« Previous Next »

• 05-13-2008, 5:51 PM

  taylordc Joined on 05-13-2008, 9:49 PM Posts 2

  FTP and User Isolation IIS7 Server 2008 Reply Contact I feel like I'm the only one using IIS 7 with the new FTP. As you know, the new FTP didn't ship with 2008 Server, but I've downloaded it and I'm trying to get it to work. It's not working. I am trying to get FTP User Isolation to work. I am doing User Name Physical Directory. My goal is to have C:\FTP\[username] directories for all of my FTP users. Usernames would be '12345678' or 'test' or '45637654'. I don't want any of the Users to be able to see a directory list. User Isolation should do this. Without User Isolation (doing User Name Directory) I can log in to the correct folder... but I can traverse and see other folder names (all in the C:\FTP directory). With User Isolation I cannot login. My error message is as follows: C:\>ftp dc1 Connected to DC1.[domain].net. 220 Microsoft FTP Service User (DC1.[domain].net:(none)): test 331 Password required for test. Password: 530-User cannot log in, home directory inaccessible. Win32 error: The system cannot find the path specified. Error details: File system returned an error. 530 End Login failed. ftp> Any thoughts on how to troubleshoot this would be greately appreciated.

• 05-14-2008, 12:28 AM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 3,932

  Re: FTP and User Isolation IIS7 Server 2008 Reply Contact I'd check to make sure the Authentication (basic) and Authorization sections are properly configured.    Here is how I use FTP user isolation and it works great. 1) Create a dummy FTPRoot folder 2) Create a Master FTP site. (just an FTP site) No http. 3) Create a vdir called 'LocalUser'. map the 'localuser' virtual directory to your dummy folder (grant authenticated users 'list' only permissions) 4) Under the LocalUser vdir, create your specific user accounts mapped to the appropriate location (these should be vdirs) 5) Under the User isolation, select the first option (disable global directories) 6) Under the Authentication section, enable basic authentication if you are using windows accounts. 7) Under the authorization, grant the user permissions. 8) Grant appropriate folder security for your test user.  9) Test it out. See if you get logged in.     Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 05-15-2008, 5:21 AM

  In reply to

  qbernard Joined on 03-25-2003, 10:12 PM Malaysia Posts 3,216	Re: FTP and User Isolation IIS7 Server 2008 Reply Contact Best way to troubleshoot this error and understand where IIS FTP is trying to send the user to... get procmon or filemon..... look at log and figure out where the user is redirected to. Cheers, Bernard Cheah

• 05-15-2008, 10:06 AM

  In reply to

  taylordc Joined on 05-13-2008, 9:49 PM Posts 2

  Re: FTP and User Isolation IIS7 Server 2008 Reply Contact Nothing showed-up in the logs. The suggestion on using Virtual Directories didn't work either.   What I finally found was that I was using Domain user accounts instead of Local user accounts and I needed to create a folder for that domain as a sub of the root and then create my user folders C:\FTP\[domain]\[username]. So for example.net where C:\FTP is the FTP root folder and 12345678 is a User defined in Users and Computers of the Active Directory Domain example.net:  C:\FTP\example\12345678  Make sure the domain folder does NOT have the .net extension on it.  Thank you for your help.

• 12-04-2008, 10:05 AM

  In reply to

  dgallek Joined on 12-04-2008, 3:04 PM Posts 2	Re: FTP and User Isolation IIS7 Server 2008 Reply Contact I also was using Domain user accounts and taylordc's solution of: C:\FTP\[domain]\[username].  worked for me - thanks taylordc!

• 02-01-2009, 2:59 PM

  In reply to

  davdalton Joined on 02-01-2009, 7:48 PM Posts 1

  Re: FTP and User Isolation IIS7 Server 2008 Reply Contact I'm also pulling my hair out try to migrate to FTP7. I have a cute little application that generates a bat file when a user signs up for a new web/ftp account on my server. The app has been bulletproof on IIS6 for years. Basically, it uses the username and password to: 1) creat a NET USER 2) MKDIR the right directories 3) CACLS the right permissions 4) iisftpdr and iiswebdr to create virtual directories. In realtime, they have an account. I have revised the bat file with appcmd for iiswebdr and everything works great, EXCEPT FTP. I've read a lot of forum entries (including this one) and tried to figure out two things: 1) how do you use appcmd (or other script) to create the FTP provision for a new account? Is it even necessary anymore? 2) What are the correct settings for User Isolation to make accounts work? In IIS6, I have all my user files on D:\ in physical folders with usernames (i.e., d:\localuser\smithx). I have tried every combination of permissions that I can in the FTP wizard. Since the server is NOT part of a domain, I use local accounts only (no AD). Any help would be much appreciated. I am about ready to hire an IIS7 top gun if anyone knows any one in the Akron/Cleveland area... Thanks!

  Tags: AppCmdFTP 7User Isolation

• 03-22-2009, 3:24 PM

  In reply to

  Eliyahu Joined on 12-13-2005, 8:41 AM Israel Posts 1	Re: FTP and User Isolation IIS7 Server 2008 Reply Contact This worked beautifully for me. Thank you Steve! Eliyahu Goldin, Microsoft MVP [ASP.NET] http://msmvps.com/blogs/egoldin http://usableasp.net

• 03-25-2009, 11:24 AM

  In reply to

  Matt D Joined on 03-25-2009, 3:21 PM Posts 1

  Re: FTP and User Isolation IIS7 Server 2008 Reply Contact taylordc: Nothing showed-up in the logs. The suggestion on using Virtual Directories didn't work either.   What I finally found was that I was using Domain user accounts instead of Local user accounts and I needed to create a folder for that domain as a sub of the root and then create my user folders C:\FTP\[domain]\[username]. So for example.net where C:\FTP is the FTP root folder and 12345678 is a User defined in Users and Computers of the Active Directory Domain example.net:  C:\FTP\example\12345678  Make sure the domain folder does NOT have the .net extension on it.  Thank you for your help.  This was the explanation that had been eluding me.  Thanks for the follow up post, it really helped me out.

• 03-25-2009, 12:26 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 3,932

  Re: FTP and User Isolation IIS7 Server 2008 Reply Contact I wrote a quick blog showing the NetBIOS name needs to be present.   Seems a bit odd honestly, but it works. http://weblogs.asp.net/steveschofield/archive/2009/02/20/530-user-cannot-log-in-home-directory-inaccessible-ftp-7-0-user-isolation-and-process-monitor.aspx Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 03-31-2009, 4:51 AM

  In reply to

  qbernard Joined on 03-25-2003, 10:12 PM Malaysia Posts 3,216	Re: FTP and User Isolation IIS7 Server 2008 Reply Contact netbios name? ooh.. something new for IIS7? this is not in IIS6 :) Cheers, Bernard Cheah