Jump to content

Issues with IIS and FTP

atari37

By atari37
in Windows 2000/2003/NT4

 Share

Recommended Posts

atari37

atari37

Posted
Posted (edited)

I recently installed and configured IIS and FTP on my file server. I have a site called experiment for my ftp. On this site, I have a directory pointing to an experiment directory on the server.

However, when I type the ftp site in my browser, I get a login screen. Problem i'm having is that only the local administrator account can successfully login.

It doesn't matter what group I add to the security tab on this directory...Administrator is the only one that can see the site. What am I doing wrong?

Any help will be greatly appreciated.

I should add that the groups I'm adding to the security policy are on an Active Directory server.

Edited by atari37

nmX.Memnoch

nmX.Memnoch

Posted
Posted

Try putting in the full logon information for the domain users. For example, either DOMAIN\User or user@domain.tld in the logon information. I believe by default IIS only looks for accounts that are local on the FTP server.

atari37

atari37

Posted
  • Author
Posted
Try putting in the full logon information for the domain users. For example, either DOMAIN\User or user@domain.tld in the logon information. I believe by default IIS only looks for accounts that are local on the FTP server.

Why didn't I think of that? Of course that worked. So is this really how i's supposed to work? Isn't there a way for me to type the username and not have to type the domain name as well? Seems like something that should work on the fly for a Windows box. This ftp server is on the domain as well so I don't see why it can't authenticate to the domain users.

Thanks

nmX.Memnoch

nmX.Memnoch

Posted
Posted

IIS FTP isn't designed to work that way. It's not really designed to be used on a domain since...well...on a domain you can setup shares. :)

Obviously it'll work, but that isn't the intent.

Stoic Joker

Stoic Joker

Posted
Posted
IIS FTP isn't designed to work that way. It's not really designed to be used on a domain since...well...on a domain you can setup shares. :)

Obviously it'll work, but that isn't the intent.

That depends on how he answered the Isolate Users option during the setup of the FTP site as there are 3 options:

1. Don't isolate users.

2. Isolate users to their home directories (I'll assume this is the local accounts only part you spoke of)

3. Isolate users to their home directory using Active Directory.

jcarle

jcarle

Posted
Posted
If I'm not mistaken, even if you choose option 3 you still have to put in the full domain logon information when logging into the FTP.

Well, if you create the user account on the local machine, MS FTP should allow you to login without full domain information. Although I don't know enough about Active Directory to know if you can create local accounts as well as those on AD.

Stoic Joker

Stoic Joker

Posted
Posted

Okay... There's a couple of things troubling me at this point. First of which is what "Login Screen" is Atari37 getting when attempting to acess the FTP? A standard Windows login dialog? or The FTP based "Would you like to login anonymously" dialog.

Reguardless of whether the FTP is running on a DC or a member server the authentication should be handled by AD, I've never seen a LM account work inside of a Domain environment and I administer several IIS FTPs as part of my daily activities.

If adding the domain (Which should never be needed) information does allow access, is Atari37 running the FTP server in a DMZ and exposing the local file shares?!? IE's FTP access can be handy in a pinch... but for proper testing, one should really be using a real FTP client application to be sure they're connecting to port 21 (and only port 21).

One thing to check would be what is atari37 typing into the browser, if it's only the IP address (or host/DNS name) of the server then they'll get a HTTP connection (and standard Windows login dialog) by default which will require the domain name to be added for authentication. In order to connect to the FTP they would need to specify it in the link used in the address bar e.g. FTP://servername ...That (and only that) would force the browser to connect to port 21 and access the FTP server...which I suspect at this point to be the real issue.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...