We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

FTP User isolation not working  [Answered]RSS

4 replies

Last post May 26, 2015 10:10 AM by Pengzhen Song - MSFT

  • FTP User isolation not working

    May 19, 2015 07:26 AM|Pilessio|LINK

    Good morning

    I've checked all threads regarding the issue in subject, but no helps me.

    My installation is:

    Windows Server 2012

    IIS 8.5 with FTP extension

    I need to configure this system to be a classic Virtual hosting service.

    Many sites and every FTP user chrooted in his virtual directory.

    The steps I've taken are below:

    1 - create a new FTP site (called "Default FTP Site")

    2 - choosen Physical Path of it "C:\inetpub\ftproot"

    3 - no SSL connection, no virtual host

    4 - choosen Base Authentication

    5 - create a user to authenticate and choosen "User specified" in "Allow acces to" and choosen that user created at first (in this step I've tried to grant access also to "All users")

     Then I've created the virtual directory:

    6 - at first I've create the user to log in Virtual directory, granted him permission (full permission) to "C:\inetpub\ftproot" and to his physical path that the Virtual directory will point to (C:\Webs\site1)

    7 - then I've created the Vdir with the same name of the user in point 6 with physical path "C:\Webs\site1" and configure this Vdir to "login how" and insert user and pass of point 6 (check configuration button indicates that everything is ok)

    8 - in "Isolation FTP user" I've choosen to isolate users to "Username directory (disable global virtual directory)"

    9 - in "FTP Authentication" I've choosen to disable anonymous auth and I've enabled Base authentication (I've no domain here, this are local machine users)

    10 - in "FTP rules" both of vdir and Default FTP site I've allowed read and write to Default user of Default FTP site and user that should login in Vdir, so all the permission are set, both file system and in FTP app.

    Can't login:

    Answer:    220 Microsoft FTP Service
    Command:    USER weworld
    Answer:    331 Password required
    Command:    PASS ********
    Answer:    530 User cannot log in, home directory inaccessible

    Fatal error

    If I don't configure User isolation (choosen "Don't isolate users: Start in: Directory username") it works and if in my FTP client, if I select to go in .. (the path above to my VDir) I can go in but I can't see VDirs (it is right) included his one.

    Why User isolation doesn't work? I'm trying to configure it since yesterday morning and I'm getting frustrated.

    Thanks for the help

    Best regards

    isolation ftp iis

  • Re: FTP User isolation not working

    May 19, 2015 07:40 AM|fab777|LINK

    Hi,
    is your server member of an Active Directory domain? If yes, your problem is probably due to missing configuration, you have to use ADSIEdit to manage the attributes used for the account's FTP Home directory.

    isolation ftp iis

    This message is provided "AS IS" with no warranties... But you can still mark it as answer if it's helped you.
    Fabrice ZERROUKI
    Wanna chill out? Here: JAHSound.net
  • Re: FTP User isolation not working

    May 19, 2015 08:02 AM|Pilessio|LINK

    Hi

    no, my server isn't a member of a active directory domain.

    Thank you so much for replying to me

    isolation ftp iis

  • Re: FTP User isolation not working

    May 19, 2015 09:17 AM|fab777|LINK

    You can try this well explained "howto" : https://community.rackspace.com/products/f/25/t/491

    isolation ftp iis

    This message is provided "AS IS" with no warranties... But you can still mark it as answer if it's helped you.
    Fabrice ZERROUKI
    Wanna chill out? Here: JAHSound.net
  • Re: FTP User isolation not working

    May 26, 2015 10:10 AM|Pengzhen Song - MSFT|LINK

    Hi,

    Have you resolved the issue? Please configure ftp user isolation again following the step by the article provided.

    https://community.rackspace.com/products/f/25/t/491

    And I suggest that you can disable User Isolation firstly and check if the user can log in.

    Also, please refer to the document:

    https://support.microsoft.com/en-us/kb/201771

    isolation ftp iis

    We are trying to better understand customer views on social support experience. Click HERE to participate the survey.
    Thanks!