Difference between revisions of "Authentication Integration for Windows"

From ProVide DocWiki
Jump to: navigation, search
(Created page with "This allows ProVide to authenticate users with a Windows SAM / Domain / Server / Active Directory making user management a breeze. In fact, a part from these few selected e...")
 
Line 35: Line 35:
  
 
Or you can use the special tokens %AD_HOMEDIR%, %AD_COMMENT%, and %AD_SCRIPT% to access corresponding setup from your Active Directory for the current logged on user.
 
Or you can use the special tokens %AD_HOMEDIR%, %AD_COMMENT%, and %AD_SCRIPT% to access corresponding setup from your Active Directory for the current logged on user.
 +
 +
== Enforce special restrictions on a user ==
 +
The Windows-user "Alan" has access to very business-critical documents. If "Alan" is going to use FTP we must enforce him to use secure connections to make sure the documents are not intercepted during transmission.
 +
 +
#The user "Alan" already exist in Windows
 +
#Create a user called "Alan" in ProVide and specify this account to "Use Windows permissions".
 +
#Specify which service(s) should be allowed on the tab "Security".
 +
 +
[[File:aiw-enforce1.png]]
 +
 +
== Apply general FTP settings to a complete Windows-group ==
 +
The existing Active Directory has been thoroughly setup with groups assigned to users as applicable. Among these groups there is a group "Economy" that has to have access to certain documents.
 +
 +
#Create a group called "Economy" in ProVide.
 +
#Integrate this group with Windows by checking the "Integrate with Windows group".
 +
#Add resources as necessary, effectively making Windows-users logging in having access to all these files.
 +
 +
[[File:aiw-groups1.png]]

Revision as of 14:58, 24 March 2014

This allows ProVide to authenticate users with a Windows SAM / Domain / Server / Active Directory making user management a breeze. In fact, a part from these few selected examples, for starters, this feature has awesome power waiting to get harnessed...

Overview

The following authentication methods are included:

  • Using an Active Directory / Domain
  • Using a Windows Server (Local or Remote)^

Additions to the Account management: With this extension, accounts in ProVide can be connected to Windows accounts. If applied to users, it specifies certain account settings like login limits, bandwidth management, and special home directory contents. If applied to groups, it specifies defaults to all users belonging to that Windows group, making management of thousands accounts a breeze.

Seamless authentication at login

Accounts and settings in ProVide always takes precedence and thus ProVide checks if the user...

  1. ...exist as a regular account in ProVide?
  2. ...exist as a Windows-connected account in ProVide?
  3. ...pass Windows authentication?

After aquiring the relevant user data a regular login-attempt to the ftp server is performed. This means that restrictions and security settings can be specified in ProVide on accounts (users and groups) that are connected to Windows-accounts and thus effectively enforce all these powerful features of ProVide onto the Windows-accounts trying to login to the FTP server.

Group management works transparently with Windows Integration

Group management with hierarchical structures and multiple group memberships still apply to both user- and group-accounts in ProVide while using Windows Integration. In the same way as ProVide accounts can me member of multiple groups, the integration with Windows has the same power: If a Windows-user is a member of several Windows-groups, that user will receive resources and security settings from all the Windows-integrated groups in ProVide, making for instance the home directory for users loggin in to the FTP server a composite of, for instance, "Management", "Economy", and personal data.

Actually, the power of this extension goes way beyond anything currently on the market for FTP servers. Despite all this power, it is still a very elegant and easy to use solution.

Enable all users to login through FTP

Once the general settings of ProVide is setup and the Windows server has been configured, there is basically just one thing to do: create a group-account that is integrated with Windows. Generally, the Windows-group "Users" is pre-installed and all new Windows-accounts are members of this group.

Step-by-step guide in ProVide

  1. Create a group called "Users".
  2. Integrate this account with Windows by checking the "Integrate with Windows group".
  3. Specify "Home Directory", "Restrictions", and "Security" as usual.

You might want to use the %USERNAME% token when defining the "Home Directory" to allow users to have their Windows directories as home directory in ProVide:

Aiw-users1.png

Or you can use the special tokens %AD_HOMEDIR%, %AD_COMMENT%, and %AD_SCRIPT% to access corresponding setup from your Active Directory for the current logged on user.

Enforce special restrictions on a user

The Windows-user "Alan" has access to very business-critical documents. If "Alan" is going to use FTP we must enforce him to use secure connections to make sure the documents are not intercepted during transmission.

  1. The user "Alan" already exist in Windows
  2. Create a user called "Alan" in ProVide and specify this account to "Use Windows permissions".
  3. Specify which service(s) should be allowed on the tab "Security".

Aiw-enforce1.png

Apply general FTP settings to a complete Windows-group

The existing Active Directory has been thoroughly setup with groups assigned to users as applicable. Among these groups there is a group "Economy" that has to have access to certain documents.

  1. Create a group called "Economy" in ProVide.
  2. Integrate this group with Windows by checking the "Integrate with Windows group".
  3. Add resources as necessary, effectively making Windows-users logging in having access to all these files.

Aiw-groups1.png