Restrict Access by AD Groups
-
- Posts: 1
- Joined: Tue Jun 26, 2012 9:28 pm
Restrict Access by AD Groups
I just purchased wingftp and I have it implemented so far. I am using windows authentication, and allowing users to log in that way. However, currently, everyone on the domain is able to log in. Is there a way that I can create a security group to allow only members to be able to log in? I saw the add AD users mapping, however, that does not appear to be working. I have added a couple of users in there in this format `username:username_local`. Is this possible?
-
- Site Admin
- Posts: 2084
- Joined: Tue Sep 29, 2009 6:09 am
Re: Restrict Access by AD Groups
First, mapping AD user to local user can't restrict access, maybe you should setup a empty default folder with no permission, and map the allowed AD users to the specified local user.
-
- Posts: 3
- Joined: Wed Oct 24, 2012 8:09 am
Re: Restrict Access by AD Groups
Polaradmin, did you find a solution for your needs?
We have implemented a solution where only AD users which are members of a specific AD Group, have access to the FTP Server. It took some fiddling with LDAP but we finally succeeded. Let me know if you need help.
Now, if there was a way to assign different rights to different domain groups, THAT would be nice :-)
Example:
AD group FTP1: Full access to all folders
AD Group FTP2: Full access to this folder, only read to other folders
AD Group FTP3: Only read access to selected folders
etc...
We have implemented a solution where only AD users which are members of a specific AD Group, have access to the FTP Server. It took some fiddling with LDAP but we finally succeeded. Let me know if you need help.
Now, if there was a way to assign different rights to different domain groups, THAT would be nice :-)
Example:
AD group FTP1: Full access to all folders
AD Group FTP2: Full access to this folder, only read to other folders
AD Group FTP3: Only read access to selected folders
etc...
-
- Posts: 10
- Joined: Thu Nov 01, 2012 8:05 pm
Re: Restrict Access by AD Groups
We have also managed to configure so only users in a certain group can login by manipulating the user filter on the LDAP settings.sgatke wrote:Polaradmin, did you find a solution for your needs?
We have implemented a solution where only AD users which are members of a specific AD Group, have access to the FTP Server. It took some fiddling with LDAP but we finally succeeded. Let me know if you need help.
Code: Select all
(&(objectClass=user)(sAMAccountName=%s)(memberOf=CN=FTP Users,OU=Mybusiness,DC=mydomain.local,DC=com))
This should be possible by creating one local wingftp account per AD Group (with relevant directory and rights set) and then map the AD group to the local user. We had this intermittently working, but a bug in wingftp prevents users group membership being enumerated correctly.sgatke wrote: Now, if there was a way to assign different rights to different domain groups, THAT would be nice :-)
Example:
AD group FTP1: Full access to all folders
AD Group FTP2: Full access to this folder, only read to other folders
AD Group FTP3: Only read access to selected folders
etc...
The author has acknowledged the bug and will "consider" fixing it in a future version. This one issue is causing us to regret purchasing this product.
-
- Posts: 2
- Joined: Wed Sep 27, 2017 5:19 pm
Re: Restrict Access by AD Groups
Hi guys,
Hopefully someone can still shed some light on this post as I know it's pretty old.
I am trying to see if I can have both LDAP working but also let people outside of the domain to have the ability to log into our FTP folder.
Is it possible or it's pretty much LDAP or nothing?
Hopefully someone can still shed some light on this post as I know it's pretty old.
I am trying to see if I can have both LDAP working but also let people outside of the domain to have the ability to log into our FTP folder.
Is it possible or it's pretty much LDAP or nothing?