Set AD user SFTP home folder

Status
Not open for further replies.
tbaror

tbaror

Contributor
Joined
Mar 20, 2013
Messages
105
Hello All ,

I have Freenas box that's is configured with active directory and allowing sftp logins
The ides is to replace ftp with sftp and using only active directory users accounts
My question is when i log-in with AD user i get no home directory and i see the root dir , how can i set home dir for AD users ?
Please advise
Thanks
 
D

dlavigne

Guest
Good question as I'm pretty sure that only works for local accounts in FreeNAS.

Anyone else think of a way to do this?
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
dlavigne said:
Good question as I'm pretty sure that only works for local accounts in FreeNAS.

Anyone else think of a way to do this?
Click to expand...

You might be able to set up an SFTP chroot for the dataset where the user shares are located. For instance, if you have /mnt/Tank/Foo/Users/%username%, you can set /mnt/Tank/Foo as the chroot directory. This will cause SFTP sessions for your SFTP users to start in /mnt/Tank/Foo.

FYI, I have home directories for my AD users located under /home. It might be because I checked the box "use default domain" under "directory services" -> "Active Directory".
 
tbaror

tbaror

Contributor
Joined
Mar 20, 2013
Messages
105
Hi ,
Thanks for the info , can you please share command sytax example how to do it?
i tried with chsh username@domain but its not saving changes and i get error
Thanks
Code:
[root@temstorage] ~# chsh svc@domain.local
#Changing user information for DOMAIN\svc.
Login: GEFEN\svc
Password: *
Uid [#]: 21187
Gid [# or name]: 20513
Change [month day year]:
Expire [month day year]:
Class:
Home directory: /mnt/po01/tbaror
Shell: /bin/sh
Full Name:
Office Location:
Office Phone:
Home Phone:
Other information:
~

~
~
~
~
~
~
/etc/pw.H3G3rM: 15 lines, 296 characters.
chsh: upper-case letters are dangerous in a login name
chsh: entry inconsistent
chsh: pw_copy: Invalid argument
 
Last edited:
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
tbaror said:
Hi ,
Thanks for the info , can you please share command sytax example how to do it?
i tried with chsh username@domain but its not saving changes and i get error
Thanks
Code:
[root@temstorage] ~# chsh svc@domain.local
#Changing user information for DOMAIN\svc.
Login: GEFEN\svc
Password: *
Uid [#]: 21187
Gid [# or name]: 20513
Change [month day year]:
Expire [month day year]:
Class:
Home directory: /mnt/po01/tbaror
Shell: /bin/sh
Full Name:
Office Location:
Office Phone:
Home Phone:
Other information:
~

~
~
~
~
~
~
/etc/pw.H3G3rM: 15 lines, 296 characters.
chsh: upper-case letters are dangerous in a login name
chsh: entry inconsistent
chsh: pw_copy: Invalid argument
Click to expand...
I was thinking more along the lines of the following:
  • Create dataset /mnt/Tank/SFTP_Chroot and have it owned by "root:wheel" with Unix permissions type
  • Create an AD Group "SFTPUSERS"
  • Add the following "Auxiliary Parameters" your your sshd config in the freenas webgui
  • Under "Directory Service" -> "Active Directory", check the box "Use Default Domain"
Code:
Match Group SFTPUSERS
   ChrootDirectory /mnt/Tank/SFTP_Chroot
   ForceCommand internal-sftp
   PasswordAuthentication yes
   AllowTcpForwarding no
   PermitTunnel no
   X11Forwarding no
 
Status
Not open for further replies.

Similar threads

loinn1001
Help me set SFTP home folder when connect by AD user
Replies
0
Views
729
loinn1001
loinn1001
DoulosGeek
  • Locked
SFTP Folder Problem
Replies
7
Views
1K
dlavigne
D
S
  • Locked
How do you assign a FreeNAS home directory to an AD user?
Replies
1
Views
2K
jgreco
jgreco
tbaror
  • Locked
Ftp using AD users Authentication
Replies
2
Views
4K
tbaror
tbaror
Vero O
  • Locked
File sharing with SMB/CIFS and SFTP
Replies
7
Views
7K
Darren Myers
Darren Myers
Top