Restrict Access by AD Groups

Please post here if you have problems in using Wing FTP Server.
Post Reply
polaradmin
Posts: 1
Joined: Tue Jun 26, 2012 9:28 pm

Restrict Access by AD Groups

Post by polaradmin »

I just purchased wingftp and I have it implemented so far. I am using windows authentication, and allowing users to log in that way. However, currently, everyone on the domain is able to log in. Is there a way that I can create a security group to allow only members to be able to log in? I saw the add AD users mapping, however, that does not appear to be working. I have added a couple of users in there in this format `username:username_local`. Is this possible?
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: Restrict Access by AD Groups

Post by FTP »

First, mapping AD user to local user can't restrict access, maybe you should setup a empty default folder with no permission, and map the allowed AD users to the specified local user.
sgatke
Posts: 3
Joined: Wed Oct 24, 2012 8:09 am

Re: Restrict Access by AD Groups

Post by sgatke »

Polaradmin, did you find a solution for your needs?
We have implemented a solution where only AD users which are members of a specific AD Group, have access to the FTP Server. It took some fiddling with LDAP but we finally succeeded. Let me know if you need help.

Now, if there was a way to assign different rights to different domain groups, THAT would be nice :-)
Example:
AD group FTP1: Full access to all folders
AD Group FTP2: Full access to this folder, only read to other folders
AD Group FTP3: Only read access to selected folders
etc...
manair
Posts: 10
Joined: Thu Nov 01, 2012 8:05 pm

Re: Restrict Access by AD Groups

Post by manair »

sgatke wrote:Polaradmin, did you find a solution for your needs?
We have implemented a solution where only AD users which are members of a specific AD Group, have access to the FTP Server. It took some fiddling with LDAP but we finally succeeded. Let me know if you need help.
We have also managed to configure so only users in a certain group can login by manipulating the user filter on the LDAP settings.

Code: Select all

(&(objectClass=user)(sAMAccountName=%s)(memberOf=CN=FTP Users,OU=Mybusiness,DC=mydomain.local,DC=com))
sgatke wrote: Now, if there was a way to assign different rights to different domain groups, THAT would be nice :-)
Example:
AD group FTP1: Full access to all folders
AD Group FTP2: Full access to this folder, only read to other folders
AD Group FTP3: Only read access to selected folders
etc...
This should be possible by creating one local wingftp account per AD Group (with relevant directory and rights set) and then map the AD group to the local user. We had this intermittently working, but a bug in wingftp prevents users group membership being enumerated correctly.

The author has acknowledged the bug and will "consider" fixing it in a future version. This one issue is causing us to regret purchasing this product.
hasayeretFMG
Posts: 2
Joined: Wed Sep 27, 2017 5:19 pm

Re: Restrict Access by AD Groups

Post by hasayeretFMG »

Hi guys,

Hopefully someone can still shed some light on this post as I know it's pretty old.
I am trying to see if I can have both LDAP working but also let people outside of the domain to have the ability to log into our FTP folder.
Is it possible or it's pretty much LDAP or nothing?
Post Reply