Please note that there is no official support from the author for
freeSSHd or freeFTPd. You should not expect to receive response on messages
posted here.
| Forums -> freeFTPd - General -> Solved: Access Denied on 2003 Domain Controller |
|
Reply |
New topic
|
| |
zulu
Newcomer
|
|
22-12-2007 03:52 |
This is a solution to a problem
Problem:
Logging in a domain user to a domain controller via either FTP or SFTP using NT authentication when that user does not have Administrator privileges results in "Access Denied" in the FTP client (such as FileZilla).
This happens when freeFTPd is running as either a service or a local process. The login is actually successful as can be seen in the NT Security Event Log, but the user cannot do anything and so is disconnected from the (freeFTPd) server side.
Solution:
The "Allow log on locally" privilege (SeInteractiveLogonRight) needs to be granted for the user or a group the user belongs to (I created a Domain Local group "FTP Users").
Steps:
1. Run the Domain Controller Security Policy utility from Administrative Tools in the Control Panel.
2. Go to Security Settings -> Local Policies -> User Rights Assignment.
3. In the right pane, double-click Allow log on locally.
4. Ensure the Define these policy settings checkbox is ON.
5. Hit the Add User or Group... button.
6. Type in the user name or group name exactly. No name checking is done here. I recommend using a group (see Solution above).
7. Hit the OK button.
8. Bring up the Event Viewer and point to Security.
9. It will take about two minutes for a new Policy Change entry to appear (hit F5 to refresh once in a while). The entry description will contain these:
Access Granted: SeInteractiveLogonRight
Account Modified: YOURDOMAIN\YOURGROUP
10. At that point, the user (or group) will be able to log in via FTP/SFTP.
Epilogue:
Please post your experiences to this thread. I spent a lot of time searching freeFTPd, freeSSHd, and Google without finding a usable answer -- thus this post.
I hope this helps somebody.
Cheers,
Z.
|
| Reply with quote |
| |
benj
Newcomer
|
|
15-01-2008 15:44 |
|
|
| Reply with quote |
| |
|
| |
zulu
Newcomer
|
|
14-03-2008 21:24 |
|
|
| Reply with quote |
| |
Nicole
Anonymous
|
|
06-01-2009 16:45 |
Quote:
This is a solution to a problem
Problem:
Logging in a domain user to a domain controller via either FTP or SFTP using NT authentication when that user does not have Administrator privileges results in "Access Denied" in the FTP client (such as FileZilla).
This happens when freeFTPd is running as either a service or a local process. The login is actually successful as can be seen in the NT Security Event Log, but the user cannot do anything and so is disconnected from the (freeFTPd) server side.
Solution:
The "Allow log on locally" privilege (SeInteractiveLogonRight) needs to be granted for the user or a group the user belongs to (I created a Domain Local group "FTP Users").
Steps:
1. Run the Domain Controller Security Policy utility from Administrative Tools in the Control Panel.
2. Go to Security Settings -> Local Policies -> User Rights Assignment.
3. In the right pane, double-click Allow log on locally.
4. Ensure the Define these policy settings checkbox is ON.
5. Hit the Add User or Group... button.
6. Type in the user name or group name exactly. No name checking is done here. I recommend using a group (see Solution above).
7. Hit the OK button.
8. Bring up the Event Viewer and point to Security.
9. It will take about two minutes for a new Policy Change entry to appear (hit F5 to refresh once in a while). The entry description will contain these:
Access Granted: SeInteractiveLogonRight
Account Modified: YOURDOMAIN\YOURGROUP
10. At that point, the user (or group) will be able to log in via FTP/SFTP.
Epilogue:
Please post your experiences to this thread. I spent a lot of time searching freeFTPd, freeSSHd, and Google without finding a usable answer -- thus this post.
I hope this helps somebody.
Cheers,
Z.
I'm having the same issue, but the fix does not seem to work for me. I have the SFTP server running on an SBS 2003 DC for the moment. I can logon with a user and a SHA1 hash password, but I can not connect using NT authentication. I added Domain Users to log on locally and access this computer from the network. Still no luck. Suggestions? |
| Reply with quote |
| |
|
|
