Active Directory

[JohanH]

Hi,

I activated the Active Directory auth for our domain.

The domain "administrator" account can log in, but other domain users can't..

Ideas?

[FTP]

Please make sure you are using the latest version 3.8.0, then please paste the related server logs.

[JohanH]

I am using 3.8.0

The 10:28:38 och 10:28:43 logins for administrator failed because I temporarily disabled the active directory function in WFTP just to check if it had connection with the AD, which it seems to have (as the administrator can log in after activating again)



06] Thu, 21 Apr 2011 10:21:15 (0000002) User 'administrator' logged out. (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:21:51 (0000000) User 'c2' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:22:31 (0000000) User 'c117' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:28:13 (0000003) User 'administrator' logged in ok! (IP:192.168.39.137)
[05] Thu, 21 Apr 2011 10:28:14 (0000003) List ok
[06] Thu, 21 Apr 2011 10:28:19 (0000003) User 'administrator' logged out. (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:28:38 (0000000) User 'administrator' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:28:43 (0000000) User 'administrator' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:28:58 (0000004) User 'administrator' logged in ok! (IP:192.168.39.137)
[05] Thu, 21 Apr 2011 10:28:58 (0000004) List ok
[06] Thu, 21 Apr 2011 10:29:02 (0000004) User 'administrator' logged out. (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:29:50 (0000000) User 'test' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:30:58 (0000000) User 'test' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:32:35 (0000005) User 'administrator' logged in ok! (IP:192.168.39.137)
[05] Thu, 21 Apr 2011 10:32:35 (0000005) List ok
[06] Thu, 21 Apr 2011 10:32:39 (0000005) User 'administrator' logged out. (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:32:42 (0000000) User 'test' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:49:04 (0000000) User 'test' login failed! (IP:192.168.39.137)

[FTP]

Please check the logs in Windows AD server too, I guess user "administrator" is your local computer user, not AD user. Just check whether you have connected to the Windows AD server.

[JohanH]

Ok, that could be right (local administrator).

I've set the parameter "Domain" to my domain name, at set a default home dir.

Shouldn't that be all? The server running Wing FTP is a memberserver of the domain (not a domain controller)

Or do I have to specify a domain controller?

[FTP]

Have you used Windows AD server before? Connected to your Windows AD server successfully before?
The domain name is not important, the important thing is you need to join the Windows AD domain from your local computer, like this:
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc_5.1/am51_webinstall78.htm

[JohanH]

The computer running Wing FTP is an server, running Windows Server 2003.
This server is a member of the domain trenter.net, eg it's installed as an member server in an AD domain.
The trenter.net domain also consists of a few other servers, where 2 of thoose are the domain controllers.

[FTP]

Just make sure you can connect to the Windows AD server successfully, then you can use the AD authentication.

[JohanH]

The AD is of course working as it should. The administrator account used to log on to the server is an domain administrator account, stored in the AD. There is also an local administrator account (as usual), that happens to have the same password as the domain account.

There must be something wrong with Wing FTP, if it's asking the local computer for the logins, rather than the AD (domain controllers) where all the domain accounts are stored.

[JohanH]

Just for you info, we have other products that uses the AD for auth also, working as it should.

But I'm a bit confused, as the other products need more info that just the domain name.

For example, our Watchguard firewall needs the actual IP-adress to one of the domain controllers, along with TCP port 389, searchbase "dc=trenter,dc=lan", group string "member of" and some other parameters to do the auth.
There is also an backup setting for the AD auth, where I have the IP adress for our second domain controller...

Is Wing FTP asking the AD (=domain controllers) for the username, or is it just a simple windows auth for accounts stored in the local computer where Wing FTP is installed?