Virtual directory onto network path; non-domain machines

  • Thread starter Thread starter Rico
  • Start date Start date
R

Rico

Hello everyone.

I am trying to create a virtual directory on an FTP server
using a network path to an App server where the files are actually
processed.

There is no domain. My problem is who the FTP server has to be set to
"Connect As..." for access to be granted.
I've created a member (same name) of normal "Users" group on both machines

On the App server, this normal user is granted sufficient access rights to
the folder for the needs of the application. However, on the web server,
the user APP_server\username is unknown, and I believe that's a problem:

"the user has not been granted the requested logon type at this computer"

I would need some advice as to how I could go about giving write access to
that virtual directory only to users that have authenticated to the ftp,
not anonymous, while the ftp "Connects as..." a normal user.
secpol.msc "local logon" is one possibility I've been mentioned about but
that's for when there's a domain, right?

I am currently getting by with putting the APP_server\username as a member
of Administrators. I can't sleep easy with that as you'd think and I'd
appreciate some advice. Thanks.

Rico.
 
inlined . . .

Rico said:
Hello everyone.

I am trying to create a virtual directory on an FTP server
using a network path to an App server where the files are actually
processed.

There is no domain. My problem is who the FTP server has to be set to
"Connect As..." for access to be granted.
I've created a member (same name) of normal "Users" group on both machines

On the App server, this normal user is granted sufficient access rights to
the folder for the needs of the application. However, on the web server,
the user APP_server\username is unknown, and I believe that's a problem:

"the user has not been granted the requested logon type at this computer"
Click to expand...

which machine gives this, the machine sharing out the storage, or the
ftp serving machine ??
I would need some advice as to how I could go about giving write access to
that virtual directory only to users that have authenticated to the ftp,
not anonymous, while the ftp "Connects as..." a normal user.
secpol.msc "local logon" is one possibility I've been mentioned about but
that's for when there's a domain, right?

I am currently getting by with putting the APP_server\username as a member
of Administrators. I can't sleep easy with that as you'd think and I'd
Click to expand...

therein lays the whole answer
one which machine has this account been made an admin ??
it is on that machine that there is some access that needs to be
granted to the account (so it does not then need admin).
Check the login rights of the account on the relevant machine,
which same come in two forms: log in locally, and over network
 
Hi Roger,

which machine gives this, the machine sharing out the storage, or the
ftp serving machine ??
Click to expand...

well.. for someone ftp'ing from outside, this response comes from the ftp
server.. now did the ftp server itself get that from the machine
with the shared storage, it's likely.
After all, after successful ftp connection/authentication, why would the
ftp machine itself need to grant any 'requested logon type' to a user that
it is supposed to "Connect as..." on the APP_server..
So I believe now that it is the APP_server that's denying some requested
logon type and the ftp_machine just relays the error message back.
therein lays the whole answer
one which machine has this account been made an admin ??
it is on that machine that there is some access that needs to be
granted to the account (so it does not then need admin).
Check the login rights of the account on the relevant machine,
which same come in two forms: log in locally, and over network
Click to expand...

if I may ask.. how do I check such login rights of the account on the
APP_server? 'log in locally' would be through secpol.msc and allow local
logon or something?
but how about login rights for 'over network'.. how to grant them to this
account? Thanks.

Rico.
 
Hi Roger,



if I may ask.. how do I check such login rights of the account on the
APP_server? 'log in locally' would be through secpol.msc and allow local
logon or something?
but how about login rights for 'over network'.. how to grant them to this
account? Thanks.
Click to expand...

oh.. okay.. I've got it. The very first setting
"Access this computer over the network"..

However, all this work to avoid setting that user in the Administrators
group seems wasted: somehow when in Administrators, anonymous couldn't
delete the files, not sure why.. now, I believe there is no way to say
that only a given set of successfully authenticated users can access the
virtual directory, right? Or that anonymous can only read it?
Because now.. anonymous can delete the files. I think I'll just disable
anonymous altogether. hopefully nobody depends on that. hehe.

Rico.
 
The way you are doing it all access to the share is done
via the account provided for use by the ftp service to go
off-box to the share. If you want accounts to be used,
then you probably should look at either not placing the
ftp storage on a remote or using domain access so that
the authenticating domain account is used.
 
The way you are doing it all access to the share is done
via the account provided for use by the ftp service to go
off-box to the share. If you want accounts to be used,
then you probably should look at either not placing the
ftp storage on a remote or using domain access so that
the authenticating domain account is used.
Click to expand...

Thanks Roger. I'll just nuke the anonymous access then.

Rico.
 
Back
Top