Page 1 of 1

Restrict Access by AD Groups

Posted: Tue Jun 26, 2012 9:33 pm
by polaradmin
I just purchased wingftp and I have it implemented so far. I am using windows authentication, and allowing users to log in that way. However, currently, everyone on the domain is able to log in. Is there a way that I can create a security group to allow only members to be able to log in? I saw the add AD users mapping, however, that does not appear to be working. I have added a couple of users in there in this format `username:username_local`. Is this possible?

Re: Restrict Access by AD Groups

Posted: Wed Jun 27, 2012 2:45 pm
by FTP
First, mapping AD user to local user can't restrict access, maybe you should setup a empty default folder with no permission, and map the allowed AD users to the specified local user.

Re: Restrict Access by AD Groups

Posted: Wed Oct 24, 2012 8:29 am
by sgatke
Polaradmin, did you find a solution for your needs?
We have implemented a solution where only AD users which are members of a specific AD Group, have access to the FTP Server. It took some fiddling with LDAP but we finally succeeded. Let me know if you need help.

Now, if there was a way to assign different rights to different domain groups, THAT would be nice :-)
Example:
AD group FTP1: Full access to all folders
AD Group FTP2: Full access to this folder, only read to other folders
AD Group FTP3: Only read access to selected folders
etc...

Re: Restrict Access by AD Groups

Posted: Thu Nov 01, 2012 8:23 pm
by manair
sgatke wrote:Polaradmin, did you find a solution for your needs?
We have implemented a solution where only AD users which are members of a specific AD Group, have access to the FTP Server. It took some fiddling with LDAP but we finally succeeded. Let me know if you need help.
We have also managed to configure so only users in a certain group can login by manipulating the user filter on the LDAP settings.

Code: Select all

(&(objectClass=user)(sAMAccountName=%s)(memberOf=CN=FTP Users,OU=Mybusiness,DC=mydomain.local,DC=com))
sgatke wrote: Now, if there was a way to assign different rights to different domain groups, THAT would be nice :-)
Example:
AD group FTP1: Full access to all folders
AD Group FTP2: Full access to this folder, only read to other folders
AD Group FTP3: Only read access to selected folders
etc...
This should be possible by creating one local wingftp account per AD Group (with relevant directory and rights set) and then map the AD group to the local user. We had this intermittently working, but a bug in wingftp prevents users group membership being enumerated correctly.

The author has acknowledged the bug and will "consider" fixing it in a future version. This one issue is causing us to regret purchasing this product.

Re: Restrict Access by AD Groups

Posted: Wed Sep 27, 2017 5:49 pm
by hasayeretFMG
Hi guys,

Hopefully someone can still shed some light on this post as I know it's pretty old.
I am trying to see if I can have both LDAP working but also let people outside of the domain to have the ability to log into our FTP folder.
Is it possible or it's pretty much LDAP or nothing?