Cerberus Secure and Reliable File Transferring Made Easy!
 
Support

The User Manager

About Cerberus FTP Server Authentication

Cerberus FTP Server can manage user accounts from three different sources. The first is the default Cerberus FTP Server user database. The Cerberus default user database is displayed in the User List box on the General page of the User Manager. The accounts within the default database are users created just for Cerberus FTP Server. The directions on this page are for adding a user to this default database.

You may also use Cerberus FTP Server to authenticate Active Directory users when the machine hosting Cerberus is part of a domain (or the local NT account database), even if the computer Cerberus FTP Server is installed on is not the domain controller. See the page Active Directory Authentication for more information on how to configure Cerberus to allow authentication of Active Directory domain users.

Finally, users can also be authenticated against an LDAP service. See the section on configuring Cerberus for LDAP authentication for more information.

NOTE: Active Directory and LDAP authentication are only available in the Professional edition of Cerberus FTP Server.

Adding a new user

Users can be added and modified in the Cerberus FTP Server user database by opening up the User Manager and selecting the Users tab. To add a user, select "New" from the button to the right of the Cerberus User Accounts group box. A new user will appear under the user list box. The newly created user will already be in rename mode, so simply type in the new name of the user. All user names must be unique and are case insensitive. Once you have entered the new user name, press enter to commit the change. The user can then be configured by clicking on the user's name in the user list box.

User Manager picture
The Cerberus FTP Server User Manager- Users page

A list of configurable properties for that user will appear in the list box to the right of the user. Those properties are:

Password The password for the user.
Note: The Password always displays as 7 (*) characters.
Group A Cerberus FTP Server Group that this user belongs to.
Is Anonymous If checked, the user password is ignored and the user can be logged in using any password.
Is Simple Directory In simple directory mode the administrator can only assign one directory to represent the virtual directory for a user. See below for an explanation of this setting.
Is Disabled Determines whether the account can login or not. A disabled account cannot login into the server.
Simultaneous Logins The maximum number of connections this user can make to the server at the same time.
Require Secure Control (Applies to FTP only) If enabled, this user can only login to the server using a secure TLS/SSL encrypted connection.
Require Secure Data (Applies to FTP only) If enabled, file transfers will only be allowed over secure  TLS/SSL encrypted connections.
Disable After Date If a date is set here then the account will become disabled after the date specified.
Note: The granularity of the timer is 30 minutes. The account will be disabled within 30 minutes of the time set.
Allow Protocols to Login Controls which protocols a user is allowed to login with. If a protocol is not checked then the user will not be allowed to login using that protocol.
SSH Authentication Determines the authentication requirements for logging into an SFTP interface. Valid options are:
  • Password Only: Require only a password for authentication.
  • Public Key Only: Require only a valid public key for authentication
  • Public Key and Password: Require both a valid public key and a valid password for authenticating a user
Maximum Upload File Size This field can be used to limit the maximum size of an uploaded file.
Allowed IP Addresses A comma-separated list of IP addresses that this user can login from. If no IP addresses are specified then no per-user IP address filtering is enforced. Note, global IP address blacklists or whitelists are always enforced first, regardless of this setting.
User Manager picture
The SSH Authentication Method dialog under the User Manager

Configuring a user for SSH Public Key Authentication

The procedure for configuring a user for SSH Public Key Authentication in Cerberus FTP Server is:

  1. Open the Cerberus FTP Server User Manager. The default page is the Users tab.
  2. Select the User from the Cerberus User Accounts list that you wish to configure for Public Key Authentication.
  3. Double-click on the SSH Authentication Method property for the selected user. The Change SSH Authentication Requirements dialog will appear.
  4. Select the Public Key Only or Public Key and Password radio option. The Key Path edit box and file selection button will become visible/enabled.
  5. Select the folder button next the Key Path edit box. A file selection dialog box will appear.
  6. Select the public key file you wish to use for the selected user. Press Open button to select the file.
  7. Press OK button on the Change SSH Authentication Requirements dialog to close and save the new SSH authentication settings.
  8. Press the Close button on the User Manager to save the changes to the selected user.

The Virtual Directory System

The virtual directory (VD) system allows the administrator to attach any directory or drive to the root. When a client requests the root directory from the server, the VDs you specify are sent to the client. The client can also navigate to any of the VD directories' subdirectories. The VD system takes care of all path translation.

Security settings can be specified for each virtual directory. All subdirectories under the VD inherit the security settings of the VD.

There are 2 modes that a user account can operate in with respect to the virtual file system. The two modes are simple and standard mode.

Simple Virtual Directory mode

When a user account uses simple directory mode, the administrator can only assign one directory to represent the virtual directory for that user. Instead of that directory being seen as a subdirectory off of the root, the virtual directory selected will be the directory the user is placed in when they first log into the server. In other words, the directory selected as the virtual root directory will be the root directory.

Standard Virtual Directory mode

In standard mode (the Simple Directories option is un-checked), the administrator may add as many directories as virtual directories to a user account as desired. The directories selected will appear as subdirectories off of the root when the designated user logs into the server.

A Virtual Directory Mode Example

Let's take a user with one simple virtual directory called ftproot that maps to C:\ftproot.

Virtual Directory image

In Simple Directory mode, the remote root directory that the user sees, "/", is mapped directly to C:\ftproot on the server. The actual virtual directory name is ignored (you can think of it as always being named "/"). The user will see all files and folders in C:\ftproot listed in their root directory. They can upload and download files directly into the root directory and they will be uploaded or downloaded to C:\ftproot on the server.

When not in simple directory mode, the root directory "/" doesn't map to anything. Instead, the root directory "/" becomes a virtual file system that you can attach sub-directories to. When not in simple directory mode, you can add as many virtual directories to a user account as you like and the virtual directory name will become a sub-directory in the virtual root. However, you have to change to that sub-directory before you can upload or download anything. If you try to upload a file to the root folder "/" then the operation is invalid because the path "/" doesn't map directly to a folder on the server. You would need to specify the path /ftproot to upload or download files from the virtual directory ftproot.

Adding a virtual directory to a user account

Each user can be assigned different virtual directories. A virtual directory is added to a user account by using the User Manager, pictured above. To add a virtual directory to a user, first:

  1. Select the user in the "User List".
  2. Next, click on the button labeled .... This button is located below the "User List" list box, in the "Virtual Directory" group. Once you have clicked on the ... button, a "Browse for Folder" dialog will appear.
  3. Navigate to the directory you wish to add and press the OK button on the dialog box. The directory you selected should appear in the edit box to the right of the ... button.
  4. Finally, select the Add to Root (this button will be labeled "Assign as Root" in simple mode) button located to the right of the ... button.
Browse for dialog picture

The directory should appear in the "Virtual Root directory" list box. To configure the newly added directory, click on the directory name in the list box. The directory's permission options should appear in the list box to the right of the directory list. Place a check beside any permission that you would like to grant to the virtual directory and all of that directory's subdirectories.

Virtual Directory Permissions

Each virtual directory that you add for a user can have a separate and distinct set of access permissions. The settings applied to a top level virtual directory filter down to all of that root directory's subdirectories.

Permissions can only be assigned at the top, root level.

Home | Products | Download | Store | Contact Us | Support | Privacy Policy | Public Forums Disclaimer

Copyright © 2012 Cerberus, LLC

Follow us on Twitter Share with Facebook Read RSS Feeds