PDA

View Full Version : FTP isolation in Windows Server 2003



george12
19-01-2005, 03:06 PM
Hi,

I upgraded my server from Windows Server 2000 to Windows Server 2003 - it's great but there is a problem. Actually this is the third problem I have experienced but.....

In Server 2000, I had the domain structure like this:

D:\Domains
D:\Domains\domain1.co.nz
D:\Domains\domain1.co.nz\wwwroot
D:\Domains\domain1.co.nz\logs
D:\Domains\katatoonz.com
D:\Domains\katatoonz.com\wwwroot
D:\Domains\katatoonz.com\logs
D:\Domains\sam.domain1.co.nz
D:\Domains\sam.domain1.co.nz\wwwroot
D:\Domains\sam.domain1.co.nz\logs

ETC ETC for all the hosted domains. The actual user name in Active Directory would be the domain as in the folders eg. 'katatoonz.com', and that would be the home directory of the user when they logged into FTP.

But in Server 2003 that directory structure doesn't work. When I select 'Users are isolated' as the mode of the FTP server, it seems like it would work but every user, even Administrators, get 530 User [Some user] cannot log in: Home directory inaccessable.

How can I get around it?

I have read about having to have the structure be C:\Inetpub\LocalUser\[username]. But changing to that would be highly annoying, a lot would have to be changed. I am hoping there is an alternative.

And Elephant, this is because I am new to Server 2003, not because I am dumb/unprofessional/don't know what I'm doing. OK?

Cheers George

ninja
19-01-2005, 05:44 PM
And Elephant, this is because I am new to Server 2003, not because I am dumb/unprofessional/don't know what I'm doing. OK?
Thread #3 and I'm here yet again.

Seeing as you mentioned this, I actually agree with Elephant. You are providing services to people, no doubt you are charging some of them for said services. These services are probably critical, e-mail and web-hosting tend to be reasonably so.

This makes you a hosting business - regardless of anything you think to the contrary.

You've elected to upgrade the software on your server, without any research into possible problems, or being prepared to rollback if you ran into unforeseen problems. You are then relying on coming here and getting other people to look for answers on Google for you it seems, instead of making a concerted effort yourself which I'm sure would be faster.

We serve a few thousand sites at work, picture this:

*Early one morning:

Hmmm... Apache 2.0
su
apt-get update
apt-get install apache2


*Minutes later:

Uh oh... none of my sites are working
:NEW POST: Hi, I just upgraded to apache 2 and all my 1000's of sites stopped working, can someone please help rewrite my virtual.conf k thx


How appropriate would that be?

Whilst you may not think so, upgrading a server without looking into the potential hazards and having a clear pathway laid out in front (as well as a clearer pathway behind) is dumb, is unprofessional, and tends to show you don't know what you are doing.

All well and good if this is just your own domain name that you're mucking around with, but this is affecting your clients - with issues that could be resolved by chucking three terms into Google and clicking I'm feeling lucky.

Perhaps next time you elect to upgrade you might want to try something like:
http://www.microsoft.com/windowsserver2003/upgrading/w2k/default.mspx
http://www.google.co.nz/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=upgrade+server+2003+from+2000+problems&btnG=Search&meta=

There's no point getting wound up about someone pointing the obvious out to you, you made a mistake in this case, a significant one - it's not surprising that someone on the intarweb elected to call you out on it.

As to the problem in this thread, once again try Google:
http://www.google.co.nz/search?q=setting+up+FTP+users+server+2003&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official

There's articles for Africa on it.

Guess I should now await banishment #2.

Jen
19-01-2005, 07:11 PM
Now, that was not very nice ninja. Don't forget we all make mistakes, which we then learn from. George is only young, and he willl undoubtly make more mistakes and learn from them - this is called experience. You won't find many guys his age doing what he does now with his shop and hosting. He asks for help, so should get it without the judgemental remarks. This is what PressF1 is here for.

Guess I should now await banishment #2.Too right - you're out for the next 24 hrs.

george12
19-01-2005, 09:16 PM
Well, much as that post offends - ninja's banning for 24hrs means he can't give me the valued help I need - hopefuly others will.

Of course I searched Google - sources seem to say that I had to do it as I mentioned in the post, but I need to know if there is another way.

Luckily ninja, I don't have thousands of customers - I have about 6 and don't want any more. Until of course I move to that US server...

But anyway, they are all fine for now as nothing urgent is wrong - they just can't use FTP.

george12
19-01-2005, 09:21 PM
Okay, I pretty much think that I am going to have to make the LocalUser directory :(.

Just before I tell everyone they have to change all their hardcoded paths, can someone confirm there is no other way?

sambaird
19-01-2005, 09:41 PM
I have about 6 and don't want any more. Until of course I move to that US server...
what us server?



Okay, I pretty much think that I am going to have to make the LocalUser directory :(.

Just before I tell everyone they have to change all their hardcoded paths, can someone confirm there is no other way?


good thing im to lazey to have uploded my site yet :)
see lazzyness is good some times

george12
19-01-2005, 09:59 PM
what us server?

I'm getting a nice dedicated server in the US to replace mine.

It has a 100Mbit connection and 200GB (soon to be 1200GB) per month traffic, I think it will whip the arse of what I currently have.

But anyway, that's not particularly relevant right now ;)

george12
24-01-2005, 07:59 PM
bump

ninja
24-01-2005, 11:17 PM
Well, much as that post offendsI hope you took something out of it, regardless of any offence.


I have about 6 and don't want any more. Until of course I move to that US server...What happened to "I will be co-locating two servers in Level 48 of the sky tower"?

agent
24-01-2005, 11:32 PM
There's an article (http://www.securityfocus.com/infocus/1765) at SecurityFocus about how IIS 6.0 is more secure by design. It doesn't have steps to solve your problem, but after reading it I thought it mentioned all the problems you'd experienced in your move to Windows Server 2003.

george12
27-01-2005, 01:34 PM
I hope you took something out of it, regardless of any offence.

What happened to "I will be co-locating two servers in Level 48 of the sky tower"?

That's not happening anymore as I can get a far better deal with 1200GB of bandwidth and a 100mbit connection worldwide for half that price. And I don't have to provide my own server.


I hope you took something out of it, regardless of any offence.

I guess I did, but I felt that what I did get out of what you said was wrapped in indirect insults. Nuff said anyway, to move on...

Here is my update:

I just grabbed another server, loaded Windows 2000 and used that for FTP and FTP alone. I might put it to a couple of other uses some time, but that's not important right now.

Thanks for the help everyone.