Server 2008, need help with setting up FTP

[zylander]

Im trying to setup FTP on my server 2008 box but Im having trouble. I have the FTP service installed and setup and I have the FTP ports forwarded on my router but thats where I got stuck. I dont know how to give a user FTP access and I dont know how to assign the user a home directory. Can anyone help me out? I looked through a few tutorials found on google but the steps in the tutorials didnt follow along with my server and I ended up getting lost.

 

[Nothinman]

IIS is like black magic to me so I could be wrong, but I thought it only authenticated against standard NT users.

 

[RebateMonger]

IIS is like black magic to me so I could be wrong, but I thought it only authenticated against standard NT users.

Yeah, that's how it's always been. Unless you write your own custom authentication web pages, comparing logins to your own user database.

I'm reading that MS re-did FTP with 2008. Is yours anything like described in this article?

http://www.trainsignaltraining.com/windows-server-2008-ftp-user-authentication/2008-04-30/

If so, it seems like a pretty good description of user authenitcation in Microsoft's 2008 FTP.

 

[zylander]

Yeah, that's how it's always been. Unless you write your own custom authentication web pages, comparing logins to your own user database.

I'm reading that MS re-did FTP with 2008. Is yours anything like described in this article?

http://www.trainsignaltraining.com/windows-server-2008-ftp-user-authentication/2008-04-30/

If so, it seems like a pretty good description of user authenitcation in Microsoft's 2008 FTP.

That site helped a lot. I now have FTP 7 installed, I have a site setup and a user assigned to it but I can not connect to the FTP site. If I RDP into the server box and attempt to connect to the FTP site on that box I can get in. But, if I try to connect to the FTP site from another computer on the network the connection times out. I have TCP port 21 forwarded in the router to the server and I followed the setup instructions on that site exactly.

 

[zylander]

I fixed the first problem (had to forward the TCP port 21 in the windows firewall, but I just found another problem and I dont know how to fix it.

When I test the connection of the FTP site in the IIS manager, it passes Authentication but I get an error message for Authorization. I get an error that says; "cannot verify access to path (C:\inetpub\....) and the details say;

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

 

[stlcardinals]

You might take a look on the IIS website: http://learn.iis.net/page.aspx/356/ftp-7-for-iis-7/

 

[RebateMonger]

http://msmvps.com/blogs/bernard/arc...-verify-access-to-path-c-inetpub-wwwroot.aspx

"Warning: Authorization - Cannot verify access to path (C:\inetpub\wwwroot\).
I'm sure you have seen the below warning message many times with IIS 7+

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

Now, you are getting this message, when you clicked on the 'Test Connection' button while you adding new site or virtual directory. I have seen quite many posts regarding this misleading message

First of all, this is not an error but warning message instead, next the warning message is pretty self explained, and no need to be extra alarm about it. Anyway, in short because the default application pool identity is NetworkService account, which is a built-in account + default authentication mode is pass-through, hence IIS can't verify 'simulate' or verify the access when you clicked the button. Hmm.... ha! well that's exactly what's written in the warning message haha! if you put in a custom account, IIS will take it and access using the account SID, for built-in account, 'things' will kick in at run time. Next, if the resource is readible by user, NetworkService account should have no issue reading the file as well.

Anyway, if you do experience access problem later when you test to access the content path, IIS log file - request status code + sub status code is your best friend, if it is permission related you should be getting 401.3 error. You can also get procmon to help troubleshooting access related errors."

 

[zylander]

You might take a look on the IIS website: http://learn.iis.net/page.aspx/356/ftp-7-for-iis-7/

Thanks, that site helped me out a lot.

I got the FTP site working, turned out I didnt have enough permissions set in the Windows firewall.

 

[stlcardinals]

Thanks, that site helped me out a lot.

I got the FTP site working, turned out I didnt have enough permissions set in the Windows firewall.

No problem, I'm glad that it helped you.