By Vince Lujan Posted June 2, 2018
User access management for Samba file servers and NAS devices is one of many identity management challengesfacing modern IT organizations. The popularity of these network-attached storage devices has grown significantly in recent years. And, considering they can store an organization’s critical files and data, IT needs the ability to manage user access to these storage solutions effectively.
What are Samba File Servers and NAS Appliances?
According to samba.org, Samba is an open-source derivative of the SMB/CIFS protocol. Introduced in 1992, Samba was originally designed to effectively enable a Microsoft® Windows® system to communicate and share information with a Linux®-based Samba file server. NAS devices that leverage Samba generally serve as cost-effective alternatives for file sharing and print services. They are quite popular, and there are a variety of NAS vendors to choose from, such as Synology®, QNAP®, and FreeNAS™ – all of which have created Samba-based storage solutions.
How Do Most Organizations Manage Storage Solutions?
As an on-prem storage solution, IT organizations have historically integrated Samba-based, network-attached storage devices with their on-prem identity management infrastructure. This enabled IT admins to administer user access to Samba file servers and NAS appliances with a core identity provider (IdP), usually Microsoft Active Directory® (AD). While this approach worked well, the trouble with leveraging AD as a core identity provider is that organizations are often locked into on-prem, Windows-centric IT environments, and modern networks just don’t work like that anymore. With Mac® and Linux® systems, web and on-prem applications leveraging SAML and LDAP, Samba file servers and NAS appliances, cloud infrastructure at AWS® and GCP™, and more, modern networks have never been more complex and diverse. AD struggles to manage all of these popular IT resources without the help of third-party add-ons. So, while integrating Samba file servers and NAS appliances into Active Directory environments is possible, the overall identity management infrastructure is limited with this approach.
A New Approach to Identity Management
Fortunately, a next generation cloud directory has emerged that has taken a holistic approach to managing modern networks. It’s called JumpCloud® Directory-as-a-Service®, and it can securely manage and connect users to virtually any IT resource from the cloud. This includes Samba file servers and NAS appliances, which can be administered from one centralized location that doesn’t require AD on-prem. In fact, the JumpCloud platform enables IT organizations to shift their entire on-prem identity management infrastructure to the cloud. So, how does user access management for Samba file servers and NAS appliances work with Directory-as-a-Service?
The JumpCloud LDAP authentication to Samba file servers and NAS appliances leverages the client/server model. In this scenario, the client is generally the user’s workstation, and the server is, of course, the Samba file server or NAS device. As the user attempts to access the network-attached storage device, they are challenged to provide the username and password that is associated with their core JumpCloud identity. Upon submission, the client sends an SMB authentication request to the Samba file server or NAS device, which has been configured to defer authentication to the JumpCloud LDAP endpoint. The JumpCloud LDAP endpoint acts as the source of truth for user identities, which includes Samba-based attributes that are required for Samba access. Essentially, if the credentials submitted by the user are authenticated via LDAP, the user identity is decorated with the necessary Samba-based attributes required for access to the storage device. The JumpCloud LDAP endpoint then returns an LDAP authorization data response to the Samba file server, which then sends an SMB authorization response to the client, thus enabling user access to the storage device.
Learn More about User Access Management for Storage Devices
User access management for Samba file servers and NAS appliances is a core use case of the JumpCloud Directory-as-a-Service platform. Check out the following whiteboard presentation for more information about this particular use case. You can also sign up for a free account or schedule a demo to see these capabilities in action. In fact, we offer 10 free users to help you explore all of the use cases of the JumpCloud platform before you pay anything. Don’t hesitate to contact the JumpCloud team if you have any questions.