Hi,
I activated the Active Directory auth for our domain.
The domain "administrator" account can log in, but other domain users can't..
Ideas?
Active Directory
-
- Site Admin
- Posts: 2087
- Joined: Tue Sep 29, 2009 6:09 am
Re: Active Directory
Please make sure you are using the latest version 3.8.0, then please paste the related server logs.
-
- Posts: 6
- Joined: Thu Apr 21, 2011 8:44 am
Re: Active Directory
I am using 3.8.0
The 10:28:38 och 10:28:43 logins for administrator failed because I temporarily disabled the active directory function in WFTP just to check if it had connection with the AD, which it seems to have (as the administrator can log in after activating again)
06] Thu, 21 Apr 2011 10:21:15 (0000002) User 'administrator' logged out. (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:21:51 (0000000) User 'c2' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:22:31 (0000000) User 'c117' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:28:13 (0000003) User 'administrator' logged in ok! (IP:192.168.39.137)
[05] Thu, 21 Apr 2011 10:28:14 (0000003) List ok
[06] Thu, 21 Apr 2011 10:28:19 (0000003) User 'administrator' logged out. (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:28:38 (0000000) User 'administrator' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:28:43 (0000000) User 'administrator' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:28:58 (0000004) User 'administrator' logged in ok! (IP:192.168.39.137)
[05] Thu, 21 Apr 2011 10:28:58 (0000004) List ok
[06] Thu, 21 Apr 2011 10:29:02 (0000004) User 'administrator' logged out. (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:29:50 (0000000) User 'test' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:30:58 (0000000) User 'test' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:32:35 (0000005) User 'administrator' logged in ok! (IP:192.168.39.137)
[05] Thu, 21 Apr 2011 10:32:35 (0000005) List ok
[06] Thu, 21 Apr 2011 10:32:39 (0000005) User 'administrator' logged out. (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:32:42 (0000000) User 'test' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:49:04 (0000000) User 'test' login failed! (IP:192.168.39.137)
The 10:28:38 och 10:28:43 logins for administrator failed because I temporarily disabled the active directory function in WFTP just to check if it had connection with the AD, which it seems to have (as the administrator can log in after activating again)
06] Thu, 21 Apr 2011 10:21:15 (0000002) User 'administrator' logged out. (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:21:51 (0000000) User 'c2' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:22:31 (0000000) User 'c117' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:28:13 (0000003) User 'administrator' logged in ok! (IP:192.168.39.137)
[05] Thu, 21 Apr 2011 10:28:14 (0000003) List ok
[06] Thu, 21 Apr 2011 10:28:19 (0000003) User 'administrator' logged out. (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:28:38 (0000000) User 'administrator' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:28:43 (0000000) User 'administrator' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:28:58 (0000004) User 'administrator' logged in ok! (IP:192.168.39.137)
[05] Thu, 21 Apr 2011 10:28:58 (0000004) List ok
[06] Thu, 21 Apr 2011 10:29:02 (0000004) User 'administrator' logged out. (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:29:50 (0000000) User 'test' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:30:58 (0000000) User 'test' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:32:35 (0000005) User 'administrator' logged in ok! (IP:192.168.39.137)
[05] Thu, 21 Apr 2011 10:32:35 (0000005) List ok
[06] Thu, 21 Apr 2011 10:32:39 (0000005) User 'administrator' logged out. (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:32:42 (0000000) User 'test' login failed! (IP:192.168.39.137)
[06] Thu, 21 Apr 2011 10:49:04 (0000000) User 'test' login failed! (IP:192.168.39.137)
-
- Site Admin
- Posts: 2087
- Joined: Tue Sep 29, 2009 6:09 am
Re: Active Directory
Please check the logs in Windows AD server too, I guess user "administrator" is your local computer user, not AD user. Just check whether you have connected to the Windows AD server.
-
- Posts: 6
- Joined: Thu Apr 21, 2011 8:44 am
Re: Active Directory
Ok, that could be right (local administrator).
I've set the parameter "Domain" to my domain name, at set a default home dir.
Shouldn't that be all? The server running Wing FTP is a memberserver of the domain (not a domain controller)
Or do I have to specify a domain controller?
I've set the parameter "Domain" to my domain name, at set a default home dir.
Shouldn't that be all? The server running Wing FTP is a memberserver of the domain (not a domain controller)
Or do I have to specify a domain controller?
-
- Site Admin
- Posts: 2087
- Joined: Tue Sep 29, 2009 6:09 am
Re: Active Directory
Have you used Windows AD server before? Connected to your Windows AD server successfully before?
The domain name is not important, the important thing is you need to join the Windows AD domain from your local computer, like this:
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc_5.1/am51_webinstall78.htm
The domain name is not important, the important thing is you need to join the Windows AD domain from your local computer, like this:
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc_5.1/am51_webinstall78.htm
-
- Posts: 6
- Joined: Thu Apr 21, 2011 8:44 am
Re: Active Directory
The computer running Wing FTP is an server, running Windows Server 2003.
This server is a member of the domain trenter.net, eg it's installed as an member server in an AD domain.
The trenter.net domain also consists of a few other servers, where 2 of thoose are the domain controllers.
This server is a member of the domain trenter.net, eg it's installed as an member server in an AD domain.
The trenter.net domain also consists of a few other servers, where 2 of thoose are the domain controllers.
-
- Site Admin
- Posts: 2087
- Joined: Tue Sep 29, 2009 6:09 am
Re: Active Directory
Just make sure you can connect to the Windows AD server successfully, then you can use the AD authentication.
-
- Posts: 6
- Joined: Thu Apr 21, 2011 8:44 am
Re: Active Directory
The AD is of course working as it should. The administrator account used to log on to the server is an domain administrator account, stored in the AD. There is also an local administrator account (as usual), that happens to have the same password as the domain account.
There must be something wrong with Wing FTP, if it's asking the local computer for the logins, rather than the AD (domain controllers) where all the domain accounts are stored.
There must be something wrong with Wing FTP, if it's asking the local computer for the logins, rather than the AD (domain controllers) where all the domain accounts are stored.
-
- Posts: 6
- Joined: Thu Apr 21, 2011 8:44 am
Re: Active Directory
Just for you info, we have other products that uses the AD for auth also, working as it should.
But I'm a bit confused, as the other products need more info that just the domain name.
For example, our Watchguard firewall needs the actual IP-adress to one of the domain controllers, along with TCP port 389, searchbase "dc=trenter,dc=lan", group string "member of" and some other parameters to do the auth.
There is also an backup setting for the AD auth, where I have the IP adress for our second domain controller...
Is Wing FTP asking the AD (=domain controllers) for the username, or is it just a simple windows auth for accounts stored in the local computer where Wing FTP is installed?
But I'm a bit confused, as the other products need more info that just the domain name.
For example, our Watchguard firewall needs the actual IP-adress to one of the domain controllers, along with TCP port 389, searchbase "dc=trenter,dc=lan", group string "member of" and some other parameters to do the auth.
There is also an backup setting for the AD auth, where I have the IP adress for our second domain controller...
Is Wing FTP asking the AD (=domain controllers) for the username, or is it just a simple windows auth for accounts stored in the local computer where Wing FTP is installed?