Re: Secure FTP site
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 02/21/03
- Next message: Karl Levinson [x y] mvp: "Re: Secure Web Site"
- Previous message: Karl Levinson [x y] mvp: "Re: Locking out FTP users after failed logon attempts"
- In reply to: joel: "Re: Secure FTP site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Thu, 20 Feb 2003 20:27:32 -0500
Sometimes your web browser gives you a login screen when anonymous user is
not permitted, but in your case your browser sounds like it is not doing
this. You can try using a free GUI FTP, or you could try looking for a
setting to change in your web browser under Tools, Options, Advanced, or you
could use a URL that contains the ID and password to access the FTP server,
such as password@servername.microsoft.com">ftp://username:password@servername.microsoft.com instead of
ftp://servername.microsoft.com The last is probably the easiest solution
to try.
Also note that the FTP command and IE by default use different FTP methods
[Active FTP vs. Passive FTP], and it could be that one type works with your
firewalls while the other is blocked by one of the firewalls in between you
and the server, if there is one. If there is a firewall and you have access
to it, check the firewall logs. You can change the FTP method used by IE
but the FTP command cannot be changed... also you can't disable either FTP
method on the IIS server, unless you use a firewall to block one of the FTP
methods. Search www.google.com for "active passive ftp firewall" to get
more information. Briefly, both ftp methods have the client sending a
request to TCP port 21 on the server to start the control channel used to
pass commands, but from there, either TCP port 20 on the server is used for
the data channel, or a randomly negotiated port number is used, and the
direction of the communication [server to client or client to server] is
different in the two methods.
Last, note that if you're using IIS without anonymous access, the login ID
and password are passed across the network or internet in clear text format,
which could theoretically be captured by a hacker with a sniffer.
"joel" <jmerritt@roh-inc.com> wrote in message
news:00bc01c2d921$ad9a3d70$a601280a@phx.gbl...
> I created a group that has log on locally rights, and I
> used a new user that is a member of this group. From the
> cmd line ftp I can access this ftp site fine. When I try
> to access the site from IE 6.0 I log on using the same
> user and I get access denied, what did I miss?
>
> >-----Original Message-----
> >Here's the exact process I needed:
> >
> >If you want to prevent anonymous access to the site,
> clear the option Allow
> >Anonymous Connections. Users must then provide a valid
> local account with
> >the necessary rights to log onto the FTP site (explained
> shortly).
> >
> > Tip Although you could change the account that the
> FTP service uses
> >for anonymous logon, I don't recommend it. Leave the
> default IUSR account in
> >place and allow IIS to control the password (through the
> option of the same
> >name).
> >
> >
> >For remote users to connect to the FTP service, the
> account they provide
> >must have the right to log on locally. Setup grants the
> IUSR account this
> >right when you install IIS. You need to grant this right
> to any other
> >accounts that are authorized to use the FTP service. You
> could assign the
> >right on a per-user basis, but I recommend you create a
> local group named
> >ftp-users (or something similar), grant this group the
> right to log on
> >locally, and then add accounts to the group as needed.
> >
> >To create the FTP group, open the Computer Management
> console and expand the
> >Local Users and Groups branch. Right-click the Groups
> node and choose New
> >Group to open the New Group dialog box. Specify the group
> name and then
> >click Add to add local accounts to the group. After
> populating the group,
> >click Create, then close the dialog box.
> >
> >After you create and populate the group, you need to
> grant it the right to
> >log on locally as I mentioned before. Open the Local
> Security Policy from
> >the Administrative Tools folder. Expand the branch
> \Security Settings\Local
> >Policies\User Rights Assignment, and then double-click
> the Log On Locally
> >right to display the Log On Locally Properties dialog
> box. Click Add User Or
> >Group, enter the name of the group you just created, and
> click OK. If you
> >want to browse for the group, click Object Types, place a
> check beside
> >Groups, and click OK. Click Advanced and search for the
> recently created FTP
> >users group, then close the dialog box and the policy
> editor.
> >
> >Now it's time to test the FTP service. You don't need to
> log on from another
> >computer. Just open a command console and type ftp
> localhost. Or enter ftp
> >and, at the ftp> prompt, type open localhost. Enter the
> necessary account
> >credentials when prompted. If the logon fails, verify the
> account
> >credentials and check that the account is included in the
> local ftp-users
> >group. Also check the methods you've allowed for
> authentication on the FTP
> >server, then try again.
> >
> >JimmyFace.
> >
> >"Joel" <jmerritt@roh-inc.com> wrote in message
> >news:011e01c2d90a$941464a0$a101280a@phx.gbl...
> >> I setup a secure FTP folder, I can access this site from
> >> the command line ftp, I am able to enter in my user name
> >> and password and then I can view the contents of the
> >> folder. When I try to access the folder in a web
> browser
> >> using the same user name and password I get access
> denied,
> >> I have been able to access the site using the server
> >> administrator account but that does me no good. Any
> ideas?
> >
> >
> >.
> >
- Next message: Karl Levinson [x y] mvp: "Re: Secure Web Site"
- Previous message: Karl Levinson [x y] mvp: "Re: Locking out FTP users after failed logon attempts"
- In reply to: joel: "Re: Secure FTP site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
