0

I have been breaking my head over this seemingly simple problem. I want to provide FTP access to specific folder to a specific user on my server. This is what I did.

  • Create a new user, let's call him John
  • Gave new user (John) full permissions on the folder that I want to open up. Let's call the folder myfolder
  • In IIS7 create a new FTP site: Add new FTP site. I set myfolder as the Home Directory. As far as bindings, I pick all unassigned IP's, port 21 and a specific subdomain/ domain that points to this server. I checked that.
  • In the next screen, for Authentication, I check Basic Authentication and I grant read / write access to specific users, in this case John.

I have played around with some of the other settings as well, but whatever I do, I get the same error:

530 User cannot log in, home directory inaccessible.

No need to mention, I checked the Windows permissions on that folder 100 times over. User John has full access to folder myfolder.

Using Windows Server 2008 R2

enter image description here

Olivier De Meulder
  • 166
  • 6

2 Answers2

1

I found the solution to my problem.

I already had a working FTP site on that server with the same IP in the bindings. And I was trying to create a second FTP site, with a different hostname. I thought that IIS would be smart enough to be able to differentiate based on the settings in the bindings.

e.g.

FTPsite1: bindings: IP: xxx.xxx.xxx.xxx Port: 21 host: ftp1.mysite.com - authorized user: user1

FTPsite2: bindings: IP: xxx.xxx.xxx.xxx Port: 21 host: ftp2.mysite.com - authorized user: user2

You can do this, however, the way to log in is different than what I expected.

To log in to Site 1:

ftp> open ftp1.mysite.com
Connected to ftp.interbayrotary.org.
220 Microsoft FTP Service
Name (ftp1.mysite.com:user): ftp1.mysite.com|user1
Password:

So your user name needs to be of the following format host|username. And that is the only way it will work.

If you just enter user1 as the user, you will get a 530 error, even though you clearly connect to the right site, based on the bindings settings.

This article from Microsoft explains how to set up virtual hosts.

And this article specifically talks about the hostname|username syntax.

Olivier De Meulder
  • 166
  • 6
  • 1
    Of course, as the command-line `ftp.exe` client does not automatically send the `HOST` command. See also [Do the SSH or FTP protocols tell the server to which domain I am trying to connect?](http://serverfault.com/a/672403/168875). – Martin Prikryl Nov 04 '15 at 13:19
0

you have to set the right for your user in security tab too of your folder properties

more detail there: https://en.wiki.frogg.fr/Microsoft_IIS#FTP

Froggiz
  • 3,013
  • 1
  • 18
  • 30
  • I did that, @Froggiz. However, that brings up another question. In the example link that you provide, in the Authorized users windows, the user is specified via their email address? Why is that? – Olivier De Meulder Nov 03 '15 at 14:39
  • nice, that s an error, i am use to set ftp user linked to email, but it doesn't work on IIS :P, i correct this soon ! – Froggiz Nov 03 '15 at 14:41
  • "No need to mention, I checked the Windows permissions on that folder 100 times over. User John has full access to folder myfolder." --- your answer is not the solution to my problem. – Olivier De Meulder Nov 03 '15 at 14:43
  • did you checked your firewall server side (opened port 21) ? did you tried passive mode to connect ? – Froggiz Nov 03 '15 at 14:46
  • @Froggiz Firewall/passive mode cannot have any effect on "User cannot log in, home directory inaccessible" error. – Martin Prikryl Nov 03 '15 at 14:47
  • @MartinPrikryl, yeah I did not think so either. Anyways, I am able to connect to the same server, but different user and different folder just fine. – Olivier De Meulder Nov 03 '15 at 14:49
  • it was just some advice, error on graphical ftp client are not all the time revelant – Froggiz Nov 03 '15 at 14:52
  • did you checked : http://www.iis.net/learn/publish/using-the-ftp-service/configuring-ftp-user-isolation-in-iis-7 and http://xpertnotes.net/blog/2014/03/21/iis-7-5-ftp-530-user-cannot-log-in-home-directory-inaccessible/ – Froggiz Nov 03 '15 at 15:09
  • @MartinPrikryl I found the answer to my problem FWIW. – Olivier De Meulder Nov 04 '15 at 13:16