I am currently demoing coreftp server. In order to get approval to purchase this for production use I need to get it to utilize Active Directory.
I have followed the directions in other posts.
Domain Properties
- Base Directory: e:\ftp
- Enable Active Directroy Users
- User Settings to use: domainuser (user I created in CoreFTP server)
- use windows domain: (specified our testing domain)
User Properties for domainuser
- home directory: e:\ftp
- Lock user in home directory is not checked
- Directory access for e:\ftp is set to RWAD-LCRI
In active directory I go to the user, profile tab and set their local path to e:\ftp\<their home directory>. On the ftp server I give the user Full Control on the security properties for their home folder.
If I go this path domain users are able to authenticate, but they do not have permission to upload anything to their directory. They get a LIST denied - / error when they log on and then the following if they attempt to upload a file:
[20080205 10:22:51] [63.96.13.68] ftpnewguy, mkdir '/"' denied
[20080205 10:22:51] [63.96.13.68] ftpnewguy, mkdir '/' denied
[20080205 10:22:51] [63.96.13.68] LIST denied - /
If I change the Domain Properties in Coreftp and select the Use base directroy + username option, the user can see their directory and upload and download from it. However they can not move up to the root directory to allow them to move to other directories even though I do not have the lock user to home directory option chosen for the "user settings to use" user.
I am willing to live with the use base directory option (and may actually prefer it), but need to know how to allow users to be able to move up to the root so they can go to other directories.
Is this achieved through Windows security permissions? I need help here.
Active Directory Integration
The user "domainuser" exists. It is a user created in CoreFTP under the domain I setup in CoreFTP. It has nothing to do with the AD domain.CP wrote: 1: That the user "domainuser" does not already exist anywhere,
I guess this is where the question lies, what should permissions look like. I want to give my domain users the ability to move from their home (e:\ftp\username) up into the root (e:\ftp) and then move into certain folders under the root. I gave the particualr user Full Control in Windows Security on the e:\ftp folder. It does not allow me to move up into e:\ftp, just keeps me chained to the e:\ftp\ftpnewguy folder.CP wrote: the user you are logging in with does have AD rights to E:\FTP\. To answer your question, it could be Windows user permissions. I believe the user permissions are used by those set in "domainuser", but the AD permissions still come into effect when trying to access E:\FTP\
I need to know exactly what the permissions for the domainuser should look like in CoreFTP and what security rights I need to give to my acitive directory users in windows.
The service is running as Local System account. The user SYSTEM has full control on e:\ftp and all of its subdirectories.CP wrote: 2: The user running the server has full rights to the path that you are trying to access (more common but probably not the issue).
Windows Server 2003 on the ftpserver, Windows Server 2000 on the domain controller.CP wrote: What version of Windows are you running on (include x86 or x64 version)?