FTP server with different features:–
1. first it should be integrated with AD server i.e exchange server.
2.anynomous user can access the server.
3.anynomous user can only able to upload the file and unable to veiw
other files or folder except /incomming dir.
4.AD account user can able to see all the content of the file i.e /incomming
and /outgoing.
below is the /etc/vsftpd/vsftpd.conf settings
===============================================
[root@Anonymoustest ~]# cat /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
anon_upload_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
local_root=/outgoing
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
user_config_dir=/etc/vsftpd/users
chown_upload_mode=0664
anon_umask=002
before setting these things please make sure the server should integreted with AD severs.
and AD user should able to login the server with credentials.
command to join the server with AD server is below:
======================================================
#net ads join -U adm-username -S
for Remove
#net ads leave -u adm-username or #kdestroy
below is the some setting of some related files
=====================================================
[root@Anonymoustest ~]# cat /etc/sssd/sssd.conf
[domain/default]
cache_credentials = True
debug_level = 9
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = novelis.biz
debug_level = 9
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
debug_level = 9
[pam]
reconnection_retries = 3
debug_level = 9
[domain/example.biz/com]
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
ldap_id_mapping = True
ad_server =
ad_hostname = Anonymoustest$
ad_domain =
debug_level = 9
ldap_schema = ad
ldap_user_principal = nosuchattributes
restart the service
#/etc/init.d/sssd restart
======================================================
[root@Anonymoustest ~]# cat /etc/vsftpd/chroot_list
ftp
=======================================================
[root@Anonymoustest ~]# cat /etc/samba/smb.conf
[global]
workgroup = NOVELIS
realm = NOVELIS.BIZ
security = ads
idmap uid = 2000001-2119999
idmap gid = 2000001-2119999
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
kerberos method = secrets and keytab
allow trusted domains = no
log level = winbind:10
server string = Samba Server Version %v
passdb backend = tdbsam
password server = 10.90.16.66
=========================================================
[root@Anonymoustest ~]# cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry ‘[NOTFOUND=return]’ means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the “db” in front of “files” for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files sss
shadow: files sss
group: files sss
#hosts: db files nisplus nis dns
hosts: files dns
# Example – obey only what nisplus tells us…
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss
publickey: nisplus
automount: files ldap
aliases: files nisplus
===========================================================
By: Bibhuti Bhusan.
MyBlog 
Leave a comment