Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > Serv-U Managed File transfer, Windows authentication

Serv-U Managed File transfer, Windows authentication

Table of contents
Created by Richard Casey, last modified by MindTouch on Jun 23, 2016

Views: 114 Votes: 0 Revisions: 4

Overview

Serv-U MFT Server supports Active Directory (AD) authentication. This article describes how administrators can use AD organizational units (OUs) to provide different levels of access to different AD users.

Environment

Serv-U version 12 running on Windows Domain

Steps

The Master Windows User Group:

Serv-U provides a master Windows User Group that sets the default home directory and other properties for all users who authenticate through AD. To configure this group, either:

  • Open Users| Windows Authentication, and click  Configure Windows User Group...
  • Open Groups | Windows Groups, and click Configure Windows User Group... 

 

SolarWinds recommends: If you do not have directories configured in each of your AD user accounts, check the Use Windows User Group home directory box on the User | Windows Authentication tab, and then set up a home directory and provide permissions to it via the Windows User Group configuration.

 

Mapping AD OUs to Serv-U Windows Groups:

To map AD OUs to Serv-U Windows Groups you must use the Add and Add Child buttons on the Groups | Windows Groups tab to replicate the hierarchy of OUs present in AD.

Once you have successfully mapped the hierarchy, you may edit the properties of each Windows Group to set limits, different home directories and different sets of virtual folders.

 

Deny Access To All Users Without OU-to-WindowGroup Maps

Check the Require fully-qualified group membership for login box to deny access to any AD user whose organizational unit has not been mapped.

 

Deny Access To Users in Specific OU-to-WindowGroup Maps

You may also turn off access for all users in specific OUs. To do this, make sure you have a proper OU to Windows Group mapping, and then uncheck the "Enable account" box in the group properties.

 

 

Example:

An existing AD for "mydomain.com" contains three organizational units in the MyBusiness\Users organization unit. Only users from the "blue team" and "red team" should be allowed to sign on.

 

To implement this configuration, an administrator used the "Add" and "Add Child" buttons to duplicate the OU hierarchy from AD. Notice that there is no separate entry for the domain ("mydomain.com"), and that only two of the three organizations units present under "Users" in the AD is present on Serv-U.

 

Troubleshooting and Hints

If you are having trouble signing on or mapping Serv-U Windows Groups to AD OUs, try adding the domain name (e.g., "mydomain.com") to the "Windows Domain Name" field on the "Users | Windows Authentication" tab.

Remember that users in the built-in AD "Users" collection (right under the domain root) is NOT an addressable OU. (In other words, do not expect a Serv-U Windows Group named "Users" to apply properties to AD users from the built-in "Users" collection.)

To double-check the hierarchy necessary to address an AD user with a tree of Serv-U Windows Groups, open the target user in AD and look at the "Canonical Name" on the Object tab. (This also applies to intermediate organizational units.)

An easy way to tell if your mapping is correct is to apply a harmless Limit through the Serv-U Windows Group. For example, you might turn off access to Web Client Pro in one of your Windows Groups. Then, you know your group is mapped correctly when you sign on as an AD user in the applicable OU and your "Enable Web Client Pro" link is missing from the web client interface.

 

 

Last modified

Tags

Classifications

Public