napp-it ProFTP how to authenticate user against 2008 Active Directory

Discussion in 'Solaris, Nexenta, OpenIndiana, and napp-it' started by KarlMayer, May 16, 2016.

  1. KarlMayer

    KarlMayer New Member

    Joined:
    Jul 29, 2015
    Messages:
    1
    Likes Received:
    0
    we run OmniOS 151016 with the last napp-it release.
    User Authentication goes throgh a Windows Server 2008R2 AD.
    We created a admin user in active directory and gave the user full access on every share, using the ACL Extension Wizard in napp-it.
    the read and write rights are given by this admin user on a windows console to every active directory user individual.
    We do not use idmap on solaris side to minimize the administrative efforts.
    on chekcing the ACL per console the AD SIDs are showm.
    Environment is up and running and authentication works as good as well. (hangs sometimes for example with Acronis when trying to run Backups with the boot media, but thats another thing)

    How works the authentication with ProFTP?
    Right now with the basic proftp configuration our AD users cant connect to their home directorys, and how does it works to authenticate our ad users on proftp?
    reads proftp the CIFS/ZFS ACL?
    Please let me know which further informations you need to geive me a hint or a configuration example, many thanks for your efforts.

    the standard proftp configuration:
    This is a basic ProFTPD configuration file (rename it to
    # 'proftpd.conf' for actual use. It establishes a single server
    # and a single anonymous login. It assumes that you have a user/group
    # "nobody" and "ftp" for normal operation and anon.

    ServerName → → → "ProFTPD Default Installation"
    ServerType → → → standalone
    DefaultServer → → → on

    # Port 21 is the standard FTP port.
    Port → → → → 21

    # Don't use IPv6 support by default.
    UseIPv6 → → → → off

    # Umask 022 is a good standard umask to prevent new dirs and files
    # from being group and world writable.
    Umask → → → → 022

    # To prevent DoS attacks, set the maximum number of child processes
    # to 30. If you need to allow more than 30 concurrent connections
    # at once, simply increase this value. Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd).
    MaxInstances → → → 30

    # Set the user and group under which the server will run.
    User → → → → nobody
    Group → → → → nogroup

    # To cause every FTP user to be "jailed" (chrooted) into their home
    # directory, uncomment this line.
    #DefaultRoot ~

    # Normally, we want files to be overwriteable.
    AllowOverwrite → → on

    # Bar use of SITE CHMOD by default
    <Limit SITE_CHMOD>
    DenyAll
    </Limit>

    # A basic anonymous configuration, no upload directories. If you do not
    # want anonymous users, simply delete this entire <Anonymous> section.
    <Anonymous ~ftp>
    User → → → → ftp
    Group → → → → ftp

    # We want clients to be able to login with "anonymous" as well as "ftp"
    UserAlias → → → anonymous ftp

    # Limit the maximum number of anonymous logins
    MaxClients → → → 10

    # We want 'welcome.msg' displayed at login, and '.message' displayed
    # in each newly chdired directory.
    DisplayLogin → → → welcome.msg
    DisplayChdir → → → .message

    # Limit WRITE everywhere in the anonymous chroot
    <Limit WRITE>
    DenyAll
    </Limit>
    </Anonymous>
     
    #1
    Last edited: May 16, 2016
  2. gea

    gea Well-Known Member

    Joined:
    Dec 31, 2010
    Messages:
    2,261
    Likes Received:
    750
    There is no simple way to use AD accounts for ProFTP and there is no way for ProFTP
    to be aware of the Windows ACL (with Windows SID and Windows ACL inheritance).

    The best solution if you need ftp with AD users where Windows ACL are minded
    is using the ftp server on Windows Server with the ftp folder as a share on OmniOS/ZFS.
     
    #2
Similar Threads: napp-it ProFTP
Forum Title Date
Solaris, Nexenta, OpenIndiana, and napp-it Napp-it ProFTPD Problem Nov 10, 2017
Solaris, Nexenta, OpenIndiana, and napp-it Napp-it and ProFTPD problems [OmniOS] Jan 6, 2014
Solaris, Nexenta, OpenIndiana, and napp-it Napp-IT --> QNAP Migration Tuesday at 6:25 PM
Solaris, Nexenta, OpenIndiana, and napp-it How to install Napp-it on OI Hipster 2019.10 GUI + Must I really reset root password after install? Monday at 3:07 PM
Solaris, Nexenta, OpenIndiana, and napp-it Napp-It not scaling well ... - revisited ;) Nov 20, 2019

Share This Page