freeSSHd and freeFTPd

Remember me Registration (Optional)

Please note that there is no official support from the author for freeSSHd or freeFTPd. You should not expect to receive response on messages posted here.

Forums -> freeFTPd - General -> Solved: Access Denied on 2003 Domain Controller
Reply | New topic

zulu
Newcomer
          
Solved: Access Denied on 2003 Domain Controller 22-12-2007 03:52
This is a solution to a problem

Problem:
Logging in a domain user to a domain controller via either FTP or SFTP using NT authentication when that user does not have Administrator privileges results in "Access Denied" in the FTP client (such as FileZilla).

This happens when freeFTPd is running as either a service or a local process. The login is actually successful as can be seen in the NT Security Event Log, but the user cannot do anything and so is disconnected from the (freeFTPd) server side.

Solution:
The "Allow log on locally" privilege (SeInteractiveLogonRight) needs to be granted for the user or a group the user belongs to (I created a Domain Local group "FTP Users").

Steps:
1. Run the Domain Controller Security Policy utility from Administrative Tools in the Control Panel.

2. Go to Security Settings -> Local Policies -> User Rights Assignment.

3. In the right pane, double-click Allow log on locally.

4. Ensure the Define these policy settings checkbox is ON.

5. Hit the Add User or Group... button.

6. Type in the user name or group name exactly. No name checking is done here. I recommend using a group (see Solution above).

7. Hit the OK button.

8. Bring up the Event Viewer and point to Security.

9. It will take about two minutes for a new Policy Change entry to appear (hit F5 to refresh once in a while). The entry description will contain these:

Access Granted: SeInteractiveLogonRight
Account Modified: YOURDOMAIN\YOURGROUP

10. At that point, the user (or group) will be able to log in via FTP/SFTP.

Epilogue:
Please post your experiences to this thread. I spent a lot of time searching freeFTPd, freeSSHd, and Google without finding a usable answer -- thus this post.

I hope this helps somebody.

Cheers,
Z.

Reply with quote

benj
Newcomer
          
Re: Solved: Access Denied on 2003 Domain Controlle 15-01-2008 15:44
I ran into the same problem when I first tried to use FreeFTPD. I wrote about it here:

http://www.freeftpd.com/index.php?ctt=forum&action=view&topic=1128786575
Reply with quote

zulu
Newcomer
          
Re: Solved: Access Denied on 2003 Domain Controlle 14-03-2008 21:24
Quote:
I ran into the same problem when I first tried to use FreeFTPD. I wrote about it here:
http://www.freeftpd.com/index.php?ctt=forum&action=view&topic=1128786575


I missed your post because I was fixated on "Access Denied" as a search term. My bad.

Cheers,
Z.
Reply with quote

Nicole

Anonymous
          
Re: Solved: Access Denied on 2003 Domain Controlle 06-01-2009 16:45
Quote:
This is a solution to a problem

Problem:
Logging in a domain user to a domain controller via either FTP or SFTP using NT authentication when that user does not have Administrator privileges results in "Access Denied" in the FTP client (such as FileZilla).

This happens when freeFTPd is running as either a service or a local process. The login is actually successful as can be seen in the NT Security Event Log, but the user cannot do anything and so is disconnected from the (freeFTPd) server side.

Solution:
The "Allow log on locally" privilege (SeInteractiveLogonRight) needs to be granted for the user or a group the user belongs to (I created a Domain Local group "FTP Users").

Steps:
1. Run the Domain Controller Security Policy utility from Administrative Tools in the Control Panel.

2. Go to Security Settings -> Local Policies -> User Rights Assignment.

3. In the right pane, double-click Allow log on locally.

4. Ensure the Define these policy settings checkbox is ON.

5. Hit the Add User or Group... button.

6. Type in the user name or group name exactly. No name checking is done here. I recommend using a group (see Solution above).

7. Hit the OK button.

8. Bring up the Event Viewer and point to Security.

9. It will take about two minutes for a new Policy Change entry to appear (hit F5 to refresh once in a while). The entry description will contain these:

Access Granted: SeInteractiveLogonRight
Account Modified: YOURDOMAIN\YOURGROUP

10. At that point, the user (or group) will be able to log in via FTP/SFTP.

Epilogue:
Please post your experiences to this thread. I spent a lot of time searching freeFTPd, freeSSHd, and Google without finding a usable answer -- thus this post.

I hope this helps somebody.

Cheers,
Z.




I'm having the same issue, but the fix does not seem to work for me. I have the SFTP server running on an SBS 2003 DC for the moment. I can logon with a user and a SHA1 hash password, but I can not connect using NT authentication.

I added Domain Users to log on locally and access this computer from the network. Still no luck.

Suggestions?
Reply with quote
 

Search the forum

Latest posts

Current version

Related sites

Internet & Security Components

VPN and Instant Messaging - all in one!