cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 10

Multiple FTP domains with seperate Home drives and access via Active directory groups

Jump to solution

Hi All

My Org has Just sourced Servu- MFT and I have been tasked with set up

My org want to be a able to create multiple FTP domains for different customers and each doamin would have its own storage

We also wish to enable AD integration

I would like to have each client user access the appropriated FTP domain based on AD groups, is this even possible

based on my reasearch to date, Serv-u can enable access based on AD OU however all my orgs users are in a single OU

Challenges, but can anyone advise or assit?

thanks

1 Solution
Level 10

Closing the loop

I now have the following configuration working on 1 Serv-u MFT server

2 MFT Domains each with their own separately defined Home drive location on local disk

Both Domains are LDAP Authenticated via an AD MFT service account to a Window AD server with the same Base DN: OU=USERLocation,DC=something,DC=com

I have replicated My OU and group structure in serv-U LDAP Groups to define the AD groups that I wish to provide access to MFT. Users are members of these groups, each group has a defined Home directory %DOMAIN_HOME%\Directory1, etc and appropriate directory access.

Allowed users to browse out of home drive, but ensured no directory access outside of the home drives

Domain1 - default domain Port 80 (Listner)

Domain 2 - initaly defined with the same listner, once domain setup completed, deleted the listners then set up Virtual host domain2.something.com

Virtual Hosts In Serv-U

configured my host file with the ip of the server to domain2.something.com

Placed user into the groups and tested

user1 - member of group 1, accessed directory1 only

user2 - member of group1 and group2, was placed in direcory1 , but was able to browse up and to directory 2

View solution in original post

3 Replies
Level 10

Closing the loop

I now have the following configuration working on 1 Serv-u MFT server

2 MFT Domains each with their own separately defined Home drive location on local disk

Both Domains are LDAP Authenticated via an AD MFT service account to a Window AD server with the same Base DN: OU=USERLocation,DC=something,DC=com

I have replicated My OU and group structure in serv-U LDAP Groups to define the AD groups that I wish to provide access to MFT. Users are members of these groups, each group has a defined Home directory %DOMAIN_HOME%\Directory1, etc and appropriate directory access.

Allowed users to browse out of home drive, but ensured no directory access outside of the home drives

Domain1 - default domain Port 80 (Listner)

Domain 2 - initaly defined with the same listner, once domain setup completed, deleted the listners then set up Virtual host domain2.something.com

Virtual Hosts In Serv-U

configured my host file with the ip of the server to domain2.something.com

Placed user into the groups and tested

user1 - member of group 1, accessed directory1 only

user2 - member of group1 and group2, was placed in direcory1 , but was able to browse up and to directory 2

View solution in original post

I should have added my test users were able to access both MFT domains and upload file as per the directory access I set

Level 10

Here is what I have done and tested so far:

I created 2 SFTP domains, each one has been configured to listen on the same port, and I have seperate Virtual Hosts to distingush between the domains. So that when I need the user to connect to seperate domain the format is Domain1|Userid.

Domain1 is Windows (Ad) Authenticated and Local users

replicated my OU structure so that my users only in the configured OU gain access, but given %90 users are in this ou, all users in the OU gain access.

Domain2 is Local Users and LDAP Authenticated to my primary Windows Server, with a dedicated service account

Storage for the domain is seperated from Domain1

Replicated my OU structure to the AD group that I am granting access

Only granted rights to storage to that level of my structure, other groups have no access

As tested users that are not in the group can login but can't create or drop files, users in the groaup can create, modify and drop files

LDAP was a little tricky to configure and get a user to login succusfully, Having ldp.exe so that I can query the LDAP structure was usfull ands well as the domain activity logs

Almost to where I want to be, few more things to try, to see if I can achieve my brief

0 Kudos