IIS 7 and Above
Setting up FTP using Virtual Directories and User Isolation on Window...
Last post Jan 20, 2014 06:26 PM by cbkowitz
Jan 31, 2013 11:12 PM|adam.bauerle|LINK
I have been trying to set this up for a while now. I am trying to setup FTP virtual directories for isolationg user directories on Windows Server 2012. I am able to connect to the FTP site anonymously, but when I start adding virtual directories for specific
user access, the user login returns status code:
530-User cannot log in, home directory inaccessible.
Win32 error: Access is denied.
Error details: Authorization rules denied the access.
What is odd is that I have set allow authorization rules for the user and have added the user to have read/write permissions on the virtual directory.
Any help with this would be greatly appreciated!
Jan 31, 2013 11:45 PM|terridonahue|LINK
Take a look at this
blog post I wrote. If you have any questions, problems, just let me know and we can work it out.
Feb 01, 2013 02:35 PM|adam.bauerle|LINK
Thanks for the reply Terridonahue!
It's funny you supply your blog post as that's one of them I used to try to get this going. I'll step through it again to make sure I didn't miss something and let you know how it goes.
I appreciate your help!
Feb 01, 2013 03:26 PM|terridonahue|LINK
The first thing to do is point the LocalUser ftp virtual directory to an empty folder so you can grant everyone Read access. Then create a virtual directory with LocalUser that matches the username (local user on the server) that will be logging in. Point
this to the home directory for that user. Verify that user has the needed rights in NTFS to the specified directory and all subdirectories.
Feb 01, 2013 05:14 PM|adam.bauerle|LINK
Ok, I'll step through one step at a time as to what I've done:
Is there something I'm missing here?
Immediately after I create the first virtual directory, the main admin user cannot access the main FTP folder any longer (locally or remotely).
Any ideas as to what I'm missing or doing wrong?
Feb 01, 2013 05:43 PM|terridonahue|LINK
I have not set this up using AD home directories and authentication before. My example is for users local to the machine where the ftp site is hosted. I will see if I can configure this using AD users and will provide details for you.
Feb 01, 2013 10:25 PM|adam.bauerle|LINK
Thanks Terri, your help is greatly appreciated!
Feb 05, 2013 04:29 PM|adam.bauerle|LINK
Just thougt I'd share a solution I have found for this. Turns out it was much simpler than what I had expected.
By creating FTP sites for each directory (that I had initially thought to setup as virtual directories), I have now been able to allow access to multiple users for multiple directories. Setup basic auth (like in Terri's post) and set them up for each individual
user (again, like Terri's post). Only difference is that instead of using virutal directories on one FTP site, setup separate FTP sites where you would have setup virtual directories and point that FTP site to the directory that you wish to host/share. I am
using hostnames for each site to separate them out.
Thanks for your help Terri. You helped me along the way to get to this solution!
Feb 05, 2013 04:40 PM|terridonahue|LINK
That is awesome Adam. I was trying to keep it all in 1 FTP site for ease of administration.
May 02, 2013 04:58 PM|Wizedude|LINK
I have tried to add multiple users to one FTP folder but the main account (eg Matt_Vaughan ) folder and created a user called Matt_Vaughan then tried to add another user called Admin to that folder also and can ftp using the Matt_Vaughan credentials but
530 User cannot log in, home directory inaccessible.
Can you help please.
Jan 20, 2014 06:26 PM|cbkowitz|LINK
I've followed the blog step by step and I still get error: 530-User cannot log in, home directory inaccessible. I've seen different setup instructions. One says that there needs to be an actual folder called "LocalUser" and yours shows just a Virtual
folder called that. I've tried both ways and still get the same error. I've verifiied that the proper security is set on all of the folders. So here is what I have setup
c:\inetpub\ftproot - LocalUser virtual directory
c:\ftproot\ABCCo - setup with local user ABCCo and define as a Virtual directory under LocalUser in IIS
I've also setup a local group called FTPUsers and ABCCo is a member of that group. That group is defined as having access under FTP Authorization Rules on the FTP site.
Any insight here would be appreciated.