Restrict Access by AD Groups

Please post here if you have problems in using Wing FTP Server.

Restrict Access by AD Groups

Postby polaradmin » Tue Jun 26, 2012 9:33 pm

I just purchased wingftp and I have it implemented so far. I am using windows authentication, and allowing users to log in that way. However, currently, everyone on the domain is able to log in. Is there a way that I can create a security group to allow only members to be able to log in? I saw the add AD users mapping, however, that does not appear to be working. I have added a couple of users in there in this format `username:username_local`. Is this possible?
polaradmin
 
posts 1
 
joined Tue Jun 26, 2012 9:28 pm

Re: Restrict Access by AD Groups

Postby FTP » Wed Jun 27, 2012 2:45 pm

First, mapping AD user to local user can't restrict access, maybe you should setup a empty default folder with no permission, and map the allowed AD users to the specified local user.
FTP
Site Admin
 
posts 1202
 
joined Tue Sep 29, 2009 6:09 am

Re: Restrict Access by AD Groups

Postby sgatke » Wed Oct 24, 2012 8:29 am

Polaradmin, did you find a solution for your needs?
We have implemented a solution where only AD users which are members of a specific AD Group, have access to the FTP Server. It took some fiddling with LDAP but we finally succeeded. Let me know if you need help.

Now, if there was a way to assign different rights to different domain groups, THAT would be nice :-)
Example:
AD group FTP1: Full access to all folders
AD Group FTP2: Full access to this folder, only read to other folders
AD Group FTP3: Only read access to selected folders
etc...
sgatke
 
posts 3
 
joined Wed Oct 24, 2012 8:09 am

Re: Restrict Access by AD Groups

Postby manair » Thu Nov 01, 2012 8:23 pm

sgatke wrote:Polaradmin, did you find a solution for your needs?
We have implemented a solution where only AD users which are members of a specific AD Group, have access to the FTP Server. It took some fiddling with LDAP but we finally succeeded. Let me know if you need help.


We have also managed to configure so only users in a certain group can login by manipulating the user filter on the LDAP settings.

Code: Select all
(&(objectClass=user)(sAMAccountName=%s)(memberOf=CN=FTP Users,OU=Mybusiness,DC=mydomain.local,DC=com))


sgatke wrote:Now, if there was a way to assign different rights to different domain groups, THAT would be nice :-)
Example:
AD group FTP1: Full access to all folders
AD Group FTP2: Full access to this folder, only read to other folders
AD Group FTP3: Only read access to selected folders
etc...


This should be possible by creating one local wingftp account per AD Group (with relevant directory and rights set) and then map the AD group to the local user. We had this intermittently working, but a bug in wingftp prevents users group membership being enumerated correctly.

The author has acknowledged the bug and will "consider" fixing it in a future version. This one issue is causing us to regret purchasing this product.
manair
 
posts 2
 
joined Thu Nov 01, 2012 8:05 pm


Return to Support

Who is online

Users browsing this forum: Yahoo [Bot] and 3 guests

cron