Previous Next

• 09-12-2008, 6:22 PM

  zdenek Joined on 09-08-2008, 2:25 PM miami Posts 13

  Isolating FTP user with IIS Manager based credentials Reply Contact I tried to set up user in IIS Manager. When isolation is not in use, the user can log in. I created virtual directory that points to another location on the disk (with the appropriate permissions applied). The virtual directory has same name as user login. When I select do not isolate, start user in user name directory, everything works fine. The user ends up in /user/ directory on login as it should and user can traverse back to main directory without a problem.  My issue is setting up isolation. When I enable User name directory (disable global virtual directories) I get:  530-User cannot log in, home directory inaccessible.  Win32 error:   The system cannot find the path specified.  Error details: File system returned an error. 530 End Login failed. When I enable User name physical directory (enable global virtual directories) I get the very same error. To debug the issue I have removed the virtual directory, created physical directory and same issue happens when isolation is turned on. I did verify FTP Authorization Rules set properly for the user in both the virtual directory and physical directory cases.  When I do not isolate the user, both the virtual and physical directories work properly. The user exists only in IIS Manager, it is not a windows user. my FTP Authentication settings:  Anonymous disabled Basic disabled IiiManagerAuth Enabled  FTP Authorization Rules: Allow user Read,Write   Using default App pool under Network service and I have enabled access to all appropriate locations (which is how I got the user to authenticate and work properly when not in isolation mode)   Any ideas on what else to check?   Additional info: Window 2008 Web Edition, latest FTP for IIS 7, IIS Manager installed, allows IIS Manager credentials. Allow SSL connections setting on FTP. Directory browsing UNIX style, display Virtual Directories enabled. Zdenek, datacrunch.net

  Tags: ftp authenticationUser accountsWindows 2008 ServerFTP Authorization RulesPermissions

• 09-19-2008, 5:07 AM

  In reply to

  WenJun Zhang - MSFT Joined on 08-27-2008, 2:53 AM Posts 80

  Re: Isolating FTP user with IIS Manager based credentials Reply Contact Could you please provide more details of your FTP directory structure? Please place the user directories under a parent directory called LocalUser i.e: FTPRoot\LocalUser\UserName\ If still no avail, I'd suggest you run process monitor on the machine to track down the I/O of IIS FTP and turn up which physical directory it fails to access during login. WenJun Zhang - MSFT Sincerely Microsoft Online Community Support “Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• 09-19-2008, 12:59 PM

  In reply to

  zdenek Joined on 09-08-2008, 2:25 PM miami Posts 13

  Re: Isolating FTP user with IIS Manager based credentials Reply Contact Hmmm... interesting insights with the process manager...   When I run ftp with ftp user isolation set to:  Do not isolate users. Start users in User name directory,  I see:   Create file D:\dummy_ftp_home\zdenek When I run with Isolate Users. Restrict users to the following directory: and select either User name directory (disable global virtual directories) or  User name physical directory (enable global virtual directories), in both cases I see:  Create file D:\dummy_ftp_home\LocalUser\zdenek\ (yes the backslash is there and not in the other call)  And of course the LocalUser business there ... must be a reason why.   So I created .\LocalUser\zdenek physical directory. This works. So then I proceeded to do a little change to this setup - my original question was if I can have a virtual directory. I deleted physical directory so now I have \LocalUser\ with virtual directory zdenek which is directed elsewhere.  Again this fails as it calls createFile on physical location.   So far i found one workaround but it is not nice - i can create an empty directory and then create virtual directory underneath it called "my actual home", for example. This of course is not a good solution, what I would like to have is something like this:  D:\dummy_ftp_directory - the root for ftp.   Then if I log in as zdenek, to get my home directory isolated to, for example, f:\zdenek_home. If I choose to log in as, for example, john, I'd like that user to be isolated to, for example, g:\websites\john_sites.   I don't want to pull the linux card here to compare the solutions, but it helps for illustration purposes. I can create home directories anywhere i want and ftp will read the home from a password file and that's where the user goes upon login. Logical place for this would be, for example, in IIS Manager Permissions for the FTP site instance, where I could put in home directory. It seems the home directory functionality is available when using Active directory ("isolate users. restrict users to the following directory: FTP home directory configured in Active Directory").   Maybe someone knows how to pull "Ftp home directory" that is not configured in active directory? Zdenek, datacrunch.net