Re: FTP External Intranet Access

---

• From: "Cliff Galiher" <cgaliher@xxxxxxxxx>
• Date: Mon, 19 Jan 2009 16:20:25 -0700

---

That has always been my interpretation (and guidance from MS) as well. Although using Filezilla does not require the creation of *active directory* users, each user in Filezilla is still a unique user as far as licensing is concerned. It just happens that each user is authenticating against an internal database instead of AD. Hence a unique CAL is still required for each user to be legal.

It'd be like trying to avoid SBS CAL's by setting up a linux LDAP server and authenticating against it instead of AD for user logons. (yes, it can be done.) Not a good idea, and not legal. If you really want to offer authenticated FTP access to external users, you should be looking at hosting the FTP server off of SBS altogether. It is both safer AND removes any licensing issues that may arise....

-Cliff


"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message news:uA#i3KheJHA.1184@xxxxxxxxxxxxxxxxxxxxxxx

'The Great Debate' continues...

_Any_ authenticated access to SBS (or any server/service on an SBS network) requires coverage by an SBS CAL, it doesn't matter what process or mechanism is used.

GET READY TO RUMBLE!!!

"Steve Burkholder" <steve.b@xxxxxxxxxxxx> wrote in message news:uMdqjfgeJHA.3520@xxxxxxxxxxxxxxxxxxxxxxx

Cliff you are right. I guess why I didn't want to approach it in this manner, is that I would have to set up a new user for every different kind of access that I wanted to implement, and I'm thinking that that would also use up a cal which I wasn't excited about. I'm not at all entirely clear if it would have or not. Going the FileZilla route doesn't seem to use any cals for as many users as you care to set up. We are too small of a shop to have the luxury of multiple servers, but I do only open the firewall to allow what activity is needed on the ftp site, then immediately close it. Otherwise, people are constantly banging on the door trying to get in.

Steve


"Cliff Galiher" <cgaliher@xxxxxxxxx> wrote in message news:848C8EA7-299D-4696-84AB-4BCD2F819FD3@xxxxxxxxxxxxxxxx

First, I want to be clear, I don't like the idea of an FTP server running on a DC....Filezilla or otherwise, so the following is no way an endorsement of doing so.

With that said, I did want to reply specifically to the ability to allow read vs read/write that Steve brought up. Since IIS (and thus the FTP server in IIS) uses AD accounts, it also adheres to the ACL's set at the file level. So, to set whether someone can read or write in Filezilla, you go through the filezilla interface. In contrast, you would just set normal file permissions on the files and directories that comprise the FTP repository on IIS and the OS will enforce those permissions regardless of method of access...direct, SMB, or FTP via IIS.

So yes, it can be done with the IIS FTP server. Just for those that wanted to know. :)

-Cliff


"Steve Burkholder" <steve.b@xxxxxxxxxxxx> wrote in message news:#q$jlfXeJHA.2112@xxxxxxxxxxxxxxxxxxxxxxx

Another reason that Filezilla is so good, is that it allows you to easilly set different levels of access. A very few of our FTP users need the ability to write. Most need read only access. And most only need read only access to limited data. With Filezilla, this can be accomplished easily and I could find no way to do this with the standard FTP server.

Steve

.

---

• Follow-Ups:
  • Re: FTP External Intranet Access
    • From: Brian Cryer

• References:
  • FTP External Intranet Access
    • From: Liam
  • Re: FTP External Intranet Access
    • From: Cris Hanna [SBS MVP]
  • Re: FTP External Intranet Access
    • From: Brian Cryer
  • Re: FTP External Intranet Access
    • From: Cliff Galiher
  • Re: FTP External Intranet Access
    • From: Steve Burkholder
  • Re: FTP External Intranet Access
    • From: SuperGumby [SBS MVP]

• Prev by Date: Re: Moving Users shared Folders to a different drive
• Next by Date: automatically adding shared printers on SBS2008 server
• Previous by thread: Re: FTP External Intranet Access
• Next by thread: Re: FTP External Intranet Access
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: EventID 529 Logged 1723 Times in one Day! ... I see this on my machines that run an FTP server. ... Logon Process: IIS ... (microsoft.public.windows.server.sbs) Re: Locked out users still can ftp ... >time that IIS will cache these values is configurable. ... >>> login via ftp. ... >> think you would need to use a third party FTP server to ... (microsoft.public.inetserver.iis.security) Re: Ftp server a bit more secure ? ... Ftp server a bit more secure? ... it sounds like you're not utilizing IIS in any manner that makes IIS ... To remove the domain user group, I set the Web designer group as ... (Focus-Microsoft) Re: Cannot connect to FTP server ... Well i read the article you sent me but I am using IIS 5.1 on windows xp. ... For IIS FTP, ... Select the 'enable folder view for ftp site'. ... C:/>ftp.exe my ftp server ip address ... (microsoft.public.inetserver.iis.ftp) Re: FTP External Intranet Access ... Since IIS (and thus the FTP ... So, to set whether someone can read or write in Filezilla, ... it can be done with the IIS FTP server. ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)