A core part of any identity management strategy is connecting users to the IT resources that they need. This role can include both physical and virtual file storage systems. A couple of common methods that we see for file storage systems are Samba file servers and NAS (network attached storage) appliances, which are based on Samba. For organizations who employ these methods, it is critical that their identity management solution includes the function of Samba file server support.
Authenticating File Servers
NAS appliances based on the Samba file server, including Synology, FreeNAS, and QNAP, among others, are more popular than ever. Significant amounts of storage can be hosted on-prem without a great deal of space or cost. A key for IT admins is being able to take that easy storage option and integrate it into the IT infrastructure – more specifically, into the identity management infrastructure.
As IT organizations expand to new methods of providing file server support for both their on-prem and cloud servers, secure authentication to Samba-based file servers becomes an important part of the identity management approach. The ideal method for authentication is to employ a single identity for each user to authenticate with. Then, enabling this core user identity across the entire IT infrastructure grants the user access to all of the files and data that they would need to access. This is both efficient and secure for IT and end users. However, this task can be a pain with Samba and NAS file storage servers.
LDAP authentication to backend the NAS appliance is a popular option and, of course, the on-prem legacy directory service Microsoft Active Directory® can be utilized as well. Alternatively, Samba can be its own domain controller to control authentication. Unfortunately, all of these options can be painful for IT admins that are looking to move to the cloud and SaaS-based services. Managing hardware, software, and the maintenance of a highly available system can be a struggle that requires a great deal of time and effort expended by IT admins.
Samba File Server Support
The good news is that there is a new cloud identity management platform that natively supports Samba file server authentication. All that IT admins need to do to set up authentication is simply point their NAS appliances or Samba file servers to the cloud identity management service. The authentication path happens via the LDAP protocol, but there is no OpenLDAP server required on-prem. Instead, the NAS appliance is pointed to a cloud LDAP solution that supports the Samba attributes required from LDAP. Users are added to the cloud directory service, and enabled to access the Samba file servers according to the specific Groups assigned to securely access them.
The end user experience is seamless as well. On Windows, Mac, or Linux machines, end users access their stored files through mapped drives. These users are then prompted for their credentials, which are the same credentials which are used to access their machine, applications, networks, and other IT resources.
Move Your Samba File Server Support to the Cloud
A core identity management platform connects users to the IT resources they need including systems (Mac, Windows, Linux), legacy and web based applications (through SAML and LDAP), storage (on-prem or in the cloud), and networks (wired and WiFi via RADIUS). The identity management function for Samba file server support is a key step in centralizing an identity to access key resources, which in this case means file storage.
If you would like to explore how you can connect your Samba file servers and NAS appliances to your cloud identity management solution, we invite you to read our support documentation on enabling Samba with JumpCloud LDAP. You may also reach out to us directly with any specific questions you have about this functionality. Alternatively, give our identity management solution, Directory-as-a-Service, a try and integrate Samba file server access. Your first 10 users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Jon Griffin. Read the original post at: JumpCloud