The Secure File Transfer Solution.
TOC PREV NEXT INDEX

Chapter 3: Configuring FTP Hosts

This chapter describes how to set up and configure FTP Hosts and how to set options for those hosts.

Setting Up FTP Hosts

To use the WS_FTP Server with a single FTP host, the process is simple - the FTP host uses the Internet hostname and IP address of the host on which you are installing. To add additional FTP hosts to the same system, you can use the virtual host function.

For each FTP host you add, you need to consider the following:

The following sections describe how to add FTP hosts, and how to set options for a host (such as allowing anonymous access and setting maximum concurrent users).

Adding Additional FTP Hosts

You can have multiple FTP hosts on a single system, with each host functioning as a separate FTP site. The first FTP host you add should use the primary hostname and IP address of the local host. Subsequent FTP hosts that you add can be "virtual hosts." There are two kinds of virtual FTP hosts:

To add a virtual FTP host:

  1. In the left panel, select Local System. The directory, port, log options, and FTP service information for this host appear in the right panel.
  2. In the right panel, select New Host. The first screen of the New Host wizard appears.
  3. Enter the desired hostname for the FTP host. This can be from 1 to 80 characters and must be in the form host.domain.top.
  4. Select the database to use for user authorization:

    WS_FTP Server. To create your own FTP user accounts (using the Server Manager or the Add User utility), select this option.

    If you want WS_FTP Server to automatically use user accounts from an existing user database, select one of these options:

    Windows NT. All users in the Windows NT user database on your computer will have access (using their Windows NT username and password) to the FTP host. Each user appears in the users folder in the top directory of the FTP host.

    External User Database. All users in the correctly configured external ODBC database stored on your computer have access to the FTP host. Each user appears in the users folder in the top directory of the FTP host. (You may also use WS_FTP Server Manager to create users in this database.)

    IMail Server. All users in the IMail Server user database on your local system will have access (using their IMail Server username and password) to the FTP host. Each user appears in the users folder in the top directory of the FTP host. To use this option, the IMail Server for Windows NT software must be installed on your computer. Also, note that:

    • The hostname you enter for the FTP host must be the exact name of the official hostname used by the IMail Server.
    • You cannot use this option if the IMail Server is using the Windows NT user database for user authorization.
    • The FTP host does not use the IMail Server top directories by default, but you can set the top directories to be the same, thus allowing FTP users to access their mail folders.

      If you use the Windows NT or IMail Server user databases, you can display each user account and modify FTP settings for an account, but you cannot add or delete user accounts. You must add or delete user accounts through the specific user database.

  5. Click Next. The IP Address screen appears.
  6. If the virtual host has an IP address, select the IP Address. If the virtual host does not have an IP address, select $virtual.

    If an IP address is marked with an *, it is already used by another FTP host; if you select it, the other FTP host will be disabled.

  7. Click Next. The Directory screen appears.
  8. Enter the top directory for this FTP host. All user folders for this FTP host are created under this directory. We recommend that you create a directory just for this host. If you later add other FTP hosts, you can have separate directories for each FTP host.
  9. Click Next. The Summary screen appears and shows the Hostname, IP Address, and Directory for the FTP server. Click Finish to create the new FTP host. In the left panel, an entry for the host appears under Local System.

The host properties appear in the right panel - you can set additional host properties. See "Setting Options for the FTP Host".

Configuring an External User Database

When you configure an external user database using these directions, WS_FTP Server creates an ODBC database that holds tables configured with the correct fields. Those fields are identified in the Table Name section of this chapter. After the database is created and the ODBC system data source name is established in the ODBC Source Administration tool (Found in your Windows Control Panel) you can use that database to store your user authentication information and user properties. This information can still be managed through the WS_FTP Server Manager, including adding and deleting users.

Follow the directions for creating a new host found in "Setting Up FTP Hosts". While in the New Host wizard, select the External User Database option and click Configure. You can also click the Set User DB button in the host properties pane after the host has been created.

The External User Database dialog box appears.

  1. Enter the correct information in all of the boxes.

    External Database Implementation DLL. Enter the full path to the odbcuser.dll installed on your local server.

    ODBC System Data Source Name. Enter the source name created using the ODBC Source Administration tool described above.

    If the database requires you to log in using a username and password, place the following after the data source name. ;UID=<username>;PWD=<password>

    Example: If you were using the source name WS_FTP and the username and password of AUGUSTA and GEORGIA, the correct format of the ODBC System Data Source Name box would be:

    WS_FTP;UID=AUGUSTA;PWD=GEORGIA

    Table Name. Enter the name of the database table that was created with the correct standard fields.

    In order for WS_FTP server to use an external database, the information tables will be created with the following fields in the following format. The names are case sensitive.
    Name Type
    USERID VARCHAR
    PASSWORD VARCHAR
    FULLNAME VARCHAR
    FTPMAXSPACE INTEGER
    FTPMAXFILES INTEGER
    FTPFLAGS INTEGER

  2. Click OK to continue creating the host.

Configuring an NT User Database

You may use WS_FTP Server Manager to authenticate users on an NT domain, even if the computer WS_FTP Server is installed on is not the domain controller.

If the user database is located on the domain, identify the following fields on the NT User Database Configuration dialog after selecting the Windows NT option on the Hostname dialog. If the database is local, leave these fields blank.

NT Domain Name. Enter the name of the NT domain.

Machine name of Domain controller. Enter the name of the computer that controls the domain.

If you want to use the permissions you have set up in the NT User database, you must select the Use NT user file and directory permissions option.

Once you complete the Configuring an NT User Database dialog, click OK to continue creating the host, making sure you set the top level directory to the directory you want your users to have access to. For example: C:\wsftp

Once the host is completely established, you must do the following to use the NT user permissions:

  1. Create a virtual folder for each folder that is listed in the top directory of the host using the same name. For example, if you use the C:\wsftp directory and that directory contains a folder called upload, you must create a virtual folder called upload in the WS_FTP Server Manager.
  2. Set permissions for all of the virtual folders you just created to Everyone - All Permissions.
  3. Select the Do not include in top level folder listing option for each folder.
  4. In Windows Explorer, set your desired permissions for each of these directories.

Note: When using Active Directory on Windows 2000 Active directory must be installed with backward compatibility.

Setting Options for the FTP Host

After creating an FTP host, you can set additional options or change the existing setup for the host. In the left panel, select the FTP host. The host's properties appear in the right panel.

The Hostname, Address, User Database, and Top Directory are selected when you create a new FTP host.

The following sections describe the options.

Setting Timeouts for FTP Connections

You can set a timeout for FTP client connections to the FTP host. After this number of seconds, if the FTP server has not received a command from the FTP client, the client is disconnected.

  1. In the left panel, select the FTP host. The host's properties appear in the right panel.
  2. In the Timeout (secs) box, enter a timeout value.
  3. Click Apply.

Setting Maximum Users

You can use the default settings for maximum number of users logged on to the FTP host, or you can change the settings as described here.

  1. In the left panel, select the FTP host. The host's properties appear in the right panel.
  2. In the Maximum concurrent users box, enter the maximum number of users (including anonymous users) that can connect to the FTP host at the same time. The default is 1000 users.
  3. In the Anonymous box, enter the maximum number of anonymous users that can connect to the FTP host at the same time. The default is 200 users.

Note: If the user limit is exceeded, a System Administrator or Host Administrator can still log on using the Server Manager. Also, a System Administrator can always log on using an FTP client.

Entering zero for either option disables new connections. This provides a way to temporarily "stop" the FTP server, so you can update files. New connections are not allowed, but current connections will continue until the user logs off or the connection exceeds the timeout value. Setting Maximum concurrent users to zero disables any new connections, setting Anonymous disables only new anonymous connections.

Allowing Anonymous Access

You can allow anonymous access to an FTP host so that users can access specified folders on the host without needing a user account. Users can then log on using anonymous or ftp as the username and their e-mail address for the password (or no password), for example:

Username: anonymous
 Password: rhyne@ipswitch.com

To enable anonymous access to the FTP host:

  1. In the left panel, select the FTP host. The host's properties appear in the right panel.
  2. Select Allow anonymous access to this host.

    When an anonymous user logs on, they are placed in the host's top directory.

  3. Optionally, set permissions for anonymous on any virtual FTP folders. For example, you can use virtual folders to create a download or an upload folder for anonymous users.
  4. Click Apply.

When an anonymous user logs on to the FTP host, they will see the following files and folders:

Anonymous users can list and download files in these public folders. You can hide a user's public folder by selecting Disable Public Access Directory in the user's properties or by selecting the Do not list user folders on the Users Properties page.

Hiding Files and Folders

You can hide a file or folder in any directory by prepending a $ character to the file or folder name and doing the following:

  1. In the left panel, select the FTP host. The host's properties appear in the right panel.
  2. Select Hide Files and Folders that start with `$' to hide all files and folders whose name begins with a dollar sign ($) character, for example $banner.txt or $Marketing.

Setting Directory Listings to Use Local Time

By default, WS_FTP Server displays directory listings in GMT (Greenwich Mean Time). You can set the directory listings on the FTP host to use the host's local time.

  1. In the left panel, select the FTP host. The host's properties appear in the right panel.
  2. Select Use local time for directory listings.

Using Banner, Welcome, and Exit Messages

You can create messages to send to an FTP client on successful connection, logon, and logoff. The FTP client usually displays these messages in the message log.

To create the messages for an FTP host:

  1. In the left panel, select the FTP host. The host's properties appear in the right panel.
  2. Click Edit messages. The Edit Messages screen appears.

  1. In the edit boxes, enter text for the messages.
  2. Click OK.

Banner Message. The FTP server sends this message to a user upon successful connection, before the user logs on. You can use this message to tell users about the organization of your FTP site, any rules, times of operation, mirror sites, or contact information. You can use the message variables to provide information, for example, that the FTP host has reached the maximum number of concurrent users.

Note: Please note that a Virtual host without an IP will not display a banner message. The Banner Message is displayed when a connection is first established. An IP-less virtual host is not connected to until a user logs in.

Welcome Message. The FTP server sends this message to a user upon successful logon. You can use the message variables to report information, such as the current number of files and the maximum for this user.

Exit Message. The FTP server sends this message to the user on logoff. You can use the message variables to provide statistics for the FTP session, for example, the number of files received and sent by the user.

The messages can also contain the following variables:

%a = Current number of anonymous users for this host

%b = Maximum number of anonymous users for this host

%d = Number of files deleted by user

%f = Maximum number of files the user can have (or unlimited)

%e = Number of files the user currently has

%h = Hostname

%I = IP address of remote user

%k = Current number of users logged on

%l = Maximum number of users that can log on

%n = Fullname

%q = Maximum disk space the user can have (or unlimited)

%r = Number of files received by user

%s = Number of files sent by user

%u = User ID

%z = Current disk space used by the user

When these messages are created they are placed in the specified Top Directory of the Host. If this directory does not exist the Messages will not save. You can either manually create this directory, or it will be automatically created when a user logs in. (You need write permission for that directory.)

Creating Message Files for Folders and Directories

You can create a message named $message.txt in any directory or folder and when a user changes to that directory or folder, WS_FTP Server displays the message. WS_FTP Server sends the $message.txt in response to the CWD (change working directory) or CDUP (change directory to up one level) command from the FTP client.

For example, when a user opens a directory or folder, you can display a message that refers them to a readme file for a description of the folder's contents.

The message can also contain any of the variables described in the previous section, "Using Banner, Welcome, and Exit Messages."

Setting Access by IP Address

You can control access to an FTP host by setting an IP address or range of addresses for which the FTP host either grants or denies access.

To grant access to a specific computer or group of computers:

  1. In the left panel, select the FTP host. The host's properties appear in the right panel.
  2. Click Control Access. The Access Control properties appear.

  3. Select Denied Access.
  4. Click Add. The Grant Access For dialog box is displayed.

  5. In the IP Address box, enter the IP address of the computer to be granted access to the server.
  6. To grant access to a group of computers, select Group of Computers. In the IP Address and Subnet Mask boxes, enter the IP address and subnet mask for the group to be granted access. For example, if you have a class C address space of 156.21.50.0, enter a group address of 156.21.50.0 and a subnet mask of 255.255.255.0. This will grant access to those 254 systems.
  7. Click OK to add the IP address(es) to the list. Access will be denied to all computers except those listed.
  8. Click OK to save the changes. Note that you must stop and restart the FTP server for the changes to take affect.

To deny access to a specific computer or group of computers:

  1. In the left panel, select the FTP host. The host's properties appear in the right panel.
  2. Click Control Access. The Access Control properties appear.
  3. Select Granted Access.

  4. Click Add. The Deny Access On dialog box is displayed.
  5. In the IP Address box, enter the IP address of the computer to be denied access to the server.
  6. To deny access to a group of computers, select Group of Computers. In the IP Address and Subnet Mask boxes, enter the IP address and subnet mask for the group to be denied access. For example, if you have a class C address space of 156.21.50.0, enter a group address of 156.21.50.0 and a subnet mask of 255.255.255.0. This will deny access to those 254 systems.
  7. Click OK to add the IP address(es) to the list. Access will be granted to all computers except those listed.
  8. Click OK to save the changes. Note that you must stop and restart the FTP server for the changes to take affect.

Setting an Alias for the FTP Host

Many FTP sites use an alias in their Domain Name Server (DNS) system so they can assign a familiar name to the site. Rather than connecting to an FTP host using its actual hostname (for example, gyro.ipswitch.com), it may be easier for users to remember or guess a name like ftp.ipswitch.com. You can add a record to your DNS system to create such an alias, for example:

ftp IN CNAME gyro.ipswitch.com

Users could then log on to ftp.ipswitch.com. The alias also allows you to move your FTP site to another host without changing the hostname.

Other Options

Disable extensions. When this option is selected, the server will no longer support FTP server extensions. Those extensions include XAUT and FEAT, as well as any customized SITE commands. Selecting this option will also disable SSL capabilities.

Disable SSL. Selecting this option keeps users from connecting to the server through a secure connection. Once this option is set, you must clear it before users can use SSL connections.

Force SSL. Select this option to force users to make an SSL connection. While this does not change the way they are connecting automatically, it will refuse any connection not using SSL negotiations, and send an error message stating why the connection was refused.

Force SSL on Data Chan. Select this option to force users to make an SSL connection, and to refuse any data that is not SSL encrypted.

Allow 3rd party transfers. Selecting this option will allow users to transfer files from one server to another if both servers allow it.

Deleting an FTP Host

To delete an FTP host from the WS_FTP Server:

  1. In the left panel, select the FTP Host, and then select Delete from the right mouse menu.
  2. A message box appears, verifying the deletion. If you select Yes from this box, the host will be deleted. A dialog box appears and asks if you would like to delete the top level directory (and all folders in it) for this host.
  3. Click No if you want to save files and folders to move to another directory (the host is deleted but the directory structure remains). Click Yes to delete all files and folders associated with the FTP host. Click Cancel if you do not want to delete the FTP host.

Renaming an FTP Host

To rename an FTP host on the WS_FTP Server:

  1. In the left panel, select the FTP Host, and then select Rename from the right mouse menu.
  2. Enter a new name for the host. This should be a valid Internet hostname in the form host.domain.top.

Note that the FTP host's top directory does not change.


Ipswitch, Inc.
http://www.ipswitch.com
TOC PREV NEXT INDEX
©Ipswitch 2003