Updated on July 9, 2020
Samba file servers are a popular option for cost-effective, on-premises storage. IT administrators can create these file servers with the open-source Samba platform or purchase them as NAS (network attached storage) appliances. They have various options to establish LDAP authentication to these servers for their users, some of which require less configuration or on-premises hardware than others. In this post, we’ll explore on-prem LDAP deployments, as well as cloud LDAP alternatives, to authenticate your users to your Samba file servers.
Why Samba File Server
Although segments of the IT market have moved to the cloud — and cloud storage options are available — admins still use Samba file servers and NAS systems on-prem. They might do so because they hope to experience better performance and lower internet bandwidth usage, control their data on-prem, or meet data retention or regulatory requirements. Samba file servers can also be a cost-effective option for data storage.
Configure Linux Samba File Server with Active Directory
As you establish a Linux® Samba file server, you’ll want to consider how to ensure secure user access to it. The most straightforward way is to integrate that server with your organization’s core identity provider, rather than setting up a separate user management system for file access.
If your organization uses Active Directory® as its identity provider, you can establish the Samba file server as a domain member (not domain controller) to authenticate users via manual configuration with your DNS servers. Detailed instructions are available on the Samba Wiki site. If you’re considering using an OpenLDAP backend, Ubuntu notes in documentation that you should instead integrate Samba with its own LDAP server in AD mode.
However, before taking either of these steps, it’s worth considering holistically whether LDAP authentication for your other resources (like legacy apps) is secure and functioning as expected and whether you want to take the steps necessary to establish additional on-prem infrastructure.
Instead of routing Samba file server or NAS appliance authentication through AD or another complex server deployment, you can also consider cloud LDAP alternatives, which give you the same functionality without the same upfront implementation or ongoing maintenance requirements. Cloud LDAP alternatives can also help you to address other areas of your infrastructure, such as legacy application configurations still using clear text LDAP.
Streamlined Cloud LDAP Authentication for Samba File Servers
Emerging platforms offer LDAP delivered as-a-Service, and you can point your Samba file servers and other resources that require a backing LDAP directory at those managed endpoints instead of establishing your own.
JumpCloud®, a full-suite cloud directory service, gives you the tools you need for access control and device management, including cloud LDAP. JumpCloud can either serve as a standalone directory in the cloud or as a comprehensive AD identity bridge. In either case, you can point your Samba file servers at JumpCloud’s LDAP endpoint and ensure users enter their core credentials for access.
You can use JumpCloud to ensure that users also enter the same core credentials to log into their systems Windows®, Mac®, or Linux, web and on-prem applications, and RADIUS networks. JumpCloud also offers avenues for you to manage a VPN from the cloud to enable remote users to access on-prem resources, including Samba file servers and NAS appliances (such as those by QNAP, Synology, or FreeNAS).
Learn More about LDAP-as-a-Service
Cloud LDAP is easy to set up and eliminates the heavy lifting of additional on-prem solutions. Click here to learn more about low maintenance, high availability LDAP-as-a-Service.
Alternatively, take a look at this whiteboard video featuring our Chief Technology Officer, Greg Keller, as he walks you through the process with JumpCloud: