locked
FTP User Isolation help on Server 2008 R2 RRS feed

  • Question

  • Looking for a little guidance here.  I have Windows Server 2008 R2 as a Domain Controller and running Active Directory.  I am trying to get FTP with User Isolation setup on my server and I am experiencing quite a bit of frustration.  Here is what I have done:

    Folder structure is  E:\FTP\domain\bob, E:\FTP\domain\sue

    Folder permissions for FTP and Domain are (Everyone: Read, List folder contents, Read & execute) (Domain Users: Read, List folder contents, Read & execute) (Administrator: Full Control)

    Folder permissions for bob: (Administrator: Full control) (bob: Full control)

    Folder permissions for sue: (Administrator: Full control) (sue: Full control)

    I then went into IIS and created an FTP site named FTP and pointed it to E:\FTP\domain on a local IP address and port 21 with the following settings:

    FTP Authentication: Anon = Disabled, Basic = Enabled

    FTP Authorization Rules:   Allow All Users Read, Write

    FTP User Isolation: User name physical directory (enable global virtual directories)

    I then clicked on the folder E:\FTP\Domain\bob and put the following settings:

    FTP Authorization Rules: Allow bob, administrator Read, Write

    I then clicked on the folder E:\FTP\Domain\sue and put the following settings:

    FTP Authorization Rules: Allow sue, administrator Read, Write

    I then start Filezilla and input my server information and click connect and get the following error:

    Status: Connection established, waiting for welcome message...

    Response: 220 Microsoft FTP Service

    Command: USER sue

    Response: 331 Password required for sue.

    Command: PASS ***********

    Response: 530 User cannot log in, home directory inaccessible.

    Error: Critical error

    Error: Could not connect to server

    Now to just test to make sure I didn't error in putting the information in, I changed the setting:

    FTP User Isolation: User name physical directory (enable global virtual directories) to FTP root directory and it works.

    My issue is that I do not want to see both folders when I connect filezilla to the FTP server, I want each folder isolated so that either person cannot see the others folder.  I am sure this is something simple, but I have not been able to figure this out.  Any help is appreciated.

    Friday, July 1, 2011 9:16 PM

Answers

  • Hello,

    for IIS questions, please post here: http://forums.iis.net/

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    • Marked as answer by James Zou Wednesday, July 6, 2011 2:18 PM
    Sunday, July 3, 2011 9:38 AM
  • Hi,

     

    Here is an article for your reference. This document will walk you through the various FTP user isolation settings using the new FTP user interface and by directly editing the IIS configuration files.

     

    Configuring FTP 7.5 User Isolation:

    http://learn.iis.net/page.aspx/305/configuring-ftp-75-user-isolation/

     

    Since your question is IIS related, please post in http://forums.iis.net/ for more information.

     

    Thank you for your understanding.

     

    Best Regards,

    James Zou

    • Marked as answer by James Zou Wednesday, July 6, 2011 2:18 PM
    Monday, July 4, 2011 2:01 AM

All replies

  • Hello,

    for IIS questions, please post here: http://forums.iis.net/

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    • Marked as answer by James Zou Wednesday, July 6, 2011 2:18 PM
    Sunday, July 3, 2011 9:38 AM
  • Hi,

     

    Here is an article for your reference. This document will walk you through the various FTP user isolation settings using the new FTP user interface and by directly editing the IIS configuration files.

     

    Configuring FTP 7.5 User Isolation:

    http://learn.iis.net/page.aspx/305/configuring-ftp-75-user-isolation/

     

    Since your question is IIS related, please post in http://forums.iis.net/ for more information.

     

    Thank you for your understanding.

     

    Best Regards,

    James Zou

    • Marked as answer by James Zou Wednesday, July 6, 2011 2:18 PM
    Monday, July 4, 2011 2:01 AM
  • Thank you for correcting where to post.  I have already reviewed these articles and they were not helpful as I followed them and still cannot get it to work.
    Tuesday, July 5, 2011 2:24 PM
  • I am also in trouble like that.

    I configured the ftp server 2008 r2 but cann't access users home directory.

    what I want:

    Users will access to their home directory and No one could see each other.

    Please help



    Tuesday, October 25, 2011 8:28 PM
  • This might be a late post but nonetheless if anyone else have the same problem the easiest fix is the physical directory structure - it needs to be in a certain format (as explained below) otherwise you can bang your head against the wall as much as you like :)

    Local Windows user accounts                    -  %FtpRoot%\LocalUser\%UserName%
    (requires basic authentication)

    Windows domain accounts                        - %FtpRoot%\%UserDomain%\%UserName%
    (requires basic authentication)

    HTH.

    Friday, May 25, 2012 9:36 AM
  • This might be a late post but nonetheless if anyone else have the same problem the easiest fix is the physical directory structure - it needs to be in a certain format (as explained below) otherwise you can bang your head against the wall as much as you like :)

    Local Windows user accounts                    -  %FtpRoot%\LocalUser\%UserName%
    (requires basic authentication)

    Windows domain accounts                        - %FtpRoot%\%UserDomain%\%UserName%
    (requires basic authentication)

    HTH.

    Wow this is the first post that I have seen in my searches that mentioned the proper directory structure!  It never occured to me (and likely others) that adding the domain name to the structure was what I needed to do.  Thanks very much!  Your 'late reply' has helped me immensly!


    -Chaotix

    Friday, August 3, 2012 4:42 PM
  • Thanks for pointing this out. I have been searching for solution to this issue since yesterday and every post had mentioned only user authentication settings. Problem has been resolved after creating user name sub folders inside domain name folder.
    Tuesday, October 8, 2013 1:32 PM