Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

FTP authentication question

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> SecureNAT Client >> FTP authentication question Page: [1]
Login
Message << Older Topic   Newer Topic >>
FTP authentication question - 10.Mar.2004 4:29:00 PM   
awj

 

Posts: 104
Joined: 26.Feb.2004
From: UK
Status: offline 		Have been testing this with a couple of different sites and there seems to be a problem here.

My setup is ISA 2004 beta with Secure NAT ie Internet explorer pointing at ISA server. If i type ftp://someserver.com (made up name) it appears that when i connect ISA server passes over my user name and password (i assume my Windows account details) and it then fails as they do not match with the external site. If the site does not allow anonymous access it works ok as i am then promted for a username and password again which allows me to supply the correct one and can login. However if the site does allow anonymous access (usually with restricted access which is no use) i get in anonymously and don't get the oppertunity to put in the correct details.

PS For this to work you need to have all users in the rule, if you use a windows group etc it does not seem to allow you to try a second login with user supplied details.

First off are my observations correct as if so it seems a bit worrying that potentially my windows username and password are being given to any ftp site i try to access.

Secondly how do i stop it happening so i am just prompted for a login when i connect to the ftp site of my choice?
Post #: 1
RE: FTP authentication question - 11.Mar.2004 1:08:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Al,

The good news is that if the client is configured as a SecureNAT client only, no credentials at all are sent to the firewall. The firewall treats you as an anonymous user and you are connecting through the firewall anonymously.

What are the details of the rule that allows the FTP client outbound access?

Thanks!
Tom

(in reply to awj)
Post #: 2
RE: FTP authentication question - 11.Mar.2004 10:33:00 AM   
awj

 

Posts: 104
Joined: 26.Feb.2004
From: UK
Status: offline 		The rule was just the one that is installed by the allow web access part of the standard templates.

I have now created a specific one that says allow ftp from internal to external for all users. The ftp part is configured as standard port 21 outbound with the ftp application filter on.

The problem is that for sites such as our new ISP where i need to upload our web site by default you get in anonymously by default. However you only get pointed to the correct location for your web site upload when you login and since i don't get the option of logging in when in explorer i have a problem.

PS I tried ftp from a command prompt and as i can then specify the username and password it is ok but not a great interface to upload files.

(in reply to awj)
Post #: 3
RE: FTP authentication question - 11.Mar.2004 10:51:00 AM   
awj

 

Posts: 104
Joined: 26.Feb.2004
From: UK
Status: offline 		Quick addition to the above, i also have this working with cuteftp so it may be more of an internet explorer question than anything. It seems to boil down to once you connect to a site with explorer how can you then login with a specific username and password?

(in reply to awj)
Post #: 4
RE: FTP authentication question - 11.Mar.2004 11:15:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Al,

I suspected it was a problem with IE. I've always found IE to be problematic with sites that require credentials, so I use the command line. CuteFTP is defintiely more user friendly, but when I need to use a GUI for FTP, I always use WS-FTP.

HTH<
Tom

(in reply to awj)
Post #: 5
RE: FTP authentication question - 19.Mar.2004 6:30:00 AM   
TNovak523

 

Posts: 8
Joined: 26.Feb.2004
From: Warren
Status: offline 		Have you tried using ftp://<username>:<password>@somewhere.com ?? That's worked for me in a pinch. You may also want to check out the option "Use passive FTP" in IE under Tools-->Internet Options-->Advanced Tab, which can help being behind a firewall...

(in reply to awj)
Post #: 6
RE: FTP authentication question - 19.Mar.2004 1:15:00 PM   
awj

 

Posts: 104
Joined: 26.Feb.2004
From: UK
Status: offline 		Might well work in some cases but as my isp uses email addresses as the username (with the @ sign in them) i think that removes the option. Just need to stick with a ftp client application.

Thanks for the suggestion though.

(in reply to awj)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> SecureNAT Client >> FTP authentication question Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts