|
|
|
|
|
|
|
| |
|
|||||
| |
|
|
|
|
|
|
| |
||||||
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SurgeFTP Virtual Domains | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Setting up multiple
Domains under one IP.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alias | Path |
| / | c:\home\anonymous |
| /pub | c:\home\anonymous\pub |
| /pub/a.com | c:\home\a.com\pub\ |
| /pub/b.com | c:\home\b.com\pub\ |
| /pub/c.com | c:\home\c.com\pub\ |
Real Users:
SurgeFTP (or any FTP server in this scenario) must be clever to be able
to give the real users logging in the correct settings so that it will
appear they are logging into the correct domain.
We need to wait for the user to identify themself so that we know what
domain they belong to. The user will send to the ftp server a username
and a password, and this is where the user authentication plays a major
part. The user authentication tells us if the login is valid, and it can
tell us if the user belongs to any usergroups, and it can tell us where
the users home directory is.
If the Authentication tells us what usergroup the user belongs to, we
can use this to select a user class that has a matching usergroup, You
can use groups like domains, if a user belongs to a particular group,
then they belong to a particular domain. (Set User Class Setting "Specific
usergroups in this class" to be a comma seperated list of groupnames)
If the Authentication tells us what the users home directory is, SurgeFTP
will use that for that user, and use the default user class.You may only
require one real user class for this configuration.
If you want to be a little cunning, you can make your users login with
the username to be user@domain, that way you can have a user class for
each virtual domain, each having a username filter of "*@domain"
matching the name of the domain, and the user will be matched up to the
user class.(Set User Class Setting "Specific users in this class"
to the wildcard domain match.)
If you only have a few user logins, you can create a user class for each
of them, and list the users names explicitly for each user class, which
makes the user login under those class settings. (Set User Class Setting
"Specific users in this class" to be exactly the users login
name.)
Real World Example with Problems and fixes:
You want to host a several Domains on one IP. Each Domain on the computer is a customers website. Plus you also want to host some of your home users local homepages. You have decided to use nwauth as your authentication method.
You want to host these domains providing ftp access to a public_html directory and a pub directory.
| Domain | User Logins | Description |
| a.com | 1 | customers domain |
| b.com | 1 | customers domain |
| c.com | 1 | customers domain |
| local.isp.com | 2592 | Your ISP Domain where home users have their homepages. |
In SurgeFTP GUI setup one "Domain" with four User Classes, then name them so you know which is which.
You then setup the
logins in the NWAuth database with usernames and groups settings so that
you know what domain each login belongs to. Here is a table with the data
you would want to put into NWAuth.
The Groups setting uses an identifier to match up the userlogin to a "virtual
domain" the identifiying string can be anything as long as it matches
the User Class setting called "Specific usergroups in this class".
| User Login | Password | Groups |
| a.com | hdmfdg | a.com |
| b.com | oivaesf | b.com |
| c.com | oahfkfk | c.com |
| aaron | bcxmn | local |
| abbey | xdyn | local |
| bob | hgdbfg | local |
| ablogs | xhnd | local |
| gblogs | zsrqqc | local |
| peterp | rnhgfh | local |
| james | zergy | local |
| john | setdgh | local |
| ... | ... | ... |
To enter the data into the NWAuth you could output the table data into a batch file in the format
nwauth set $User $Password groups="$Groups"
(one line for each
user)
In the GUI you need to set the Usergroups for each User Group to be one
of the four user groups. Also you need to set the login home directories,
for this setup I would reccoment that you change the default mappings
for the three domains (a.com, b.com, c.com) from the defaults:
| Alias | Path |
| / | ~ |
To (one for each matching domain):
| Alias | Path |
| / | c:\domains\a.com |
| Alias | Path |
| / | c:\domains\b.com |
| Alias | Path |
| / | c:\domains\c.com |
And set the local.isp.com aliases to this (the defaults)
| Alias | Path |
| / | ~ |
and set the setting "Root path for users (~ translation uses this)" to "c:\local\home"
This would mean that the local.isp.com user named "aaron" would login to the location "c:\local\home\aaron"
Once this is set correctly you can attempt to login. If you are unable to login use these steps to find the problem.
1. Check that the "groups" setting is called "groups" for the logins, if it is called "group" it will not work, everyone will log into the default domain (if i has no usergroups setting) or no domain (login fails).
2. Set SurgeFTP Global setting "Logging Level" to "debug". attempt to login
sslftp aaron:bcxmn@127.0.0.1
Connected to 127.0.0.1
starting SSL/TLS
secure protocol TLSv1 used.
Channel open, login Failed!
sslftp>
Hmm, whats this problem? aaron cant login? Click on the Log button at the top of SurgeFTP GUI, type in "aaron" and click search.
22 13:38:28.26:dbg:2496: start (USER aaron) 10
22 13:38:28.26:Info:2496: <-- USER aaron
22 13:38:28.26:dbg:2496: Got command user aaron
22 13:38:28.26:Info:2496: --> 331 Password required for aaron.
22 13:38:28.27:Info:2496: Spawned login error (-ERR aaron password wrong
or not a valid user)
22 13:38:28.27:dbg:2496: user_login_generic(local.isp.com,aaron,******,0)
-ERR aaron password wrong or not a valid user
22 13:38:28.27:Info:2496: User Lookup failed aaron -ERR aaron password
wrong or not a valid user
22 13:38:29.27:Info:2496: --> 530 Login incorrect aaron -ERR aaron
password wrong or not a valid user
22 13:40:19.49:dbg:2476: Form content (domainid=&fname=surgeftp.log&find=aaron&last=8k&cmd_log=Search+Now)
After the "331 Password required for aaron." response we see that "Spawned login error (-ERR aaron password wrong or not a valid user) ". The Spawned login error means that the error is from an external authentication module, nwauth in this case. The error indicates that username or password does not exist.
Click on the users tab at the top of the GUI. Type in "aaron" in the Username field and click "Lookup".
User (aaron) not found in database for this domain. (-ERR aaron not found )
This means that user name aaron was not found, you need to enter it in the database, type in his username, password and the group he belongs to "local" in this case, and then click on "Save New User" not the save button.
Password Updated
+OK aaron added to database
All is good, try logging in again
sslftp aaron:bcxmn@127.0.0.1 220 FTP Server 234 Enabling SSL starting SSL/TLS secure protocol TLSv1 used. 331 Password required for aaron. 230 User aaron logged in. Successful "aaron" login sslftp> pwd 257 "/" is current directory. sslftp> ls -l 200 PORT command successful. 550 File or Directory does not exist (\) 550 File or Directory does not exist (\) 550 File or Directory does not exist (\) sslftp>
Hmmm, whats wrong here? I think maybe the path may not be set up correctly for his user group. Let make the paths print out when aaron connects, go to User Class "local.isp.com" and scroll down to Banner. Type in "%virtual_paths%" and click save. Enter this for all other user classes if it does not already exist (dont forget to click save!)
Try logging in again:
sslftp aaron:bcxmn@127.0.0.1 Progress Indicator On Connected to 127.0.0.1 220 FTP Server 234 Enabling SSL starting SSL/TLS secure protocol TLSv1 used. 331 Password required for aaron. 230- Alias Real path Access 230- / \home\aaron read+write 230 User aaron logged in. Successful "aaron" login sslftp> pwd
257 "/" is current directory.
sslftp> ls -l
200 PORT command successful.
150 Opening ASCII mode data connection for file list. (\)
226 Transfer complete. can't list: No such file or directory
sslftp>
Hmmm, whats wrong? the users home directory is not being set correctly (\home\aaron). This is the default users home location if no setting is srt, so go check that setting. In this case it was empty so I went and set it to "c:\local\home\" which is what it is supposed to be.
sslftp aaron:bcxmn@127.0.0.1
Progress Indicator On
Connected to 127.0.0.1
220 FTP Server
234 Enabling SSL
starting SSL/TLS
secure protocol TLSv1 used.
331 Password required for aaron.
230- Alias Real path Access
230- / c:\local\home\aaron read+write
230 User aaron logged in.
Successful "aaron" login
sslftp> pwd
257 "/" is current directory.
sslftp> ls -l
200 PORT command successful.
150 Opening ASCII mode data connection for file list. (\)
226 Transfer complete.
-rwxrwxrwx 1 owner group 5 Aug 22 13:59 yes.txt
sslftp>
The file yes.txt is what I personally went and put in the location c:\local\home\aaron\yes.txt so that I could see that the login was going to the correct location. It is all set up correctly for this domain now. Time to relax with a cuppa tea and a scone :-)