۱۳۸۶ خرداد ۱, سه‌شنبه

آموزش تصویری راه اندازی Isolate FTP Users Using Active Directory Mode

هدف از این آموزش راه اندازی یک Isolated Ftp Site با استفاده از Active Directory میباشد که هر زمان کاربری با نام و پسورد خود وارد سایت شد بصورت پیش فرض وارد دایرکتوری مربوط به خودش بشود.

در IIS 6.0 سه حالت برای سایتهای FTP وجود دارد :
1-Do not isolate users - در این حالت هیچ گونه جداسازی صورت نمیگیرد و کلیه کاربران از یک فولدر مشترک استفاده میکنند همانند ورژن های قبلی IIS

Isolate users-2 - در این حالت کاربران باید در برابر حسابهای کاربری محلی (Local) یا دومین اهراز هویت شوند تا به دایرکتوری خانگی خود که مطابق با نام کاربری آنهاست دسترسی داشته باشند.

3-Isolate users using Active Directory - در این حالت هویت کابران در برابر Active Directory container متناظر بررسی میشود بجای جستجوی کلیه Active Directory که پروسه ای زمانبر است.

در این آموزش به راه اندازی FTP سرور در حالت سوم یعنی Isolate users using Active Directory میپردازیم.
فرض من بر این است که شما از Add/Remove program سرویس FTP را نصب کرده اید.



More Info:

Enabling Anonymous Access for a FTP Site Configured with Isolate Users Using Active Directory Mode

By default, anonymous access is disabled to sites created in Isolate users using Active Directory mode.

To enable anonymous access for the FTP site configured with Isolate users using Active Directory mode

• Configure the metabase properties as shown in the following example. You can do so by using the adsutil.vbs SET command-line tool.

• adsutil set /msftpsvc/6634/AllowAnonymous TRUE

• adsutil set /msftpsvc/6634/AnonymousOnly FALSE

• adsutil set /msftpsvc/6634/AnonymousUserName MyDomain\LowPrivUser

• adsutil set /msftpsvc/6634/AnonymousUserPass PaSsWoRd


Note:
When a site is created with Isolate Users Using Active Directory mode, the Path property of the root FTP virtual directory (which, for the other isolation modes identifies the home directory) is set empty. Also, the AccessFlags property of the root FTP virtual directory contains the AccessNoPhysicalDir flag. Do not alter these two values. If you change or remove them, further access to the site is not allowed

******************************
******************************

Converting an Existing FTP Site to Isolate Users Using Active Directory Mode (IIS 6.0)

You can convert an existing FTP site to Isolate users using Active Directory mode after you upgrade to Windows Server 2003. Before you convert an existing FTP site to the Isolate users using Active Directory mode, complete the following procedure.

To prepare to convert an existing FTP site to Isolate users using Active Directory mode
1.Plan user distribution over your network file server resources.

2.Create server shares and user directories for all users that have access to FTP.

3.Make sure to create a directory for anonymous access (if you want to enable anonymous user connections).

4.For each user, set the msIIS-FTPRoot and msIIS-FTPDir properties in Active Directory to point to the new home directory using Iisftp.vbs, by typing the following at the command line:
Iisftp.vbs /SetADProp UserName FTPRoot Server\Share

Iisftp.vbs /SetADProp UserName FTPDir Directory

For complete Iisftp.vbs syntax, see Setting Active Directory User Isolation Using Iisftp.vbs, or type Iisftp.vbs /SetADProp /?at the command prompt.
You can complete the conversion by using the FTP Site Creation Wizard (recommended), or by following the procedure below to configure the metabase.


To convert an existing FTP site to Isolate users using Active Directory mode
1.In IIS Manager, click the local computer, double-click the FTP Sites folder, right-click the FTP site that you want to convert, and then click Stop.
2.Move existing user content into the new directories.

3.Edit the metabase directory or use adsutil.vbs to configure the following metabase properties:

UserIsolationMode: Set to 2.

ADConnectionUserName: Set to a user that has permission to read Active Directory properties. Use Domain\UserNameformat.

ADConnectionPassword: Set to the password for the user in ADConnectionUserName.

DefaultLogonDomain: Set to the default domain name.

• For the site root virtual directory: Set the Path property to an empty string, and add the value AccessNoPhysicalDirto the AccessFlagsproperty, using the | operator; for example: AccessFlags=AccessRead|AccessNoPhysicalDir.

AllowAnonymous, AnonymousUserName, and AnonymousPassword: See To enable anonymous access for the Isolate Users Using Active Directory FTP site earlier in this topic for information on how to set these properties.

Important

Before you edit the metabase, verify that you have a backup copy that you can restore if a problem occurs. For information about how to do this, see Working with the Metabase.


4.In IIS Manager, click the local computer, double-click the FTP Sites folder, right-click the converted FTP site, and then click Start

هیچ نظری موجود نیست: