FTP with AD user integration

qwertyiopqwertyiop Member Posts: 725 ■■■□□□□□□□
I currently have a unused server that i'd like to throw ubuntu on and move our FTP to it inorder to seperate it from our other boxes that are running windows 2003 and 2008. All this is running on a Win 2003 Domain.

Does anybody have any idea on what I could use on Ubuntu or possibly another distro to run FTP and integrate / authenticate the users from AD?

Comments

  • JordusJordus Banned Posts: 336
    You could accomplish this with IIS on a windows server.

    Don't know what youd do with linux to get it to work.
  • SlowhandSlowhand MCSE: Cloud Platform and Infrastructure, MCSA: Windows Server 2003/2012/2016, CCNA Routing & Switchi Bay Area, CaliforniaMod Posts: 5,161 Mod
    You're going to have to get creative with LDAP and/or WinBIND.

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • rwwest7rwwest7 Member Posts: 300
    I'd scrap Ubuntu and load Server 2003 and call it a day.
  • qwertyiopqwertyiop Member Posts: 725 ■■■□□□□□□□
    rwwest7 wrote: »
    I'd scrap Ubuntu and load Server 2003 and call it a day.


    Thats what I'd do but I work for a small company and we dont have any spare licences and I really cant stand having FTP on a DC.

    The person that originally setup our network really sucked, we dont even have a DMZ so if a person happens crack a password there on the network.
  • blargoeblargoe Self-Described Huguenot NC, USAMember Posts: 4,174 ■■■■■■■■■□
    I turned up a bunch of results when I googled "linux ftp active directory". Getting your linux server to authenticate Active Directory users would be the first and hardest step. Then just throw FTP on top of it. I've never done that before but it ought to work.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • qwertyiopqwertyiop Member Posts: 725 ■■■□□□□□□□
    blargoe wrote: »
    I turned up a bunch of results when I googled "linux ftp active directory". Getting your linux server to authenticate Active Directory users would be the first and hardest step. Then just throw FTP on top of it. I've never done that before but it ought to work.

    I'll have to give it a try. I can get the user logon to Authenticate onto the Domain I juft dont know if that AD authentication stretches to the FTP.
  • JaggedJagged Member Posts: 67 ■■□□□□□□□□
    Don't forget that with AD-integrated FTP the user's domain passwords are sent over the wire in the open. In my setups I would only authorize limited accounts to the FTP server. Remove them from Domain Users and give them just enough rights to use the server.
    Microsoft: MCSE 4, MCSE 2003 +Security, MSCA 2003 Messaging, MCITP:SA -- Cisco: CCNA
    Novell: CNE 3-6, CLA, CLP, CLE -- Nortel: NCDS, NCSS -- CompTIA: Project+, Server+, Linux+, Security+

    Courses Completed at WGU:
    EWB2, BBC1, LAE1, WFV1, SSC1, CLC1, WDV1, MGC1, ORC1, INC1, IWC1
    Courses Required BS - IT: NETW:
    LAT1, LUT1, INT1, SST1, LET1, IWT1, BOV1, TWA1, CPW2
    Classes Transferred:
    BAC1, TEV1, TTV1, QLC1, QMC1, QLT1, TSV1, TPV1, TNV1, BRV1, ABV1, AHV1, AIV1, AJV1
  • qwertyiopqwertyiop Member Posts: 725 ■■■□□□□□□□
    Jagged wrote: »
    Don't forget that with AD-integrated FTP the user's domain passwords are sent over the wire in the open. In my setups I would only authorize limited accounts to the FTP server. Remove them from Domain Users and give them just enough rights to use the server.


    I know, I have specific FTP accounts for each of my sites.
  • rwwest7rwwest7 Member Posts: 300
    Might want to also research a product called Serv-U file server. You could load it up on your DC, and the program has lots of ways to lock down access. You can even force people to use sftp or https to transfer files.
Sign In or Register to comment.