About Active Directory Integration
Cerberus FTP Server Professional and Enterprise editions are able to authenticate users on a Windows domain (or the local NT account database), even if the computer Cerberus FTP Server is installed on is not the domain controller. The domain may be an Active Directory domain, or the local system account database (use “.” as the domain for authenticating against local machine accounts). However, the machine Cerberus FTP Server is running on must be a member of the domain you wish to authenticate users against or be a member of a domain trusted by the domain you wish to authenticate against.
Configuring Cerberus to use Active Directory authentication simply requires enabling Active Directory authentication and telling the server the name of the domain to authenticate against. The rest of the configuration is automatic. Users are able to FTP into the server using the same username and password they use to log into their workstations on the domain. For the purpose of access to files and folders, the FTP user has the same access as the Active Directory user with the same name. All operations on the server by the user are carried out while impersonating the Active Directory user.
Important Security Consideration: There is an exception to impersonation for Active Directory authentication when using SFTP and Public Key only SSH authentication. The Active Directory user can still be authenticated with Public Key only authentication, but the Active Directory user cannot be impersonated. Only Password or Public Key and Password SSH authentication methods support AD user impersonation.
To allow Active Directory authentication, you will need add a domain on the AD Users page. Once added, Cerberus will attempt to authenticate users from the domain listed in the Domain edit box.
Comments
0 comments
Please sign in to leave a comment.