Is it possible to use a system variable like $LoginID in a Group's Home Directory and Directory Access settings?  I was thinking to create a generic group to span multiple users that would help define the path for all home directories for users who are members of the group.  I tried using the $LoginID found on System Variables In Serv-U.  The result was when the user signed into the FTP server the home directory with the directory name $LoginID was created instead of the actual loginId of the user.  So, my attempts to see if it works didn't pan out with much success.  If it matters this is a group and user created in the "Database Groups" and "Database Users" on an Ftp domain.  This is Serv-U FTP 15.1.0 on Linux.

Thank you,

Mark

Hi,

We are using mount points for home directories and ftp logging.  I would like to guarantee serv-u does not write any log files or create home directories unless the mount target has successfully mounted.

I have found that if the mount isn't present Serv-u will write log files and create home directories in the directory of the mount point.  This creates a problem because the files written will not show up in the directory when the mount is created and the mount's directory structure will be present.  This could potentially lose data if files have happen to been uploaded during a period a failed mount or missing mount.

This mount issue is increased when the mount target is a network resource that could potentially not be available at the time the FTP server is attempting to create the mount. 

-Mark

does anyone know?

Hello,

Can SolarWinds Engineers test their Serv-U implementation against Qualys SSL Labs SSL Server Test?

Qualys SSL Labs - Projects / SSL Server Test

https://www.ssllabs.com/ssltest/

Serv-U test against Qualys SSL Labs SSL Server Test

Qualys SSL Labs - Projects / SSL Server Test

https://www.ssllabs.com/ssltest/

1. I would like the ability to disable older protocols like SSL2, TLS 1.0 and TLS 1.1 and only allow newer protocols such as TLS 1.2 and SSL3.

2. I would like the ability to disable Insecure Cipher Suites such as:

SSL_CK_DES_192_EDE3_CBC_WITH_MD5 (0x700c0)   INSECURE

SSL_CK_RC4_128_WITH_MD5 (0x10080)   INSECURE

SSL_CK_RC2_128_CBC_WITH_MD5 (0x30080)   INSECURE

SSL_CK_IDEA_128_CBC_WITH_MD5 (0x50080)   INSECURE

3. I would like them to address OpenSSL CCS vulnerability (CVE-2014-0224)

https://community.qualys.com/blogs/securitylabs/2014/06/13/ssl-pulse-49-vulnerable-to-cve-2014-0224-14-exploitable

4. I would like support for Forward Secrecy.

https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy

Thanks,

Jimmy

SolarWinds Serv-U v15.1.0 Hot Fix 3 is now available and can be downloaded from here.

• Corrects an issue where SSH keys are not allowing Serv-U macros within their file paths.

This hot fix also contains hot fix 2:

• Corrects an issue where Serv-U Gateway does not bind to the proper port for outgoing FTP data connections.

-------------------------

Installation Instructions

-------------------------

This hotfix requires updating both Serv-U and Serv-U Gateway. The updated files are contained in a folder named after each product. Within each folder is a folder for each supported platform.  Please use the binaries for your appropriate platform when updating Serv-U and
Serv-U Gateway.  The folder contains files, with the appropriate directory structure (if necessary), to upgrade your installations.

This hot fix requires Serv-U and Serv-U Gateway version 15.1.0.

-------------------------

TO INSTALL:

1. Shut down all running Serv-U processes.
   • Right-click the tray icon, and then select "Stop Serv-U".
   • Right-click the tray icon, and then select "Exit Tray".
   • Stop the Serv-U Gateway service
     • [Windows] Open Services from Administrative Tools, and then stop the service named "Serv-U Gateway".
     • [Linux] From a shell, stop the Serv-U Gateway service using: service Serv-U-Gateway stop
2. Make a backup copy of the following files:
   • Windows:
     • <Serv-U-InstallDir>\Serv-U.dll
     • <Serv-U-GatewayInstallDir>\Serv-U-Gateway.exe
   • Linux:
     • <Serv-U-InstallDir>\Serv-U
     • <Serv-U-GatewayInstallDir>\Serv-U-Gateway
3. Extract the ZIP file to a temporary location.
4. Open the folder for the platform Serv-U is installed on.
   1. For example, open the "Windows 64-bit" folder if Serv-U is installed on a 64-bit version of Windows.
5. Copy the contents of this folder to your Serv-U installation directory. For Windows, the default installation directory is:
   C:\Program Files\RhinoSoft\Serv-U
   -or-
   C:\Program Files\RhinoSoft.com\Serv-U
6. Repeat this process for Serv-U Gateway. The installation directory for Serv-U Gateway is named "Serv-U Gateway" and is found in the same parent folder as Serv-U's installation directory.
7. On Linux, you must also modify the permissions of the files:
   • chmod u+xs Serv-U
   • chmod u+xs Serv-U-Gateway
8. Restart the "Serv-U Gateway" system service.
9. Restart the Serv-U tray application.
10. Right-click the tray icon, and then select "Start Serv-U".

------------------------

TO UNINSTALL:

1. Shut down all running Serv-U processes.
   • Right-click the tray icon, and then select "Stop Serv-U".
   • Right-click the tray icon, and then select "Exit Tray".
   • Stop the Serv-U Gateway service
     • [Windows] Open Services from Administrative Tools, and then stop the service named "Serv-U Gateway".
     • [Linux] From a shell, stop the Serv-U Gateway service using: service Serv-U-Gateway stop
2. Replace the following files with your backed up copy:
   • Windows:
     • <Serv-U-InstallDir>\Serv-U.dll
     • <Serv-U-GatewayInstallDir>\Serv-U-Gateway.exe
   • Linux:
     • <Serv-U-InstallDir>\Serv-U
     • <Serv-U-GatewayInstallDir>\Serv-U-Gateway
3. Restart the "Serv-U Gateway" system service.
4. Restart the Serv-U tray application.
5. Right-click the tray icon, and then select "Start Serv-U".

-------------------------

For more information, contact Technical Support at

http://www.Serv-U.com/prodsupport.asp

Hi there - we're a Solarwinds customer currently leveraging a bunch of products, and the thwack community's been really helpful over the last couple of years with honest info.

We're trialing Serv-U right now, with the main focus being the secure filesharing piece - specifically, giving our folks the ability to send links to external partners, etc. to grab files that too large for most email systems while allowing us to retain virtual possession of those files on our prem.

Seems to work great so far.

My boss has posited a couple of questions regarding the administrative cost of the product, however, and I wanted to reach out and hear from current Serv-U owners and admins.

1. What's your overall take on the adminstrative cost of the product? Do you spend a lot of time touching the admin side?

2. The logging ability looks adequate at first glance, but we're thinking about basic compliance and identification of external connections. Anything missing here from the log output that we might like to know about?

3. Any issues/instability/weirdness with using the Gateway product to terminate connections in the DMZ? Looks straightforward, but obviously there may be gotchas inherent.

4. I didn't find a lot of 'this is broken' stuff on the forum, hence my questions here.

Thanks for any info, and if you don't feel comfortable addressing the post, please feel free to message me directly on thwack.

Hello,

Is-it possible to list, on the admin console, all shares of the domain ?

With the possibility to manage them.

Regards,

Sylvain

Having a problem specifying a Virtual Directory for one of my Windows Groups.  If I go to Configure Windows User Group... it will allow me to configure the Default Windows User Group settings for everyone in my domain.  There is a folder on the local server that I only want one OU to have access to.  If I use the Default Windows User Group to configure the Directory Access and Virtual Paths it works but it applies it to everyone.  If I try to do the same thing for the group that I want to have access to this directory then nothing happens.  I have tried setting Apply server and domain directory access rules before user and group under Limits & Settings > Limit Type > Advanced to Yes and No.  Neither option made a difference.

What am I missing?

Hello,

I am attempting to create a custom .so for a Linux Serv-U installation.  I may have a fundamental misunderstanding of how the library is called and what it can do.  I was hoping someone could point me in the right direction.  I have implemented the SUUAIsUserDirty() and SUUAVerifyPassword() functions and commented out the rest.  The main reason I want to use the API is because the login and access rules are being driven by a separate application.  I have the Serv-U database setup to automatically reflect changes made in this other system.  Most significantly, the passwords are stored using a different hashing algorithm than the default Serv-U one.  Therefore I thought I could have SUUAIsUserDirty() check for changes made while a user is logged in and SUUAVerifyPassword() use the different hashing algorithm.  (I am still in the testing/building phase so I am also considering implementing additional functions once I have a better understanding of how these all interact)

I originally tested the two functions by creating a test executable that would pass parameters to these functions...and they seem to be sufficiently developed to test them in Serv-U.  When I add the library in the Serv-U Management Console I see the library loaded in the logs.  However, when I try to login with a test user, the SUUAVerifyPassword() function does not seem to be called when authenticating the user.

A couple of concerns I have right off the bat.  If this function did work would it lock me out while using the admin account?  The users I want this function to apply to are database users.  I would like the admin user to continue using the built in Serv-U password verification.

I am assuming there is more needed to get Serv-U to call these functions.  (Perhaps some of the API functions are needed that I am not implementing?).  I am assuming the main Serv-U thread passes the values from the login form to the functions in the integration library.  If not, I am not certain how to obtain these values.  I am leaving out quite a few details because I want to make sure my general understanding of what needs to be implemented isn't way off the mark.  I will be happy to elaborate as necessary.

Any advice/guidance would be greatly appreciated.

Thank you!

Hi...i want to ask, can i put custom text on webclient ? i want to give light instruction for the users

thanks

hi, can i create default group?

So i don't need to add group again when creating new ftp user

Thanks

Hello again,

See previous post here: Custom Serv-U Integration Library Questions(big thanks to dougpapenthien)

I believe I have implemented the necessary functions for my custom integration library.

{

     SUUAFindUser,

     SUUAGetAttribute,

     SUUAEnumDirAccess,

     SUUAVeriftyPassword,

}

(I have a few others returning true or false based on their usage for testing purposes).

However, I am running into a new issue.  When I attempt to log in with a test user I get the following error:

"ERROR: Login was not successful."

The Domain log shows the following:

"Error logging in user "user", home dir "/path/to/dir" does not exist.

Interestingly, the first time I tried to log in, Serv-U created the directory on my behalf and reflected this in the domain log.

I am suspicious of ownership/permission issues, but I gave the directory full access for testing purposes...This did not help.  During an earlier phase of development I left the SUUAGetAttribute() function as is which defaulted users to the file system root directory.  I was able to log in then.  Additionally, I tested the record in my database as a Database user using the Serv-U GUI and was able to log in and see the appropriate directories just fine.  (I had to disable database users since the Library users are lowest on the hierarchy).  I found an article online that addressed this issue in a Windows environment that had to do with running Serv-U as a service, but it only exists when I implement my custom library, so I am assuming it is something in my implementation I am overlooking.

Any advice/guidance would be greatly appreciated.

Thank you!

Hello everyone,

I wanted to take some time to review FTP interaction; specifically the way Serv-U communicates with web browsers.

When you open up your Serv-U server to port 21 you give your users the option of coming to login from the many FTP client options.

In that list you will find your internet browsers (IE, Chrome, Mozilla) each browser has its own behavior and interaction with Serv-U.

When you go to a browser and type "ftp://10.110.X.XXX" and hit enter you will be starting the two way communication with the FTP server and the built in FTP client of the whatever browser you choose.

A typical Serv-U FTP communication will look something like this in the Serv-U / FTP client log (if the FTP client has a log)

- Connecting to XX.XXX.XX

- 220 - The 220 reply code is sent in response to a new user connecting to the FTP server to indicate that the server is ready for the new client

- USER XXXXXX (User login information)

- 331 User name okay, please send complete E-mail address as password.

- PASS ************ (User password information)

- User "UserName" logged in

- 230 - The server sends a 230 reply code in response to a command that has provided sufficient credentials to the server to grant the user access to the FTP server.

After this comes a combination of varying commands to retrieve information, apply configuration, and direct the user to correct directory.

After the FTP client sends the list of commands it will send a LIST command to the Serv-U server

Once Serv-U receives that LIST command it will send a the directory listing for that user.

Now for the interesting part. Serv-U is only listening for commands and replying to hose commands it does not dictate how or in what order a FTP client send the commands or when it logs off and on.

As you will see in the following test EVERY FTP client interacts very differently with Serv-U.

There is nothing Serv-U can do to force the clients to behave the same or connect when something outside of its control is stopping that connection such as firewall, configuration, antivirus, ISP, or many other factors.

_______________________________________________________________________________________________________________________________________

In this example I opened a internet browser and follows the exact same steps each time

- Open the browser in privacy mode (to make sure information was not cached)

  Chrome = Incognito

  Mozilla = Private window

  IE = CTRL+SHIFT+P = InPrivte Mode

- Navigate to ftp://10.XXX.X.XXX

- Enter user name and password

- Open "Testing" Folder

- Open "Black 135i.jpg" in browser

- Navigate back

- Right click on Black 135i file and save as.jpg

- Close browser page

As you will see each browser handled the interaction VERY differently

_______________________________________________________________________________________________________________________________________

Starting with Mozilla version 32.0

It connects much like a typical FTP client (FileZilla, FTP Voyager) asking for credentials and

after a completed connection sending the LIST command to retrieve the directory listing and leaving the connection the Serv-U server OPEN

You will see in the attached (Mozilla FTP - 32.0.txt) file that once I start to navigate and preform the above steps Mozilla keeps the same connection and NEVER closes the connection.

When new information is requested Serv-U sends it and Mozilla displays or downloads that information.

Only once the Mozilla window is closed is the connection closed.

Here is a screenshot of that directory listing from Mozilla

_______________________________________________________________________________________________________________________________________

Now to Chrome 37.0.2062.120

We see very different behavior as you are more than welcome to see in the attached log file (Chrome FTP - 37.0.2062.120.txt)

Unlike Mozilla Chrome does NOT keep the one original connection live the entire time.

Once Chrome logs in and completes the LIST command it immediately starts to download any additional files on that page and in its sub directories.

During testing I was unable to determine when it stops to do this and what its file size limits where and how it dictacts what is to large or small for this first mass download.
Because of this the log reads very differently than most FTP clients and constantly logs in and out of Serv-U.

One thing is for sure unlike FTP clients and Mozilla Chrome does indeed keep your username and password for its own use during the session.

Serv-U has NO CONTROL of how Chrome interacts with it and if you do not like the FTP logic it uses we can only suggest using a different browser or FTP client.

We also CANNOT stop a user from using Chrome or any browser / client.

Here is a screenshot of that directory listing from Chrome

_______________________________________________________________________________________________________________________________________

Next is Microsoft Internet Explorer version 10

For the sake of this example I simply attempted the exact same steps as the above connections.

After the initial connection which did reach Serv-U and prompt me for user credentials I was greeted with a "This page can't be displayed" message from IE

A review of the Serv-U logs showed me what was wrong (Attached as IE FTP - 10.0.9200.1708.txt)

Internet Explorer did not send the full  CWD (Change Working Directory) command like the other browsers

Without the Serv-U log showing me that the browser is not sending the correct information I would not know why this failed and if IE was the only resource for me as a user I would be stuck and would most likely have to contact the Serv-U administrator.

As a Serv-U admin there is nothing Serv-U can do to force IE to send the correct CWD command like both Chrome and Mozilla did.

Here is a screenshot from the failed IE connection

Additionally here is a discussion on TechNet concerning IE and its several issues with FTP connections

How do I open an ftp site using Internet Explorer 10?

_______________________________________________________________________________________________________________________________________

BONUS ROUND !

For our Windows users with issues with IE we have another method of native FTP connections

Simply open Windows Explorer (Windows Key + E)

and type the FTP address in the file path

Just like the browsers this will connect via port 21 to Serv-U and begin a line of communcation

Much like a standard FTP client and Mozilla this interacts with Serv-U in a typical manner with one connection requesting information as the user navigates the file directory.

Attached is the log named (Windows Explorer FTP - Windows 8 Enterprise.txt)

And a screenshot of a Explorer FTP connection

Hi, can i automatically delete files in user's folder when the user is disabled?

Thank you

How many GB can Serv-U store? Thanks

hi,

Our scan software is reporting openSSL multiple remote security vulnerabilities on servu server.  Does Servu use openSSL and if yes will it be upgraded to a  compliant version?

thank you

would like to know if it is possible to remove the link when you click on browse in the Send File section. Setting or actually remove it in the html?

A new Managed File Transfer certification was released last month.  Called the "Certified File Transfer Professional", or "CFTP", the video- and study guide-based training program was developed with experts from seven different MFT vendors (and the entire transmission staff of BNY Mellon), including Serv-U's technical lead from Solarwinds, and is intended to quickly prepare IT staff to manage daily operations of a Serv-U MFT Server, Serv-U FTP Server, automated transfer clients, and other managed file transfer technology.   

Topics covered in the CFTP program include:

• Managed File Transfer Concepts  – Covers proper use of MFT, clients and servers, data at rest and data in motion, encryption, hashing, PKI and IPv4 and IPv6.
• Basic Protocols  – Covers FTP, FTPS, SFTP and SCP.
• Advanced Protocols  – Covers HTTP, HTTPS, advanced web-based file transfers, WebDAV, email and NDM (Connect:DIRECT).
• Applicability Statement Protocols  – Covers AS1, AS2 and AS3.
• Accelerated File Transfer– Covers UDP-based file acceleration and related techniques.
• File Synchronization and Sharing– Covers “ad hoc” file transfer and collaboration.
• “At Rest” Encryption– Covers file encryption including OpenPGP, SMIME and “Zip” encryption.
• File Transfer Operations  – Covers troubleshooting, SLAs, and automation.

More information, including a short video and excerpts from the free (registration required) study guide is available on the official CFTP web site.

QUESTIONS:

• Is the CFTP program something that you would be interested in for your own career? 
• Could you see using the CFTP program to onboard new transmissions staff? 

hello I have a problem with the email

SMTP is configured correctly with an account (xxx@xxx.com) and emails of events work´s fine.

My problem it´s with file share, when a user is typing the contact details in the email field  he write her email account, that is (yyy@yy.com) the  email  not sent.

In log gives an error:

Sender address rejected: not owned by user xxx@xxx.com

sending mail works only if in email field of  contact details I write this  account xxx@xx.com

Is this normal operation? Only can put the email account configured on the SMTP email in the field?

Hello!

After starting the Management Console  Serv-U an error:g_sAjaxNotSupported - definition does not exist.
Serv-U:15.1.0

Windows Server 2003 SP2