FTP SSL and User Isolation all at once...

-
For a while now I've had a nice FTP server running on IIS 7 with User Isolation setup so that sub folders of LocalUser are isolated per user. Nice little feature.

We recently had a third party require FTP access. "Easy" I thought and made a new account and folder on the FTP server and gave the third party the details. Fine they said, although this isn't SSL. 

Ah said I. And simply put our wildcard cert on the server and enabled SSL binding the added cert. Nope, things looked ok from my FileZilla client however directory listings were failing when using SSL.

I was using explicit mode and I was able to connect and log into the FTP site but getting my home folder always failed with a timeout. After A LOT of messing around and Googling. I found this page...

http://geekswithblogs.net/QuandaryPhase/archive/2013/01/29/configuring-ftp-over-tls-in-iis-with-user-isolation.aspx

Which says you can do what I want!

This was the only page I found which actually was trying to do this!

What I found was that by starting all over again and enabling SSL in the FTP Site Wizard at the get go, things worked flawlessly.

I've no idea why my original FTP site was unable to work - I just made a new FTP site on a different port, this time with SSL enabled using the wizard, pointed this new FTP site at my old folders and once created I enabled FTP User Isolation.

 I tested both SSL and plain FTP to the new site. Both worked as expected. Then stopped the old site and change the port of the new.

Go figure.

It must be that something was one my old FTP site which just refused to work or that enabling SSL BEFORE enabling User Isolation is the way to go. Either way I thought you might like to know. #

Have a good weekend.

Comments

Post a Comment

Popular posts from this blog

PXE booting, MDT and 802.1x

-
Image
Oh dear. We implemented site wide 802.1x when we moved. This has caused numerous issues which we are still tracking down and killing with fire. Again "only-when-we-needed-it" struck as we had a new starter and need to build a machine. Ah.   No PXE.  However thankfully we were able to make a bootable USB using 802.1x and get our build working again from MDT in our 802.1 environment. Here's how we did it.   Caveats:  I'm assuming you know MDT and how PXE works. We use Computer certificates as the 8021x auth method. 802.1x is working in our environment GPO is used to start the wired 802.1x service on built machines. GPO is used to configure the network profile to use 802.1x What you need Get a USB stick to take your WinPE 4GB may be enough Make sure you are running an up to date working MDT installation! Create a machine certificate which has a long expiry date, you don't want to be making USB WinPE images every month!! Export the machine
Read more

Intune installation requires a wire...or does it?

-
If you are using Intune (great!) it assumes you have a wired connection (not great) - this is more of an issue as some machine now no longer have built in ethernet ports. It is possible to connect to your wireless - albeit in a slightly awkward way.....here's how During the OOBE hit SHIFT+F10 to get a command window and type either; start ms-settings: To get the settings window or start ms-availablenetworks: To see the network fly outs. Thanks to  Using a wireless network connection with Windows Autopilot white glove – Out of Office Hours (oofhours.com)
Read more

Powershell VPN connections - PEAP with MSCHAPv2

-
Messing around with VPNs last week I found that it is easier (sometimes) to have a one liner for VPN creation! Here's how I make a PEAP\MSChapV2 VPN profile...using the users Windows creds! Change ServerAddress, DnsSuffix and choose a better L2tpPsk!! $a = New-EapConfiguration -UseWinlogonCredential $b = New-EapConfiguration -Peap -TunnledEapAuthMethod $a.EapConfigXmlStream Add-VpnConnection -Name "VPN (SSL)" -ServerAddress vpn.fqdn.com -AuthenticationMethod Eap -DnsSuffix my.domain.com -EapConfigXmlStream $b.EapConfigXmlStream -EncryptionLevel Maximum -Force -RememberCredential -AllUserConnection -TunnelType Sstp Add-VpnConnection -Name "VPN (L2TP)" -ServerAddress vpn.fqdn.com -AuthenticationMethod Eap -DnsSuffix my.domain.com -EapConfigXmlStream $b.EapConfigXmlStream -EncryptionLevel Maximum -Force -RememberCredential -AllUserConnection -TunnelType L2tp -L2tpPsk "shared secret key"
Read more