Setting Up The Authentication Module

 

Basic Steps, LDAPAuth example:

1) Download LDAP module https://netwinsite.com/dmail/utils.htm#ldapauth extract and copy to c:\surgeftp\ldapauth.exe (LDAP is Windows only)
2) Edit ldapauth.ini file to configure for your system https://netwinsite.com/dmail/ldap.htm#ldapauth_ini_file_settings
3) Stop SurgeFTP server
4) Edit c:\winnt\surgeftp.ini, change authentication module setting
authent_process "C:\surgeftp\ldapauth.exe"
5) Start the SurgeFTP server

6) Add users if necessary, you may have existing users in LDAP database.

In-depth Steps:

1) You need to decide on an authentication module.

Basically you want one to connect to the database of users that you already have. If it is System authentication, i.e. the operating system (Windows, Linux, Solaris) has a list of users and passwords, and you want to give those users access, just leave SurgeFTP the way it was installed as it's already set up for this kind of Authentication. If you want to change back to this, go to your SurgeFTP GUI interface http://127.0.0.1:7021/ and click on "Global", change the "Authent Process" setting to "none (uses normal system user database)". SurgeFTP has to restart after saving this setting.

Choose an Authent Module for your database:

Database Type Module Description

TCP/IP
Shared over several servers

TCPAuth TCPAuth is a TCPIP client+server module that will take any other module as its backend. Allows easy authentication across boxes and across platforms.
NetWin

NWAuth

(included in installation)

This is our recommendation. Source provided. Please feel free to use it as a base if you are writing your own module.

RADIUS RadiusAuth authenticate with RADIUS server
LDAP LDAPAuth authenticate with LDAP server
ODBC ODBCAuth Our own authentication module for talking to an ODBC Driver for a Database (e.g. MS Access, MS SQL Server, ORACLE)
SQL MySQLAuth Our own authentication module for talking to a MySQL server.
Oracle user database OracleAuth This is our module to talk to an oracle user database.
UNIX system password file UnixAuth This is our module to talk to the UNIX system password file.
NT system NTauth This is our module to talk to the NT system user database.
Linux PAM PamAuth This is our module to talk to the a linux PAM module.

Download the authentication module

(unless using NWAuth, it is included in SurgeFTP distribution).

Please note that these authentication modules are not specifically for SurgeFTP or DMail or SurgeMail, but work with all of them. When following the instructions, don't follow them blindly.

This page has links to download Authentication Modules listed above

For SurgeFTP, copy the Authentication module to the "c:\surgeftp" or "/usr/local/surgeftp" directory, or wherever you installed to, and set up the configuration file for the authentication module in that directory.

Authentication by Domain?

If you are using Multiple or Virtual Domains for SurgeFTP, you can choose to use either the same set of usernames and passwords across all domains, or have a different set for each domain.
There are two methods for keeping logins unique across multiple domains, "Domain Prefix" or "Authent Domain".
Domain Prefix puts a unique identifier at the beginning of a username before passing it to the Authent Module, this is entered per domain setting and can be arbitrary. The setting to enter this into is called "Domain Authentication Prefix" and is found in each domain.
Authent Domain puts the suffix on the username before passing it to the Authent Process, e.g. a suffix of "@domain.com" which would be the name that you entered for that Virtual Domain (setting name is "Domain Name"). The Authent Domain setting is a single setting in the Global part of the SurgeFTP GUI interface.

The two methods can be combined, but it is a little pointless, and probably just confusing.

2) Edit the Authentication Module ini file.

You need to be clever here as you need to configure the ini file for the authentication module that you have chosen. The settings determine how the data is extracted from the information source (usually database server of some type). There are links to settings for the ini file, follow them and learn all the settings and how to configre correctly.

3) Stop SurgeFTP Server

On Windows, Use the Services console to stop SurgeFTP or open a DOS/shell box and type in "net stop surgeftp"

On Linux/Solaris, change to root user and run the script /usr/local/surgeftp/surgeftp_stop.sh

4) edit c:\winnt\surgeftp.ini

On Linux and Solaris the surgeftp.ini file is located at /etc/surgeftp.ini

Open the file in your favourite editor, notepad or vi are the best choices, locate the setting labled "authent_process", if it does not exist, create it and set its value to the name of the authentication module.
e.g.

          authent_process "C:\surgeftp\ldapauth.exe"
or
          authent_process "/usr/local/surgeftp/nwauth"

5) Start SurgeFTP Server

On windows, use the Services console to start SurgeFTP or open a DOS/shell box and type in "net start surgeftp"

On Linux/Solaris, change to root user and run the script /usr/local/surgeftp/surgeftp_start.sh

6) Does it work?

Add some users to the database through SurgeFTP GUI interface, go to http://127.0.0.1:7021/ and click on "Global" then click on "Users"

Select a Domain to add the user to,
Enter the username without any prefixing/suffixing on it. SurgeFTP now adds those automatically if need be (versions 2.0r17 onwards).

FTP to that domain, and try and log in :-)

c:\> sslftp 127.0.0.1
User: bob
Password: ****
230 User bob Logged in.
sslftp>

If it doesn't work, check the error response from logging in, the answer may well be right there.

If you have any problems email
surgeftp-support@netwinsite.com
with the error reported,the configuration file of the Authentication Module,all the steps (approx) of what you had done and what you were trying to make happen.