Samba file servers are a popular option for cost-effective, on-premises storage. IT administrators can create these file servers with the open-source Samba platform or purchase them as NAS (network attached storage) appliances. They have various options to establish LDAP authentication to these servers for their users, some of which require less configuration or on-premises hardware than others. In this post, we’ll explore on-prem LDAP deployments, as well as cloud LDAP alternatives, to authenticate your users to your Samba file servers.
Why Samba File Server
Although segments of the IT market have moved to the cloud — and cloud storage options are available — admins still use Samba file servers and NAS systems on-prem. They might do so because they hope to experience better performance and lower internet bandwidth usage, control their data on-prem, or meet data retention or regulatory requirements. Samba file servers can also be a cost-effective option for data storage.
Configure Linux Samba File Server with Active Directory
As you establish a Linux® Samba file server, you’ll want to consider how to ensure secure user access to it. The most straightforward way is to integrate that server with your organization’s core identity provider, rather than setting up a separate user management system for file access.
If your organization uses Active Directory® as its identity provider, you can establish the Samba file server as a domain member (not domain controller) to authenticate users via manual configuration with your DNS servers. Detailed instructions are available on the Samba Wiki site. If you’re considering using an OpenLDAP backend, Ubuntu notes in documentation that you should instead integrate Samba with its own LDAP server in AD mode.
However, before taking either of these steps, it’s worth considering holistically whether LDAP authentication for your other resources (like legacy apps) is secure and functioning as expected and whether you want to take the steps necessary to establish additional on-prem infrastructure.
Instead of routing Samba file server or NAS appliance authentication through AD or another complex server deployment, you can also consider cloud LDAP alternatives, (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Jon Griffin. Read the original post at: https://jumpcloud.com/blog/ldap-authentication-samba-file-servers