Authentication Integration for Windows

From ProVide DocWiki
Revision as of 14:29, 24 March 2014 by Viktor Gustavsson (talk | contribs) (Created page with "This allows ProVide to authenticate users with a Windows SAM / Domain / Server / Active Directory making user management a breeze. In fact, a part from these few selected e...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This allows ProVide to authenticate users with a Windows SAM / Domain / Server / Active Directory making user management a breeze. In fact, a part from these few selected examples, for starters, this feature has awesome power waiting to get harnessed...

Overview

The following authentication methods are included:

  • Using an Active Directory / Domain
  • Using a Windows Server (Local or Remote)^

Additions to the Account management: With this extension, accounts in ProVide can be connected to Windows accounts. If applied to users, it specifies certain account settings like login limits, bandwidth management, and special home directory contents. If applied to groups, it specifies defaults to all users belonging to that Windows group, making management of thousands accounts a breeze.

Seamless authentication at login

Accounts and settings in ProVide always takes precedence and thus ProVide checks if the user...

  1. ...exist as a regular account in ProVide?
  2. ...exist as a Windows-connected account in ProVide?
  3. ...pass Windows authentication?

After aquiring the relevant user data a regular login-attempt to the ftp server is performed. This means that restrictions and security settings can be specified in ProVide on accounts (users and groups) that are connected to Windows-accounts and thus effectively enforce all these powerful features of ProVide onto the Windows-accounts trying to login to the FTP server.

Group management works transparently with Windows Integration

Group management with hierarchical structures and multiple group memberships still apply to both user- and group-accounts in ProVide while using Windows Integration. In the same way as ProVide accounts can me member of multiple groups, the integration with Windows has the same power: If a Windows-user is a member of several Windows-groups, that user will receive resources and security settings from all the Windows-integrated groups in ProVide, making for instance the home directory for users loggin in to the FTP server a composite of, for instance, "Management", "Economy", and personal data.

Actually, the power of this extension goes way beyond anything currently on the market for FTP servers. Despite all this power, it is still a very elegant and easy to use solution.

Enable all users to login through FTP

Once the general settings of ProVide is setup and the Windows server has been configured, there is basically just one thing to do: create a group-account that is integrated with Windows. Generally, the Windows-group "Users" is pre-installed and all new Windows-accounts are members of this group.

Step-by-step guide in ProVide

  1. Create a group called "Users".
  2. Integrate this account with Windows by checking the "Integrate with Windows group".
  3. Specify "Home Directory", "Restrictions", and "Security" as usual.

You might want to use the %USERNAME% token when defining the "Home Directory" to allow users to have their Windows directories as home directory in ProVide:

Aiw-users1.png

Or you can use the special tokens %AD_HOMEDIR%, %AD_COMMENT%, and %AD_SCRIPT% to access corresponding setup from your Active Directory for the current logged on user.