1 Reply Latest reply on Nov 29, 2017 5:33 PM by dodster

    Allow access for a Security Group only

    gafoorgk

      Dear All,

       

      We just installed Serv-U MFT in our network. Enabled Windows Users login. Everything works. But would like to have more and looking for help here

       

      Current configuration

      • Created new domain called 'abc.com'
      • Enable Windows authentication: Checked
      • User Windows User Group home directory instead of account home directory: Checked
      • Windows Domain Name: abc.com
      • Windows User Group home directory: D:\FileShareData
      • Created a Security Group in AD as 'MFT Users' and added User1 & User2 as members
      • 'ABC\MFT Uses' is given Modify permission in D:\FileShareData
      • User1 & User2 are now able to login to File Sharing Web Client portal
      • User3 & User4 are not able to login with an error shown in Log saying they don't have access to D:\FileShareData
      • Created a Serv-U local user account as 'Admin' and given System Administrator privilege

       

      What more I would like to have

      • I want members of a particular AD Security Group to have System Administrator privilege
      • I want only members of a particular AD Security Group to be able to login to Serv-U MFT web console even after giving group home directory as D:\FileShareData\%USER%
      • I am not sure what I did in Current Configuration is the right way of doing things. If not, please advice. Though I got support agreement, I would like to try things myself before calling for help
      • I want to change the web console look and feel to match company standard color scheme and font
      • Though I bought license for Serv-U Gateway as well, I would like to have my F5 box to provide reverse proxy service, if possible. Confirm please.

       

      Thank you

        • Re: Allow access for a Security Group only
          dodster

          Hi There

          I found that Windows Authentication method can only Map to the connected AD OU level

          If your users are in different OU's, you may need to replicate the AD structure in the Windows groups area of MFT and assign application permissions  to the  application groups you created

           

          My Users are all in the same OU and I found that the users were able to log in to the web console, but then due to permissions on the folder structure in MFT they were then denied.

           

          This did not meet my org security, so I needed to go down the LDAP path and replicate my OU and group structure to assign permissions via the MFT App

          Then I had to replicate the AD OU structure of my domain to the Users OU in order for my test users to log in

          I then took the next step to replicate my AD user groups in the servu application so that only the users in these groups gained access to serv-u

          Very clunky way of integration but made it work to requirements.

           

          Re the customization of the web interface, you can set this in Limits and settings\Custom HTML of your domain

          If you run Windows there are some custom HTML samples in

          Install Directory\Serv-U\Custom HTML Samples

           

          I copied one and customized the Header, logo, etc

           

          We have used Citrix netscaler as load balancer\reverse proxy

          User connects to HTTPS - converts to HTTP at backend

           

          Have a look at my Call "MULTIPLE FTP DOMAINS WITH SEPERATE HOME DRIVES AND ACCESS VIA ACTIVE DIRECTORY GROUPS"

          Hope this helps