Samba File Server and NAS Authentication

JumpCloud centralizes an employee’s identity to provide secure access to all of the IT resources they need, including systems, networks, applications, and data storage, whether on-prem or in the cloud. In many organizations, this also means access to critical Samba file servers or NAS appliances such as Synology or QNAP where digital assets are stored. These servers, like any employee resource, require governance by their centralized identity and access management solution: JumpCloud’s Directory-as-a-Service®.  

JumpCloud supports the secure authentication to file resources on Samba servers and storage devices. Linux Samba servers, or commercially available NAS appliances built on Samba, are simply configured to authenticate against JumpCloud’s LDAP authentication endpoint, and JumpCloud will provide the secure authentication to the Samba file shares to either allow or deny the user’s access. JumpCloud provides support at the Group level for discrete authorization to specific employees.

LDAP Authentication

Your Samba file server or NAS will be configured to defer its authentication to JumpCloud’s LDAP service endpoint. JumpCloud will maintain a secure, LDAPS or TLS connection to ensure maximum protection during authentication data in transit.

SMB/CIFS Security

On-premise file sharing was built at a time when all resources existed within, and were protected by, the corporate firewall. Less than adequate security measures such as Windows NT passwords with the MD4 hashing algorithm applied still sit at the basis of file sharing authentication exchanges. Now that the cloud has stretched the definition of the ‘perimeter’, JumpCloud has laid in place numerous means to deeply secure these authentication exchanges to protect you and your data.

  • LDAPS StartTLS support – JumpCloud LDAP can only be utilized when secure LDAPS or LDAP:389 with StartTLS is active.
  • Samba binding service account – Only specific LDAP binding users will have the capability to search the LDAP tree for users who will authenticate via SMB/CIFS to Samba file servers.
  • Group-based Access – JumpCloud admins will leverage Groups of Users to limit the access to Samba file servers users may access.

From a user experience perspective, JumpCloud provides a completely native experience for the user on their host operating system. Users are challenged to provide their JumpCloud credentials at the point of accessing drives mapped to file servers directly from their Windows, Mac, or Linux systems. JumpCloud orchestrates all of the authentication and authorization between the Samba server, JumpCloud’s LDAP service, and finally the user’s system in the background.

samba file servers diagramFeatures

  • Support for Linux Samba enabled file servers or commercial NAS appliances.
  • TLS/SSL LDAP authentication security.
  • Domain and SID configuration support.
  • Secure Samba Service LDAP binding accounts.
  • Group-based authorization to Samba file servers.

Benefits

  • Incorporate your on-premise or virtualized file servers into your overall centralized identity and access management strategy with JumpCloud.
  • Deep security to protect on-premise file servers during cloud-based LDAP authentication
  • Enable and control user access to personal data and home directories on file shares from macOS, Windows, or Linux systems.
  • Bind Samba enabled file server appliances such as Synology, QNAP, or any other stand-alone Linux Samba server with JumpCloud’s LDAP authentication endpoint.
  • Simple set up of group-based access controls to provide discrete file share access to specific groups of employees.

Screenshots:

10 users free forever.

Start typing and press Enter to search