By Jon Griffin Posted October 13, 2017
Many IT organizations are leveraging Samba-based file servers in the form of native Samba servers and, more commonly, NAS storage devices (network attached storage). Samba file servers and NAS devices are popular because of their cost-effectiveness, simplicity, and for their ability to store and transfer large files on-prem. Those benefits are also enhanced by enabling these storage devices to be authenticated against corporate directories like LDAP servers, ensuring that a user’s directory credentials are used as opposed to local credentials on the Samba server.
History of Samba
Samba was created to be a bridge between Windows systems and Linux/Unix devices. The goal for Samba was to enable Windows and Mac devices to be able to access storage systems that were based on Linux platforms and the Samba file server. This process was enabled through LDAP support of the Samba schema, along with the additional data provided by LDAP that was required for an authentication to occur on a Samba server. This, specifically, was to support the SMB/CIFS authentication request, which most commonly came from a Windows client attempting to access assets on the Linux Samba file server.
Samba can operate as its own authentication and authorization platform, but it also has the ability to support existing identity providers such as Microsoft Active Directory® and OpenLDAP™. In this context, it is ideal for many organizations to leverage cost-effective NAS systems while authenticating access to those files from the core directory service.
As long as high-bandwidth files and data need to be stored on-prem for accessibility, NAS devices and Samba file servers will continue to be a core part of the IT network. While cloud storage systems are becoming more popular, they still don’t work well enough with significant file sizes due to bandwidth issues. As IT admins add these types of storage systems, the goal is for them to integrate tightly with existing identity management and authentication systems.
Many organizations are interested in leveraging an LDAP-based system for authentication into those files. There are a number of challenges with this approach though, including the fact that IT organizations are forced to deploy, configure, and manage their own LDAP systems. Connecting Samba file servers to OpenLDAP can be challenging, and requires a fair amount of configuration and setup. Samba-based file servers require an additional set of LDAP attributes, and additional schema files in order to connect. All of this requires a significant amount of expertise and additional work for IT admins. That, of course, doesn’t even include the requirements around high availability of the OpenLDAP servers, security over the entire LDAP Samba system, and ongoing maintenance and management of the setup.
LDAP Samba Support via the Cloud
A new cloud identity management platform called Directory-as-a-Service® is enabling seamless support for LDAP and Samba file servers, including NAS systems such as Synology, QNAP, and FreeNAS. This core identity provider includes deep LDAP support with the additional extensions and attributes required to support the Samba schema. Users are simply added to the cloud directory service and then federated to LDAP. A setting enables support for LDAP authentication of Samba file servers. Users simply login to their Windows or macOS device and then browse to their NAS file server where their access is authenticated again. Authentication is handled via the same password as their device and without additional on-prem systems required. There is no need for a separate OpenLDAP server or any other authentication system on-prem. The NAS device just needs to point to the cloud LDAP server for authentication services.
If you would like to learn more about LDAP Samba support, drop us a note. We would be happy to answer any questions on authenticating to Samba through cloud LDAP. Alternatively, feel free to try our cloud LDAP platform for yourself and enable support for your NAS devices. Your first 10 users are free forever – no credit card required.