[isalist] Re: FTP Delete

  • From: "Young, Gerald G" <Gerald.Young@xxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 31 May 2006 15:48:06 -0500

http://www.ISAserver.org
-------------------------------------------------------

If ISA will return an FTP 550 access denied error, then you're right,
the OS of the FTP server doesn't matter.  But I didn't think ISA would
return a protocol error on behalf of a protected server.  Does it really
do that?

In past experience - pre-ISA - a 550 error usually meant one of the
following (which is why I asked about platform):

The initial FTP directory is not set.

The 550 error means that the client is being told by the server that the
user who logged on does not have permission to perform the action being
attempted - in this case delete.  This could either be the specific file
or the directory in which the file resides.

And, if I recall correctly, in the *nix world you can configure FTP to
grant permissions based on source IP - even IIS can do this.

From the description of your problem, it sounds like you can delete
files just fine on the FTP server when connecting from a client local to
the FTP server's subnet but can't from outside of that subnet.  If
that's the scope, I'd start by looking closer at home - the
configuration of the FTP server - before jumping into ISA, unless, of
course, ISA does return FTP protocol error codes.

Cordially yours,
Jerry G. Young II
  MCSE (4.0/W2K)
Atlanta EES Implementation Team Lead
ECNS Microsoft Engineering
Unisys
 
11493 Sunset Hills Rd.
Reston, VA 20190
Office: 703-579-2727
Cell: 703-625-1468

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Amy Babinchak
Sent: Wednesday, May 31, 2006 4:22 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: FTP Delete

http://www.ISAserver.org
-------------------------------------------------------
  
By server, I meant one of the local servers on site, not the FTP server.
Sorry for not being clear.

I don't know that OS the FTP server runs. I don't think it matters for
this issue.

Amy
 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Young, Gerald G
Sent: Wednesday, May 31, 2006 4:11 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: FTP Delete

http://www.ISAserver.org
-------------------------------------------------------
  
What platform is it?

And I didn't quite understand what you meant when you said:

"If administrator logs into the workstation, no delete. If administrator
logs into the server, then delete works."

Do you mean to say that if a delete is attempted remotely it doesn't
work but if it's attempted on the server it works fine?

You say that it's the same FTP login credentials for all users.

If it works for you but not someone else, might the restriction be based
off of source IP?

Cordially yours,
Jerry G. Young II
  MCSE (4.0/W2K)
Atlanta EES Implementation Team Lead
ECNS Microsoft Engineering
Unisys
 
11493 Sunset Hills Rd.
Reston, VA 20190
Office: 703-579-2727
Cell: 703-625-1468

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Amy Babinchak
Sent: Wednesday, May 31, 2006 4:05 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: FTP Delete

http://www.ISAserver.org
-------------------------------------------------------
  
The FTP site is not a Windows 2003 server.

Amy
 



-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Young, Gerald G
Sent: Wednesday, May 31, 2006 3:50 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: FTP Delete

http://www.ISAserver.org
-------------------------------------------------------
  
Amy,

If the users are getting a 550 access denied error that indicates to me
that traffic is passing between the client and server just fine.  I'd
look at the permissions on the particular file that they are attempting
to delete.

If the server is Windows 2003, you can open up properties on the file in
question, flip over to the security tab, hit the advanced button, then
flip to the effective permissions tab, plug in the user in question and
see what their effective permissions are for that file.

A lot of people will miss specific deny permissions on files, which will
take precedence over any allow permissions.

Cordially yours,
Jerry G. Young II
  MCSE (4.0/W2K)
Atlanta EES Implementation Team Lead
ECNS Microsoft Engineering
Unisys
 
11493 Sunset Hills Rd.
Reston, VA 20190
Office: 703-579-2727
Cell: 703-625-1468

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Amy Babinchak
Sent: Wednesday, May 31, 2006 3:14 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] FTP Delete

http://www.ISAserver.org
-------------------------------------------------------
  
I have a client whose FTP site is hosted by SBC. Local users are unable
to delete files on the FTP site. They get a 550 access denied error.
We've tried various FTP clients and IE with the same results. All local
PC's are XP SP2 running the firewall client. SBC insists this is a local
firewall issue. I'm not seeing it. Anyone think SBC's diagnosis has any
merit? The only thing that has me questioning myself is that if I log
onto the server as administrator and attempt to delete from the FTP
site, I can. 

I have loads of successful FTP connections and only 2 denied packets in
the last 24 hours. They look like this:
 
Original Client IP      Client Agent    Authenticated Client    Service
Server Name     Referring Server        Destination Host Name
Transport       MIME Type       Object Source   Source Proxy
Destination Proxy       Bidirectional   Client Host Name        Filter
Information     Network Interface       Raw IP Header   Raw Payload
Source Port     Processing Time Bytes Sent      Bytes Received  Result
Code    Cache Information       Log Record Type Log Time
Destination IP  Destination Port        Protocol        Action  Rule
Client IP       Client Username Source Network  Destination Network
HTTP Method     URL     Error Information       HTTP Status Code
70.229.250.114  -                       SVCTAG-H442T91          -
TCP                     -       -               -               -
-       -       1540    0       0       0       0xc0040017
FWX_E_TCP_NOT_SYN_PACKET_DROPPED        0x0     Firewall
5/31/2006 9:25:26 AM    68.142.234.92   21      FTP     Denied
Connection      -       70.229.250.114  -       Local Host      External
0x0     
Amy
 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts: