Re: ftp virtual folder access
- From: "Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx>
- Date: Thu, 26 Apr 2007 17:34:28 +0800
Mode 2 is user isolation with AD integration. so the path you need to set in
user AD attribute.
refer - http://msmvps.com/blogs/bernard/archive/2006/03/14/86260.aspx
And I believe you doesn't need logon locally, but you can test it out. I
tested it in normal ftp setup, it does not require logon locally. Enable
security auditing, you should able to track this.
As for the permissions, user need to have explicits ACL if you are not
granting on group level.
virtual directory is not the final or file level access restriction.
--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/
"Rodge" <Rodge@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DFA75A11-F5CD-4DA6-B255-CB42686BE794@xxxxxxxxxxxxxxxx
I am using mode 2, sorry I thought I mentioned that. I have the ftp
directory
setup as ftproot/domainname/username......but I am confused because I read
that I needed to give logon locally to have access. So, you are saying, I
can
remove the ftp users group I created in active directory from logon
locally
and access this computer from the network? Since I was having trouble with
access, I also set ntfs file permissions for each ftp user, even though I
was
under the impression that the virstual directories would take care of that
for me. Can I remove the uses from the ntfs file permissions? Also, the
directory structure for all of the websites vs. the ftp sites was setup
before I came into the picture, so what I did was move the user
directories
from wwwroot to ftproot.
"Bernard Cheah [MVP]" wrote:
There's no need to start a new thread just reply to the previous thread.
Now - you don't need logon locally rights for IIS FTP 6, it is done via
network interactive.
what ftp user isolation mode you created ? AD or local ?
do a query with adsutil.vbs
c:\inetpub\adminscripts> adsutil get msftpsvc/xxxx/UserIsolationMode
xxx is the site id.
--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/
"Rodge" <Rodge@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A7B82EF4-9167-492A-8473-71221E8AC060@xxxxxxxxxxxxxxxx
I recently migrated a webserver using windows server 2000 and IIs 5.0 to
a
new machine with windows server 2003 sp1 and IIs 6.0. The new server is
now
part of a new active directory domain, the old one was in a workgroup.
This
server is for a local isp and it hosts 10 web domains. The isp has it's
own
web domain and this isp offers internet users free webspace on their
site.
The previous setup utilized virtual directories under their domain for
both
displaying the personal web sites and ftp access. Since they were using
IIs
5.0, they did not utilize user isolation. Instead they placed the user
folders in a different directory and setup local users on the webserver
for
ftp access. Everything is working very well, except for the ftp virtual
directories. The website virtual directories are viewable on the
internet,
but users are not able to login to their personal websites. I have
setup
the
same local users that were setup on the old webserver. I have tried
using
user isolation with folders under the website's directory and I have
tried
using it without user isolation in a different directory, but every
time I
try to log into a ftp site that is using a virtual directory, I get an
event
in the webservers system event log" event id 13 from source MSFTPSVC,
user
"whoever I try" failed to log on, could not access the home directory
/. I
went as far as to share the folder out for one user, and ran a unc path
over
the internet and was able to connect fine using the user's credentials,
yet I
cannot connect through ftp, either from a command line or internet
explorer
of an ftp client. The users in question, do have the logon locally
permission. I have followed every doc I could find from Microsoft and
still
no luck. Do I need to create a/d users in the local domain?? I have no
idea
what is wrong. One thing I did note was that on the old webserver(IIs
5.0),
there was no default ftp site, it appears that they simply renamed and
configured it to be the isp's ftp site. On the new webserver, I didn't
use
the default ftp site and since it defaulted to all available ip
addresses
and
would cause all of the other sites to stop. The webserver has all of
the
ip
addresses for the websites in the nic properties and each site is
assigned
it's address in IIs.
I've tried to use filemon while trying to log in, but I honestly didn't
see
anything that would help. I have tried setting things up with ad
isolation
mode and using standard, but get the same result either way. I did add
localuser to the directory as I was supposed for isolation mode, but
that
maded no difference. I also tried iisreset.
.
- References:
- Re: ftp virtual folder access
- From: Bernard Cheah [MVP]
- Re: ftp virtual folder access
- From: Rodge
- Re: ftp virtual folder access
- Prev by Date: Re: ftp virtual folder access
- Next by Date: Re: FTP password
- Previous by thread: Re: ftp virtual folder access
- Next by thread: Re: ftp virtual folder access
- Index(es):
Relevant Pages
|
