| Groups | Blog | Home |
iis ftp : Isolate users using Active Directory
Help, I can't figure this out! I want to set up an FTP site that I can
create specific directories for specific clients. My directory structure looks like this: F:/FTP Clients clientA clientB clientC I only want clients to be able to access their own folders. I read through the differnet options and I thought that this is what the 'Isolate users using Active Directory' would allow me to do. But I can't get it to work. Here's what I've done. 1. Created users for each folder (userA, userB, userC). Given them NTFS permissions to their folders (clientA, clientB, clientC). 2. Installed IIS/FTP. 3. Created an FTP site using the 'Isolate users using Active Directory' using the IP address and a limited privelage user (bubba). Problems/Questions By entering 'bubba' in the setup, how do I log on with userA to get to the clientA folder? Each time I go to my website ftp://ftp.mydomain.com I get the 'Log on as' box and it says 'Either the server does not allow anonymous logins or the e-mail address was not accepted'. Email address not accepted? Where does that come from. If I enter clientA and the password it just returns to the above problem. I tried to run the adsi command to set the users home directory but that didn't seem to work either. It keeps telling me that userA cannot be found in Active Directory even though it IS there. Any help would be greatly appreciated. Thanks!
You need to use iisftp.vbs to set the user directory, refer
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/66cf2a1d-26f4-47f5-b4ff-af4011cdeffb.mspx?mfr=true you can also try this simple tool from Chris to help you with above task. http://blog.crowe.co.nz/archive/2006/03/09/594.aspx -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Mr. Rob" <Mr. Rob@discussions.microsoft.com> wrote in message news:C2269EC7-B438-4258-8DE4-5B822F3A87C8@microsoft.com... > Help, I can't figure this out! I want to set up an FTP site that I can > create specific directories for specific clients. My directory structure > looks like this: > > F:/FTP > Clients > clientA > clientB > clientC > > I only want clients to be able to access their own folders. I read through > the differnet options and I thought that this is what the 'Isolate users > using Active Directory' would allow me to do. But I can't get it to work. > > Here's what I've done. > > 1. Created users for each folder (userA, userB, userC). Given them NTFS > permissions to their folders (clientA, clientB, clientC). > 2. Installed IIS/FTP. > 3. Created an FTP site using the 'Isolate users using Active Directory' > using the IP address and a limited privelage user (bubba). > > Problems/Questions > > By entering 'bubba' in the setup, how do I log on with userA to get to the > clientA folder? Each time I go to my website ftp://ftp.mydomain.com I get > the > 'Log on as' box and it says 'Either the server does not allow anonymous > logins or the e-mail address was not accepted'. Email address not > accepted? > Where does that come from. If I enter clientA and the password it just > returns to the above problem. > > I tried to run the adsi command to set the users home directory but that > didn't seem to work either. It keeps telling me that userA cannot be found > in > Active Directory even though it IS there. > > Any help would be greatly appreciated. > > Thanks! > >
Thanks for the links Bernard. The tool by Chris works great. When I setup
option three it asked me for a user and password. What is that used for exactly? If I go to my ftp site ftp://ftp.mydomain.com what user do I enter? I'm assuming that if I enter userA and that user's home FTP directory is clientA then they would be navigated to that folder. Thanks for your help. [quoted text, click to view] "Bernard Cheah [MVP]" wrote:
> You need to use iisftp.vbs to set the user directory, refer > http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/66cf2a1d-26f4-47f5-b4ff-af4011cdeffb.mspx?mfr=true > > you can also try this simple tool from Chris to help you with above task. > http://blog.crowe.co.nz/archive/2006/03/09/594.aspx > > -- > Regards, > Bernard Cheah > http://www.iis.net/ > http://www.iis-resources.com/ > http://msmvps.com/blogs/bernard/ > > > "Mr. Rob" <Mr. Rob@discussions.microsoft.com> wrote in message > news:C2269EC7-B438-4258-8DE4-5B822F3A87C8@microsoft.com... > > Help, I can't figure this out! I want to set up an FTP site that I can > > create specific directories for specific clients. My directory structure > > looks like this: > > > > F:/FTP > > Clients > > clientA > > clientB > > clientC > > > > I only want clients to be able to access their own folders. I read through > > the differnet options and I thought that this is what the 'Isolate users > > using Active Directory' would allow me to do. But I can't get it to work. > > > > Here's what I've done. > > > > 1. Created users for each folder (userA, userB, userC). Given them NTFS > > permissions to their folders (clientA, clientB, clientC). > > 2. Installed IIS/FTP. > > 3. Created an FTP site using the 'Isolate users using Active Directory' > > using the IP address and a limited privelage user (bubba). > > > > Problems/Questions > > > > By entering 'bubba' in the setup, how do I log on with userA to get to the > > clientA folder? Each time I go to my website ftp://ftp.mydomain.com I get > > the > > 'Log on as' box and it says 'Either the server does not allow anonymous > > logins or the e-mail address was not accepted'. Email address not > > accepted? > > Where does that come from. If I enter clientA and the password it just > > returns to the above problem. > > > > I tried to run the adsi command to set the users home directory but that > > didn't seem to work either. It keeps telling me that userA cannot be found > > in > > Active Directory even though it IS there. > > > > Any help would be greatly appreciated. > > > > Thanks! > > > > > >
Hi Bernard,
You must be an IIS god because whenever I do a search for the problems I'm having I always see the name 'Bernard'. I still can't get this to work. I've started over (removed IIS and re-installed it). Here's what I've done. 1. I've created a user (frodo) with minimal privelages (domain users) 2. Granted 'frodo' log on locally privelages 3. I've created user accounts for Isolated User Access (userA, userB and userC) 4. I've created a folder structure on my F: drive that looks like this: F:\Clients clientA clientB clientC 5. Set NTFS permissions on folders where userA has access to clientA, userB to clientB and userC to clientC. 6. Installed IIS/FTP 7. Created new FTP site with User Isolation (option 3) 8. Used 'frodo' as my user in setup 9. Downloaded and ran the tool for setting home directories (nice utility) 10. Successfully ran the adsi commands: adsutil set /msftpsvc/722635/AllowAnonymous TRUE adsutil set /msftpsvc/722635/AnonymousOnly FALSE adsutil set /msftpsvc/722635/AnonymousUserName MyDomain\LowPrivUser adsutil set /msftpsvc/722635/AnonymousUserPass password 11. Stopped/Started IIS services 12. Went to my ftp url ftp://ftp.mydomain.com RESULT On one computer I get 'Internet Explorer cannot display the webpage'. On another computer (the server) I get a popup that says: "Windows cannot access this folder. Make sure you typed the file name correctly and that you have permission to access folder. Details: 220 ServU FTP-Server v2.5n for WinSock ready... 530 Sorry, no ANONYMOUS access allowed" I can't seem to get past that point. Help! Thanks,
Errrr..... before we going to solve your AD user issue. just to check what
FTP server you using? From the output you posted - [quoted text, click to view] > 220 ServU FTP-Server v2.5n for WinSock ready... > 530 Sorry, no ANONYMOUS access allowed" this is ServU ftp server and it is configured not to anonymous server....... you sure you have iis ftp setup and connecting to the correct ftp server? Next, in step 8, during the ftp wizard creation. the user you specify must be a AD users that have domain access to the AD objects. typically, I will put domain administrators. but not the ftp user. -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Mr. Rob" <MrRob@discussions.microsoft.com> wrote in message news:00627184-9DB4-4149-AF20-E1ACF3485404@microsoft.com... > Hi Bernard, > > You must be an IIS god because whenever I do a search for > the problems I'm having I always see the name 'Bernard'. > > I still can't get this to work. > > I've started over (removed IIS and re-installed it). > > Here's what I've done. > > 1. I've created a user (frodo) with minimal privelages (domain users) > 2. Granted 'frodo' log on locally privelages > 3. I've created user accounts for Isolated User Access (userA, userB and > userC) > 4. I've created a folder structure on my F: drive that looks like this: > > F:\Clients > clientA > clientB > clientC > > 5. Set NTFS permissions on folders where userA has access to clientA, > userB to > clientB and userC to clientC. > 6. Installed IIS/FTP > 7. Created new FTP site with User Isolation (option 3) > 8. Used 'frodo' as my user in setup > 9. Downloaded and ran the tool for setting home directories (nice > utility) > 10. Successfully ran the adsi commands: > > adsutil set /msftpsvc/722635/AllowAnonymous TRUE > adsutil set /msftpsvc/722635/AnonymousOnly FALSE > adsutil set /msftpsvc/722635/AnonymousUserName MyDomain\LowPrivUser > adsutil set /msftpsvc/722635/AnonymousUserPass password > > 11. Stopped/Started IIS services > 12. Went to my ftp url ftp://ftp.mydomain.com > > RESULT > > On one computer I get 'Internet Explorer cannot display the webpage'. > On another computer (the server) I get a popup that says: > > "Windows cannot access this folder. Make sure you typed the file name > correctly > and that you have permission to access folder. > > Details: > 220 ServU FTP-Server v2.5n for WinSock ready... > 530 Sorry, no ANONYMOUS access allowed" > > I can't seem to get past that point. Help! > > Thanks, > > Rob
FTP-ServU? Huh? I installed it from Windows 2003 via Add/Remove Programs,
selected Applications, then IIS and the FTP option. "> You're running FTP-ServU, not Windows' FTP server. Remove ServU and [quoted text, click to view] > you'l have an easier time of getting the Windows FTP server to work.
> > Jeff
On Wed, 11 Oct 2006 15:34:02 -0700, Mr. Rob
[quoted text, click to view] <MrRob@discussions.microsoft.com> wrote: >Hi Bernard, > >You must be an IIS god because whenever I do a search for >the problems I'm having I always see the name 'Bernard'. > >I still can't get this to work. > >I've started over (removed IIS and re-installed it). > >Here's what I've done. > >1. I've created a user (frodo) with minimal privelages (domain users) >2. Granted 'frodo' log on locally privelages >3. I've created user accounts for Isolated User Access (userA, userB and >userC) >4. I've created a folder structure on my F: drive that looks like this: > > F:\Clients > clientA > clientB > clientC > >5. Set NTFS permissions on folders where userA has access to clientA, >userB to > clientB and userC to clientC. >6. Installed IIS/FTP >7. Created new FTP site with User Isolation (option 3) >8. Used 'frodo' as my user in setup >9. Downloaded and ran the tool for setting home directories (nice utility) >10. Successfully ran the adsi commands: > > adsutil set /msftpsvc/722635/AllowAnonymous TRUE > adsutil set /msftpsvc/722635/AnonymousOnly FALSE > adsutil set /msftpsvc/722635/AnonymousUserName MyDomain\LowPrivUser > adsutil set /msftpsvc/722635/AnonymousUserPass password > >11. Stopped/Started IIS services >12. Went to my ftp url ftp://ftp.mydomain.com > >RESULT > >On one computer I get 'Internet Explorer cannot display the webpage'. >On another computer (the server) I get a popup that says: > > "Windows cannot access this folder. Make sure you typed the file name >correctly > and that you have permission to access folder. > > Details: > 220 ServU FTP-Server v2.5n for WinSock ready... > 530 Sorry, no ANONYMOUS access allowed" > >I can't seem to get past that point. Help! You're running FTP-ServU, not Windows' FTP server. Remove ServU and you'l have an easier time of getting the Windows FTP server to work.
I think the ServU issue is related to the laptop I'm using. I don't get that
error on any other workstation. I reinstalled FTP (Windows FTP) and used a domain admin account. However, whenever I try to go to my website it just sits there for a bit and then returns the 'Log on as' window stating "Could not login to the FTP server with the user name and password specified". I've tried the user account DOMAIN\user and just user. [quoted text, click to view] "Bernard Cheah [MVP]" wrote:
> Errrr..... before we going to solve your AD user issue. just to check what > FTP server you using? > > From the output you posted - > > 220 ServU FTP-Server v2.5n for WinSock ready... > > 530 Sorry, no ANONYMOUS access allowed" > > this is ServU ftp server and it is configured not to anonymous server....... > > you sure you have iis ftp setup and connecting to the correct ftp server? > > > Next, in step 8, during the ftp wizard creation. the user you specify must > be a AD users that have domain access to the AD objects. typically, I will > put domain administrators. but not the ftp user. > > -- > Regards, > Bernard Cheah > http://www.iis.net/ > http://www.iis-resources.com/ > http://msmvps.com/blogs/bernard/ > > > "Mr. Rob" <MrRob@discussions.microsoft.com> wrote in message > news:00627184-9DB4-4149-AF20-E1ACF3485404@microsoft.com... > > Hi Bernard, > > > > You must be an IIS god because whenever I do a search for > > the problems I'm having I always see the name 'Bernard'. > > > > I still can't get this to work. > > > > I've started over (removed IIS and re-installed it). > > > > Here's what I've done. > > > > 1. I've created a user (frodo) with minimal privelages (domain users) > > 2. Granted 'frodo' log on locally privelages > > 3. I've created user accounts for Isolated User Access (userA, userB and > > userC) > > 4. I've created a folder structure on my F: drive that looks like this: > > > > F:\Clients > > clientA > > clientB > > clientC > > > > 5. Set NTFS permissions on folders where userA has access to clientA, > > userB to > > clientB and userC to clientC. > > 6. Installed IIS/FTP > > 7. Created new FTP site with User Isolation (option 3) > > 8. Used 'frodo' as my user in setup > > 9. Downloaded and ran the tool for setting home directories (nice > > utility) > > 10. Successfully ran the adsi commands: > > > > adsutil set /msftpsvc/722635/AllowAnonymous TRUE > > adsutil set /msftpsvc/722635/AnonymousOnly FALSE > > adsutil set /msftpsvc/722635/AnonymousUserName MyDomain\LowPrivUser > > adsutil set /msftpsvc/722635/AnonymousUserPass password > > > > 11. Stopped/Started IIS services > > 12. Went to my ftp url ftp://ftp.mydomain.com > > > > RESULT > > > > On one computer I get 'Internet Explorer cannot display the webpage'. > > On another computer (the server) I get a popup that says: > > > > "Windows cannot access this folder. Make sure you typed the file name > > correctly > > and that you have permission to access folder. > > > > Details: > > 220 ServU FTP-Server v2.5n for WinSock ready... > > 530 Sorry, no ANONYMOUS access allowed" > > > > I can't seem to get past that point. Help! > > > > Thanks, > > > > Rob > >
Make sure you are connecting to the IIS FTP server, this round, try ftp.exe
from command line to connect. the post the output here... also post the IIS ftp log file here as well. -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Mr. Rob" <MrRob@discussions.microsoft.com> wrote in message news:9B295D3C-C236-4C3F-A326-3778A5A36A6D@microsoft.com... >I think the ServU issue is related to the laptop I'm using. I don't get >that > error on any other workstation. I reinstalled FTP (Windows FTP) and used a > domain admin account. However, whenever I try to go to my website it just > sits there for a bit and then returns the 'Log on as' window stating > "Could > not login to the FTP server with the user name and password specified". > I've > tried the user account DOMAIN\user and just user. > > > > "Bernard Cheah [MVP]" wrote: > >> Errrr..... before we going to solve your AD user issue. just to check >> what >> FTP server you using? >> >> From the output you posted - >> > 220 ServU FTP-Server v2.5n for WinSock ready... >> > 530 Sorry, no ANONYMOUS access allowed" >> >> this is ServU ftp server and it is configured not to anonymous >> server....... >> >> you sure you have iis ftp setup and connecting to the correct ftp server? >> >> >> Next, in step 8, during the ftp wizard creation. the user you specify >> must >> be a AD users that have domain access to the AD objects. typically, I >> will >> put domain administrators. but not the ftp user. >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis.net/ >> http://www.iis-resources.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Mr. Rob" <MrRob@discussions.microsoft.com> wrote in message >> news:00627184-9DB4-4149-AF20-E1ACF3485404@microsoft.com... >> > Hi Bernard, >> > >> > You must be an IIS god because whenever I do a search for >> > the problems I'm having I always see the name 'Bernard'. >> > >> > I still can't get this to work. >> > >> > I've started over (removed IIS and re-installed it). >> > >> > Here's what I've done. >> > >> > 1. I've created a user (frodo) with minimal privelages (domain users) >> > 2. Granted 'frodo' log on locally privelages >> > 3. I've created user accounts for Isolated User Access (userA, userB >> > and >> > userC) >> > 4. I've created a folder structure on my F: drive that looks like >> > this: >> > >> > F:\Clients >> > clientA >> > clientB >> > clientC >> > >> > 5. Set NTFS permissions on folders where userA has access to clientA, >> > userB to >> > clientB and userC to clientC. >> > 6. Installed IIS/FTP >> > 7. Created new FTP site with User Isolation (option 3) >> > 8. Used 'frodo' as my user in setup >> > 9. Downloaded and ran the tool for setting home directories (nice >> > utility) >> > 10. Successfully ran the adsi commands: >> > >> > adsutil set /msftpsvc/722635/AllowAnonymous TRUE >> > adsutil set /msftpsvc/722635/AnonymousOnly FALSE >> > adsutil set /msftpsvc/722635/AnonymousUserName MyDomain\LowPrivUser >> > adsutil set /msftpsvc/722635/AnonymousUserPass password >> > >> > 11. Stopped/Started IIS services >> > 12. Went to my ftp url ftp://ftp.mydomain.com >> > >> > RESULT >> > >> > On one computer I get 'Internet Explorer cannot display the webpage'. >> > On another computer (the server) I get a popup that says: >> > >> > "Windows cannot access this folder. Make sure you typed the file name >> > correctly >> > and that you have permission to access folder. >> > >> > Details: >> > 220 ServU FTP-Server v2.5n for WinSock ready... >> > 530 Sorry, no ANONYMOUS access allowed" >> > >> > I can't seem to get past that point. Help! >> > >> > Thanks, >> > >> > Rob >> >> >>
On Thu, 12 Oct 2006 15:16:02 -0700, Mr. Rob
[quoted text, click to view] <MrRob@discussions.microsoft.com> wrote: >I think the ServU issue is related to the laptop I'm using. I don't get that >error on any other workstation. I reinstalled FTP (Windows FTP) and used a >domain admin account. However, whenever I try to go to my website it just >sits there for a bit and then returns the 'Log on as' window stating "Could >not login to the FTP server with the user name and password specified". I've >tried the user account DOMAIN\user and just user. If you did not install FTP-ServU, then you likely have a trojan on your system. If you did install it and don't intend to use it, then remove. Whther you installed it or not, it answered your FTP request. Jeff [quoted text, click to view] >"Bernard Cheah [MVP]" wrote:
> >> Errrr..... before we going to solve your AD user issue. just to check what >> FTP server you using? >> >> From the output you posted - >> > 220 ServU FTP-Server v2.5n for WinSock ready... >> > 530 Sorry, no ANONYMOUS access allowed" >> >> this is ServU ftp server and it is configured not to anonymous server....... >> >> you sure you have iis ftp setup and connecting to the correct ftp server? >> >> >> Next, in step 8, during the ftp wizard creation. the user you specify must >> be a AD users that have domain access to the AD objects. typically, I will >> put domain administrators. but not the ftp user. >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis.net/ >> http://www.iis-resources.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Mr. Rob" <MrRob@discussions.microsoft.com> wrote in message >> news:00627184-9DB4-4149-AF20-E1ACF3485404@microsoft.com... >> > Hi Bernard, >> > >> > You must be an IIS god because whenever I do a search for >> > the problems I'm having I always see the name 'Bernard'. >> > >> > I still can't get this to work. >> > >> > I've started over (removed IIS and re-installed it). >> > >> > Here's what I've done. >> > >> > 1. I've created a user (frodo) with minimal privelages (domain users) >> > 2. Granted 'frodo' log on locally privelages >> > 3. I've created user accounts for Isolated User Access (userA, userB and >> > userC) >> > 4. I've created a folder structure on my F: drive that looks like this: >> > >> > F:\Clients >> > clientA >> > clientB >> > clientC >> > >> > 5. Set NTFS permissions on folders where userA has access to clientA, >> > userB to >> > clientB and userC to clientC. >> > 6. Installed IIS/FTP >> > 7. Created new FTP site with User Isolation (option 3) >> > 8. Used 'frodo' as my user in setup >> > 9. Downloaded and ran the tool for setting home directories (nice >> > utility) >> > 10. Successfully ran the adsi commands: >> > >> > adsutil set /msftpsvc/722635/AllowAnonymous TRUE >> > adsutil set /msftpsvc/722635/AnonymousOnly FALSE >> > adsutil set /msftpsvc/722635/AnonymousUserName MyDomain\LowPrivUser >> > adsutil set /msftpsvc/722635/AnonymousUserPass password >> > >> > 11. Stopped/Started IIS services >> > 12. Went to my ftp url ftp://ftp.mydomain.com >> > >> > RESULT >> > >> > On one computer I get 'Internet Explorer cannot display the webpage'. >> > On another computer (the server) I get a popup that says: >> > >> > "Windows cannot access this folder. Make sure you typed the file name >> > correctly >> > and that you have permission to access folder. >> > >> > Details: >> > 220 ServU FTP-Server v2.5n for WinSock ready... >> > 530 Sorry, no ANONYMOUS access allowed" >> > >> > I can't seem to get past that point. Help! >> > >> > Thanks, >> > >> > Rob >> >> >>
Bernard,
Here's what I get when I use ftp.exe... U:\>ftp rhenium Connected to ftpservername.domain.com. 220 Microsoft FTP Service User (ftpserver.domain.com:(none)): ftpuser 331 Password required for ftpuser. Password: 530 User ftpuser cannot log in, home directory inaccessible. Login failed. ftp>
Now, take a look at event log... you should see entries indicating the
failed login. post it here. Next, you can also get filemon to trace where does IIS FTP sends the user to. and whether there's permission related issue. -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Mr. Rob" <MrRob@discussions.microsoft.com> wrote in message news:2A11049A-751D-4A00-900D-6AA5B509A42D@microsoft.com... > Bernard, > > Here's what I get when I use ftp.exe... > > U:\>ftp rhenium > Connected to ftpservername.domain.com. > 220 Microsoft FTP Service > User (ftpserver.domain.com:(none)): ftpuser > 331 Password required for ftpuser. > Password: > 530 User ftpuser cannot log in, home directory inaccessible. > Login failed. > ftp> > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |