> patches/updates from WindowsUpdate. No third-party software
>>>>>>>>>> has been
>>>>>>>>>> installed.
>>>>>>>>>>
>>>>>>>>>> Has anyone else experienced this problem? Anyone know of any
>>>>>>>>>> solutions,
>>>>>>>>>> workarounds?
>>>>>>>>>>
>>>>>>>>>> TIA,
>>>>>>>>>>
>>>>>>>>>> Richard Rosenheim
.
- Follow-Ups:
- Re: FTP problem with more than 2 users configured
- From: Bernard
- Re: FTP problem with more than 2 users configured
- References:
- Re: FTP problem with more than 2 users configured
- From: Ynte Broekhuizen
- Re: FTP problem with more than 2 users configured
- From: Bernard
- Re: FTP problem with more than 2 users configured
- Prev by Date: How can I create a blind upload ftp folder?
- Next by Date: Re: How can I create a blind upload ftp folder?
- Previous by thread: Re: FTP problem with more than 2 users configured
- Next by thread: Re: FTP problem with more than 2 users configured
- Index(es):
Relevant Pages
|
