Navigation:  Domain > Domain Settings >

Authentication Settings

Previous pageReturn to chapter overviewNext page

Wing FTP Server supports the several database types for authenticating users: XML files, ODBC database, Mysql database, Windows Authentication(NTLM or Active Directory) and LDAP.

 

 

Storage Way

    store-way

XML:                Store your user/group data in xml files.

ODBC:                Store your user/group data in ODBC database.

Mysql:                Store your user/group data in Mysql database.

 

Note: The server will automatically create all of the database schemas for the first time. If you use Mysql, please create a mysql database first, the default database name is "wftp_database".

 

 

 

ODBC setting  

    odbc

It is very easy to create an ODBC source, just enter the Data Source Name (DSN), Username, and Password.

When everything is ok, user/group data can be stored via most of all popular database softwares which have an ODBC driver.

 

 

Mysql setting

    mysql

If your database system is Mysql,  we suggest you use "Mysql" instead of "ODBC", because it can connect to Mysql database directly through C API, thus faster than "ODBC".

 

You need to create a mysql database "wftp_database" for the first time.

 

You need to fill the field "UnixSocket" if you are using Linux/Unix system. Otherwise, just keep it empty.

 

 

 

 

Windows Authentication

 

      windows-auth

     

 

Wing FTP Server can handle Windows NTLM or Windows Active Directory authentication automatically without the need to manually import users or sync user data.

 

If you enable "Windows Authentication", you can specify a global home directory for the AD account. And if you want each AD account to have its own home directory, please enable check box "Create a folder under global home using the login name for each user".

 

If you want to have more control to AD account like a local user of WingFTP, you can map the AD account to a local user. First create a local user at "Domains->Users->Add User", then click the button "Add AD Users Mapping" as shown in the above picture, input a new line in the format of "ADUserName:LocalUserName"(AD username and Local username is separated by colon). Make sure that one line only has one mapping item.

 

    windows-auth-mapping

 

 

NOTE:

1) Domain Name

   A string that specifies the name of the domain or server whose account database contains the AD account. If this field is empty, the user name must be specified in user principal name(UPN) format, user@DNS_domain_name. Otherwise, you can login just with user.

 

2) Map the AD account to local

   For example:

   AD user name: Jack@domain.com

          password: ad_password

 

   Local user name: Jack_Local

          password: local_password

 

   After the mapping, you can login the server with Jack@domain.com/ad_password or Jack_Local/local_password. If you login with Jack@domain.com/ad_password, the Jack@domain.com will have all the functions belong to the Jack_Local like virtual directories, group memberships, permissions and other settings.

 

   WingFTP user authenticate sequence:

   1) User "BOB" login with password "BOB2010".

   2) Check the local user account to see if there is a account called "BOB".

       2-1) if it exists, further check the local password. If password is correct, your login is successful. Otherwise, login has failed.

       2-2) if the account does not exist, do AD authentication.

            2-2-1) After completing the AD authentication, check if BOB has been mapped to a local user.

                  2-2-1-1) If "BOB" is mapped to a local user named "Local_BOB", then it will get all the attributes of "Local_BOB".

                  2-2-1-2) If there is no mapping for "BOB", take the AD authentication "Default Home Dir" as its home directory.

           2-2-2) If the AD authentication fails, the login fails too.

 

 

 

 

 

LDAP Authentication

 

ldap-auth

Wing FTP Server supports using a LDAP(or LDAPS) database for authenticating users, we have test it successfully with OpenLDAP and Microsoft's Active Directory.

 

When you enable the option "LDAP Authentication", you need to provide the following information:

 

Host:                the IP address or domain name of the LDAP server.

Port:                the port number of the LDAP server, the default value is 389 (if you use Microsoft's Active Directory, please use the port 3268).

Base DN:        the base domain name of search starting point. The DN string would usually be "dc=xxxx,dc=com".

 

User Filter:        the filter to find the object for authenticating users. The special characters '%s' in the filter string will be replaced with the real username.                

Wing FTP Server uses default filter "(&(objectClass=posixAccount)(uid=%s))" for OpenLDAP. Or if you use Microsoft's Active Directory, the filter string would ususlly be "(&(objectClass=user)(sAMAccountName=%s))".

 

LDAP version:        the version of LDAP server will be 3 in normal case.

Use SSL/TLS connection: you can enable it if the LDAP server supports SSL/TLS connection.

 

Bind DN:         the LDAP distinguished name string for simple authentication, e.g. "cn=manager,dc=example,dc=com".

Bind Password: the password to bind the previous DN.

 

 

Note1: The LDAP database (except Windows Active Directory) must have an attribute 'userPassword' (RFC 3112), and the attribute 'userPassword' must be accessible. The following password format is supported: plain text, {crypt},  {md5},  {sha},  {smd5}, {ssha}

Note2: The username in the LDAP database cannot contain some special characters: '%', '*', '?', ',', ''', '"'. For security purposes.

 

You need to specify a global home directory for the LDAP account. And if you want each LDAP account to have its own home directory, please enable check box "Create a folder under global home using the login name for each user":

 

ldap-auth2

 

If you want to have more control to LDAP account like a local user of WingFTP, you can map the LDAP account to a local user. First create a local user at "Domains->Users->Add User", then click the button "Add LDAP Users Mapping" as shown in the above picture, input a new line in the format of "LDAPUser:LocalUser"(LDAP username and Local username is separated by colon). Make sure that one line only has one mapping item.

ldap-mapping

Map the LDAP account to the local account

   For example:

   LDAP username: Jack

          password: ldap_password

 

   Local username: Jack_local

          password: local_password

 

   After the mapping, you can login the server with Jack/ldap_password or Jack_Local/local_password. Then LDAP user "Jack" will have all the functions belong to the "Jack_Local" like virtual directories, group memberships, permissions and other settings.

 

   WingFTP user authenticate sequence:

   1) User "JOE" login with password "JOE2010".

   2) Check the local user account to see if there is a account called "JOE".

       2-1) if it exists, further check the local password. If password is correct, your login is successful. Otherwise, login has failed.

       2-2) if the account does not exist, do LDAP authentication.

            2-2-1) After completing the LDAP authentication, check if "JOE" has been mapped to a local user.

                  2-2-1-1) If "JOE" is mapped to a local user named "Local_JOE", then it will get all the attributes of "Local_JOE".

                  2-2-1-2) If there is no mapping for "JOE", take the LDAP authentication "Default Home Dir" as its home directory.

           2-2-2) If the LDAP authentication fails, the login fails too.

 

 

You can also map LDAP group to local user by clicking the button "Map LDAP group to local user", input a new line in the format of "LDAPGroup:LocalUser"(LDAP group name and Local username is separated by colon), then all the LDAP users belong to this LDAP group can have local user's permissions.

ldap-group-mapping