FTP with AD user integration

I currently have a unused server that i'd like to throw ubuntu on and move our FTP to it inorder to seperate it from our other boxes that are running windows 2003 and 2008. All this is running on a Win 2003 Domain.

Does anybody have any idea on what I could use on Ubuntu or possibly another distro to run FTP and integrate / authenticate the users from AD?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Jordus

You could accomplish this with IIS on a windows server.

Don't know what youd do with linux to get it to work.

Slowhand

You're going to have to get creative with LDAP and/or WinBIND.

rwwest7

I'd scrap Ubuntu and load Server 2003 and call it a day.

qwertyiop

rwwest7 wrote: »

I'd scrap Ubuntu and load Server 2003 and call it a day.

Thats what I'd do but I work for a small company and we dont have any spare licences and I really cant stand having FTP on a DC.

The person that originally setup our network really sucked, we dont even have a DMZ so if a person happens crack a password there on the network.

blargoe

I turned up a bunch of results when I googled "linux ftp active directory". Getting your linux server to authenticate Active Directory users would be the first and hardest step. Then just throw FTP on top of it. I've never done that before but it ought to work.

qwertyiop

blargoe wrote: »

I turned up a bunch of results when I googled "linux ftp active directory". Getting your linux server to authenticate Active Directory users would be the first and hardest step. Then just throw FTP on top of it. I've never done that before but it ought to work.

I'll have to give it a try. I can get the user logon to Authenticate onto the Domain I juft dont know if that AD authentication stretches to the FTP.

Jagged

Don't forget that with AD-integrated FTP the user's domain passwords are sent over the wire in the open. In my setups I would only authorize limited accounts to the FTP server. Remove them from Domain Users and give them just enough rights to use the server.

qwertyiop

Jagged wrote: »

Don't forget that with AD-integrated FTP the user's domain passwords are sent over the wire in the open. In my setups I would only authorize limited accounts to the FTP server. Remove them from Domain Users and give them just enough rights to use the server.

I know, I have specific FTP accounts for each of my sites.

rwwest7

Might want to also research a product called Serv-U file server. You could load it up on your DC, and the program has lots of ways to lock down access. You can even force people to use sftp or https to transfer files.