Hi everyone,
I have got a NAS running Centos 7 where I want to enable all UCS domain users to access their private spaces via Samba and SFTP (proftpd) by being authenticated against the UCS DC.
To my knowledge I got basically 3 options to achieve that:
- Using winbind to join the UCS domain as a member
- Using sssd to join the UCS domain as a member.
- Using ldap via ldap.pam or individually configured for each service.
[1]:
I tried that first with the result of having samba shares working nicely on Linux and Windows machines. However, SFTP using proftpd was not able to authenticate successfully.
[2]:
Using that solution SFTP works nicely, access to Samba shares from Windows machines works as well however from Linux or Andriod machines I get an permission denied. After some research I found out that in order to have the access working one needs to retrieve a valid kerberos ticket with kinit before mounting.
[3]:
Haven’t tried that, yet.
Question:
What is the preferred variant to authenticate against UCS in this scenario ?
Thx