FTP on AWS Cloud using AWS S3

File Transfer is the most important task when you do any business within your multiple offices or with the client or vendors. There are many ways and means to do the File/data transfer across the each other. But all you need is the security and the convenience of the data transfer. The convenient way to do the File/Data transfer is to configure the in-premises FTP server and share the credentials with vendor or Client to upload or download the data. There are many drawbacks in this old methodology, but it is the simplest solution available. Many companies are using the Google Drive, Dropbox, and other online services to move the data, but the paying huge money for such services too. The options to avail the service from Dropbox enterprise or Google Drive enterprise is fixed space with the fixed price. The more you need, the more you need to pay for fixed size. This becomes cumbersome when it reaches the limit of the data storage. Instead of using such paid service, if we use
0

Adding Ubuntu as Member File (Samba) Server to Samba 4 ADS

The Samba 4 ADS is really a cool tool to replace the Windows Active Directory. Since last 2 years Samba shared the stable version of Samba 4 to public which gives power to use as authentication server.



Today's topic is about creating new Samba File server and adding to Samba 4 ADS as Member (for authentication)

*Considering you have already running Samba 4 Directory Server in network.

Install the Ubuntu (here I have used Ubuntu 14.04 LTS version)

Update the newly install Ubuntu

$ sudo apt-get update

Install the packages to make the server as a Member server to Samba 4 ADS in network.

$ sudo apt-get install samba samba-doc samba-testsuite winbind libnss-winbind

This will install the most required packages (including Samba 4)

Install the ACL on server

$ sudo apt-get install acl

Configure the DNS

Go to vi /etc/resolv.conf and add your local DNS (Samba 4 ADS if DNS is built in for Samba4 server)

Add below entry in Samba Global file, smb.conf

$ sudo vi /etc/samba/smb.conf

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
        netbios name = $SAMBA SERVER NAME$
        workgroup = $DOMAIN NETBIOS NAME$
        security = ADS
        realm = $FQDN$
        encrypt passwords = yes
        idmap config *:backend = tdb
        idmap config *:range = 70001-80000
        idmap config $DOMAIN NETBIOS NAME$:backend = ad
        idmap config $DOMAIN NETBIOS NAME$:schema_mode = rfc2307
        idmap config $DOMAIN NETBIOS NAME$:range = 3000000-4000000
#Winbind onfiguration
       winbind nss info = rfc2307
       winbind trusted domains only = no
       winbind use default domain = yes
       winbind enum users = yes
       winbind enum groups = yes

       map acl inherit = Yes
       store dos attributes = Yes

Remove/comment out the rest Samba file configuration.

Save and exit the file

Edit nsswitch.conf and add winbind settings

$ sudo vi /etc/nsswitch.conf

passwd:         compat winbind
group:          compat winbind

Restart the samba and winbind services

$ sudo service smbd restart
$ sudo service winbind restart

If everything work without any error please join the server to Samba 4 ADS as member server.

$ sudo net ads join -Uadministrator

This will prompt the Domain Administrator Password for your domain and connect to domain.

In case of any issue check the vi /var/log/syslog for troubleshoot. Do not go to next step unless you connect to ADS as member server.
Please verify the Samba Configuration file again for realm and domain name.

Create a Folder to share with clients

Edit the Samba Configuration file

$ sudo vi /etc/samba/smb.conf

[$SHARE FOLDER NAME$]
        comment = $Folder name
        path =$ /PATH/TO/THE/FOLDER
        browsable=yes
        printable=no
        writable = yes
        public=yes
        force group = $GROUP NAME
        force create mode= 0770
        force directory mode = 0770
        create mask = 0770
        directory mask = 0770


Create multiple share folder as required and save the file

Create a local user with same name of your Samba 4 ADS. 
E.g. Samba 4 ADS has the user by user.name, Create a same format user on Samba local server

$ sudo useradd 'user.name'

Create a group name for each folder and add the newly created user to that group, as per the desire access to that user.

Edit /etc/group file to add the users.

$ sudo vi /etc/group

Verify the users permissions

$ sudo id user.name

This will provide the all user information.

Restart the Samba and Winbind to access the file server on network.

$ sudo service smbd restart
$ sudo service winbind restart

Enjoy the file share server in Samba4 ADS network.











Comments

Post a Comment