- Overview
- Create an Active Directory bind account
- Configure TurboFTP Server to use Active Directory authentication
- Create an LDAP bind account
- Configure TurboFTP Server to use LDAP authentication
- Refresh user list
Overview
Several techniques can be used to make the connection to the FTP server more secure, and one of them is to use Active Directory or LDAP integrated authentication.
This step-by-step guide will show you how to configure Active Directory and OpenLDAP to use as the authentication provider.
Create an AD Bind account for TurboFTP Server
-
Right-click on Users OU and Select New => User.
-
Provide First, Last, Display, and login name and click Next.
-
Specify a password, click Next, and Finish.
-
Using the same approach to create a New User account.
-
Double-click on the newly created user and go to the
Profile tab. -
Specify the path to the
user’s home directory.
Configure TurboFTP Server to use Active Directory authentication
-
Create
New Domain. -
Specify the
domain name and IP address. -
Select Active Directory Authentication method and fill all fields.
-
You can "Use User Principal Name to log in", so the domain user login name should be in UPN form rather than FQDN.
For example, user (cn=jsmith, OU=Users, DC=test, DC=local) should login as jsmith@test.local. -
Click the
Test button and provide BindDN login and password. -
If the connection is successful, you will see a confirmation message.
-
Specify the
FTP server's root folder.
Create an LDAP bind account
-
Create an answer file named tbftpsrv.ldif
dn: ou=Users,dc=test,dc=local
objectClass: organizationalUnit
ou: Usersdn: uid=tbftpsrv,ou=Users,dc=test,dc=local
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: tbftpsrv
sn: tbftpsrv
givenName: tbftpsrv
cn: tbftpsrv
displayName: tbftpsrv
uidNumber: 10000
gidNumber: 5000
userPassword: !TurboFTP_Bind_Account_Password!
gecos: tbftpsrv
loginShell: /bin/bash
homeDirectory: /home/tbftpsrv -
Add bind account to the LDAP directory.
ldapadd -x -D cn=admin,dc=test,dc=local -W -f tbftpsrv.ldif -
You will be asked for admin password.
Enter LDAP Password: ******** -
If password is correct you will see that info from the file has been added.
adding new entry "ou=Users,dc=test,dc=local"
adding new entry "uid=tbftpsrv,ou=Users,dc=test,dc=local" -
Using the same approach create New User account by creating a new file jsmith.ldif
dn: uid=jsmith,ou=Users,dc=test,dc=local
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: jsmith
sn: Smith
givenName: John
cn: John Smith
displayName: John Smith
uidNumber: 10001
gidNumber: 5001
userPassword: !UserPassword!
gecos: John Smith
loginShell: /bin/bash
homeDirectory: /home/jsmith
Configure TurboFTP Server to use LDAP authentication
-
Create New Domain.
-
Specify a
domain name and IP address. -
Select the LDAP Authentication method and fill in all fields.
-
You can "Use User Principal Name to log in", so the domain user login name should be in UPN form rather than FQDN.
For example, user (cn=jsmith, OU=Users, DC=test, DC=local) should login as jsmith@test.local. -
Click the
Test button and provide BindDN login and password. -
If the connection is successful, you will see a message.
-
Specify the
FTP server root folder.
Refresh user list
-
By default, TurboFTP Server doesn’t refresh the AD users list, so it’s empty. To refresh the user list, click on the Refresh button.
-
Now users list should be populated.
TurboFTP Server can run as an SFTP server or secure FTP server, allowing the administrator to control user connection access and directory permissions at granular levels.
This article illustrates how to manipulate user connection attributes with user class and manage directory access in a domain's Virtual File System. Finally, we demonstrate how to connect and control the TurboFTP Server remotely.
User Connection Control Attributes
Example 1. Create a user class and configure its connection attributes.
We have created a domain 'test', under which we have created user 'tester' and user class 'webftp'.
General Configurations of User Class
To add user 'tester' into user class 'webftp', drag and drop 'tester' into the 'webftp' node. Once a user becomes a member of a user class, all attributes of the user class apply to this user except some user-specific attributes like login credentials, home folder, etc. For example, the following user attributes under the General tab are configurable for a user class:
- Disable account
- Connection types
Configuring IP Access of a User Class
To employ IP access rules on a user class, enable the IP access restriction first. We then add IP rules in one of the supported formats. 'Allow' rules are indicated by a '+' sign, and 'Deny' rules by a '-' sign.
Configure Quotas of a User Class
The Disk Quota controls the maximum disk space the user class can use. The transfer speed can be throttled for upload and download. An administrator might also want to enforce limits on the total bandwidth consumed by the users on a daily or monthly basis; the options of Total Bandwidth Limit come in handy.
User Class Advanced Options
Some of the features here require support on the server side:
XCRC, MDTM (setting file time), SITE PSWD.
For example, the FTP server must support SITE PSWD command to allow users to change their login password from an FTP client. The server must support the MODE-Z feature to enable the on-the-fly data compression feature to be turned on. It is worth noting that many server products understand the primary form of MDTM command, which is used to retrieve remote file timestamps (a 'get' operation). Still, not all servers know when it is intended to change the time of files on the server( a 'set' operation).
Configuring Directory Access
EXAMPLE 2: We create user group 'webftpusers', add user 'tester' to this group, and set up the directory access for it.
On the Service Directory tree, click on user 'tester', go to the General tab, and click on the 'Add' button.
The 'Add Group Membership' dialog appears, and we select the user group 'webftpusers' and then click OK.
Now, the user group 'webftpusers' appears in the 'Member of' list.
Setting up Directory Access
Click on the 'Directory Access' node under the domain 'test' and select the folder you are interested in the right panel.
Click on 'New Rule' and select 'webftpusers' from the popped-up dialog. Check 'Grant all permissions' if you want to grant complete control. Click on OK.
Please note that if you see all permissions grayed out when you click on a user or user group, this permission rule is inherited from the current folder's parent.
TurboFTP Server Remote Administration
You can manage TurboFTP Server locally or remotely (in a local network or over the Internet).
EXAMPLE 3: Set up and test remote administration
We connect TSRMC with the local TurboFTP Server service (on Computer A, with IP 192.168.1.197), go to Server -> Remote Admin, and enable remote administration.
Open TSRMC on another computer (B) where you want to manage TurboFTP Server on Computer A remotely. Add a server, enter IP 192.168.1.197, and name it '192.168.1.197' too. Select 'Remote' under 'Server Type', as shown below. Keep the default server port.
Click OK to close the dialog. Then double click on the new server '192.168.1.197', enter administrator credentials and click 'Connect'.
If the connection to the remote TurboFTP Server establishes successfully, the server will populate with all the domain and user information, as shown below.
A secure FTP server is a solution that can provide centralized file sharing and exchange through either a private or public network. Users can use any FTP-compliant client to interact and exchange files with the server. FTPS is an approach to protect FTP protocol communication with an SSL layer.
Benefits Of Setting Up a secure FTP server Using TurboFTP Server
- Quickly set up an FTP server on Windows Servers (2016, 2019, etc.) within minutes.
- Protect your data with SSL or SSH to meet compliance requirements.
- It is easily deployed in a corporate environment by utilizing its built-in Active Directory authentication support.
- It offers a granular configuration of directory access control.
This article helps you start with TurboFTP Server quickly and instantly set up an FTP server on Windows.
Install Turbo FTP Server and Set Up Super Admin Account
While installing TurboFTP Server, you can create a super admin account, which is required to administer the TurboFTP Server either locally or remotely (you can also create or modify admin accounts under the Server -> Admins tab).
Add a Server
By default, the Local Server has been added to the management console. If you want to manage another server (remotely), you can add that server by right-clicking on the intended Server Group node (the default Local Server is added to the Default Server Group).
Connect to TurboFTP Server
Right-click on the server you want to connect to and select 'Connect to server', and enter the administrator's username and password in the connection dialog. Click Connect to connect and log into the server management console.
Create New Domain
A domain has its collection and definition of users, groups, and user classes. A single authentication source defines its collection of users. A domain can provide different services (FTP/S, HTTP/S, or SFTP) by various combinations of IP address and port number. One TurboFTP Server instance can run multiple domains. To create a domain on the local server, right-click on the 'Local Server' node and select New Domain.
1: Enter the new domain's name, the IP it listens on, and the regular FTP port number. You can specify the port number for other services (HTTP/S, SFTP, etc.) or disable the regular FTP after the domain is created.
2: Choose the authentication method you need. The default is TurboFTP Server Internal User Database. You can test the authentication source in the wizard for other authentication like ODBC, Active Directory, and LDAP.
3: Choose a folder to be the domain's virtual file system's root. Don't worry about accessing other folders on the Operating System beyond the root folder. Under VFS, administrators can create virtual folders that link to any physical folder in the host OS file system.
Create a New User Account
1: Expand the child items under the newly created domain, right-click on the Users node, and select New User. You will see the Add User Wizard show up. Specify the username and password.
2: Select the user's home folder under the domain's Virtual File System.
3: You assign membership of any existing groups or user classes to the new user.
After adding the new user, you can modify its configurations immediately.
Create a New User Class Account
A user class is a collection of users of a domain. User class is used to apply connection access control. Once a user becomes a member of a user class, it has the same settings as the user class, except for some user-specific settings like login password. To create a new user class, right-click on the Users node, and select 'New User Class'.
After adding a new user class, you can assign users to it and modify the user class's connection attributes that will be applied to all member users.
Create a New User Group
A group is a collection of users of a domain. It is used exclusively to manage directory access rights. Right-click on the Groups node to create a user group and select New Group.
If you have selected 'Launch domain immediately' in the last step of Add Domain Wizard, the domain is already up and running. After adding a new user, you can connect to the FTP