Solved Allowing FTP for Active Directory users

pteros · May 31, 2023

Hello All!

I'm trying to set up a FreeBSD 13.1 server in order to allow my MS-Windows domain user to access their homes on the server using ftp. I've set up the samba suite 4.16 (the last I have on my platform, a PPC64) and I can see users via getent passwd (and groups via getent group), I can authenticate active directory users via wbinfo -a [I]user%password[/I]. If I send an e-mail to a domain user, postfix creates the home directory on the fly just fine. Now I wish to give to the user the ability to transfer files to its home using AD credentials. I've seen that theftpd server from base has no mention of users outside the machine (I tried anyway with no success). Which ftp server may I use? vsftpd? pure-ftpd? Anything else?
Any hints will be greatly appreciated...

Luciano.

covacat · May 31, 2023

ftpd does pam iirc so should work
but why ftp ? why not smb ?

pteros · Jun 2, 2023

Well, they are using legacy software that relies on ftp.

pteros · Jun 6, 2023

Works!
Using ftpd from base with this /etc/pam.d/ftp file (and running pkg install pam_mkhomedir):

#
# $FreeBSD$
#
# PAM configuration for the "ftpd" service
#

# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn
#auth sufficient pam_ssh.so no_warn try_first_pass
auth sufficient pam_winbind.so cached_login
auth required pam_unix.so no_warn try_first_pass

# account
account required pam_nologin.so
#account required pam_krb5.so
account sufficient pam_winbind.so
account required pam_unix.so

# password
password sufficient pam_winbind.so no_warn try_first_pass debug
password required pam_unix.so use_authtok

# session
session optional pam_mkhomedir.so

Solved Allowing FTP for Active Directory users

pteros

covacat

pteros

pteros