Ftp using AD users Authentication

Status
Not open for further replies.
tbaror

tbaror

Contributor
Joined
Mar 20, 2013
Messages
105
Hi All,

I have a FreeNas used as FTP + CIFS Share, the storage is part of the Active directory , i can assign permission to cifs share with no problem .
I have a need to use the ftp authentication also with Active Directory users , looking on help doc its little bit confusing
If you require your users to authenticate before accessing the data on the FreeNAS® system, you will need to either create a user account for each user or import existing user accounts using Active Directory or LDAP.
Click to expand...
How do i import AD user and set it FTP access or its goes with folder NTFS permission
Is there any more detailed how to do it?
Please advise
Thanks
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
tbaror said:
Hi All,

I have a FreeNas used as FTP + CIFS Share, the storage is part of the Active directory , i can assign permission to cifs share with no problem .
I have a need to use the ftp authentication also with Active Directory users , looking on help doc its little bit confusing

How do i import AD user and set it FTP access or its goes with folder NTFS permission
Is there any more detailed how to do it?
Please advise
Thanks
Click to expand...
I believe you'll need to configure /etc/pam.d/ftp per instructions here: https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id2654732

Not to be patronizing, but this is the point where you may want to think really hard about the security implications of what you're trying to achieve. With FTP you're going to be flinging domain credentials in the clear over the wire. This is bad. Potentially very bad. If there is even the slightest possibility of someone being able to pull of a MITM on a domain admin account, I'd go back to the drawing board.

I'd feel much more comfortable configuring SFTP (as in SSH File Transfer Protocol) and deploy / configure winscp. PAM and winbind are already configured in a way to let you do this (less mucking around with internals) and it's actually secure.
 
tbaror

tbaror

Contributor
Joined
Mar 20, 2013
Messages
105
Hi,
Thank you very much for the advise ,
our ftp is already set as sftp authentication
Thanks
 
Status
Not open for further replies.

Similar threads

tbaror
  • Locked
Set AD user SFTP home folder
Replies
4
Views
4K
anodos
anodos
Bram
  • Locked
One directory shared with CIFS and FTP using different permissions
Replies
1
Views
3K
dlavigne
D
D
  • Locked
AD Authentication with FTP Fails
Replies
2
Views
4K
James
J
I
  • Locked
FreeNAS-9.10.2-U3 (e1497f269)
Replies
13
Views
2K
imransheriff
I
M
  • Locked
Seeking FTP setup documentation or paid remote assistance
2
Replies
28
Views
4K
SweetAndLow
SweetAndLow
Top