Start a new topic
Answered

Active Directory LDAP plus Connect to Users Network Home Drive

Hello,


I am trying to set up CrushFTP to do something fairly straight forward, however I am having some challenges finding that straight line.


The end goal is to have users in a Active Directory group be able to log in with their AD credentials and be connected to their network home directory by default.


I am able to get the users logged in with AD/LDAP successfully. If I use a local drive path for the "LDAP home directory" in the plugin it works as expected. If I enter any network path (ideally DFS) nothing shows up.


Any assistance on the best way to set this up, limitations, and troubleshooting (advanced logging) would be appreciated.


Thanks,

Tim


Best Answer

Service cannot see network drives.  They can however see UNC paths if they are running as a network user.  So under in a full UNC location on the left side in the User Manager.  Example:


\\server\share\


CrushFTP will then convert that into URL type syntax and give you the listing.


Thanks,

Ben


CrushFTP can only access a network location if the service running crush is running under a domain admin that can access all t he UNC paths referenced.  So is that he case where the user running CrushFTP is a user who can access any for he UNC paths referenced for the homeDirectory?

Thanks Ben. I created a service account and group for CrushFTP. I had to log into the server as that user and install the service to enable it to run under the service account, I could not simply change the credentials for the service as it would not start up.

I was able to get a directory listing working with a DFS path even, so far so good. Unfortunately most of our users home directories are locked down so the lack of pass-through credentials means we will have to adjust our home drive security.

The other doe of operation is the LDAP user has the template username, which is "default" by default.  Make it something like "ldap_default" and duplicate the existing default user to be that name.  Now add a VFS item in it that points to a remote SMB location...


SMB://{username}:{password}@smbservername/share/{username}/


Something along those lines...those variables are filled in at login time, and that way pass through authentication is occurring.


Thanks,

Ben

Hi,

I have a problem when put the CrushFTP a service mode, not view the network unit connections.
The service start with domain administrator session. where is the problem?

 

Answer

Service cannot see network drives.  They can however see UNC paths if they are running as a network user.  So under in a full UNC location on the left side in the User Manager.  Example:


\\server\share\


CrushFTP will then convert that into URL type syntax and give you the listing.


Thanks,

Ben

Ok, Thanks

 

Login to post a comment