Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > User login with Active Directory authentication

User login with Active Directory authentication

Updated April 12, 2017

Overview

This article provides different steps to configure Serv-U MFT integration with Windows AD.  Serv-U Managed File Transfer (MFT) Server can integrate with Windows Active Directory (AD).

This enables Active Directory authentication for user login, instead of authenticating against regular Serv-U user credentials, or those stored in a Database.

Environment

All Serv-U versions

Steps

AD authentication for user login

Note: Serv-U MFT Server must be installed on a server that is a member of the Windows domain.

  1. Click Users.
  2. Click the Windows Authentication tab.
  3. Select Enable Windows authentication.

Home directory

Serv-U uses the home directory of the client's Windows account. It is possible not to have any home directories associated with the Windows user account.

  1. Select Use Windows User Group home directory instead of account home directory.
  2. Enter a Windows Domain name, and then click Save.

Windows account credentials 

Windows account credentials are sufficient when an Active Directory user logs in to Serv-U.

If the user is already logged in to their Windows account, these credentials are sent to Serv-U for authentication.

You can configure all Windows users in a group, instead of configuring individual user accounts. Same settings are assumed by all the members of the group. You can change IP access, rules, limitations, and more.

 

Windows and Active Directory user accounts do not require any directory access rules to be configured. This is because Serv-U applies the New Technology File System (NTFS) permissions of the user accounts.

Windows Groups utilizes NTFS permissions, but configuration is only at the Organizational Unit and does not connect to Security Groups.

Find more than one LDAP server

You can find more than one LDAP server if you need Serv-U to perform a backup of the server. This is in the event that the primary LDAP server is down, or if you need Serv-U to try LDAP credentials against multiple servers.

Home directories and permissions are manually configured and overwritten in the Windows User Group configuration page.

Log in with multiple Active Directory or Windows accounts

Serv-U MFT Server allows login with multiple Active Directory or Windows accounts when these accounts are part of the AD environment where Serv-U is installed.

  1. Leave the Windows Domain name field blank in the Windows authentication settings page.
  2. Log in with the principal user name.

Users who are part of the Windows group can create virtual paths and share folders.

  1. Click Configure Windows User Group.
  2. Select Virtual Paths.
  3. Add a Physical Path and a Virtual Path name, and then click Save.
    • Physical Path: the path you want mapped to a virtual location
    • Virtual Path: defines the directory to which the location should be mapped, including display name, for example, company files

When users log in, their home directory will contain a shortcut to their shared files. These are visible to all users who belong to this Windows User Group.

Organizational Unit group settings to create additional Windows subgroups

Using the Organizational Unit (OU) group settings, you can create additional Windows subgroups to assign different permissions and settings:

  1. Click Configure OU Groups.
  2. Map your Organization Unit (OU) tree in the Domain Controller to the Windows User Group in Serv-U.
  3. The Add and Add Child buttons create User Groups. You can edit and apply permissions to each of the subgroups representing OUs in the Active directory.

For more information, watch the video tutorial here.

 

 

 

Last modified
00:01, 12 Apr 2017

Tags

Classifications

Public