Rotten mud: Server-u ftp and AD perfect integration solution
Recently, the boss gave us a task to migrate and integrate the company's file servers, FTP servers, and email servers. Log on to the background and check the solution that the company is currently using. The FTP Server uses Server-u FTP, and the authentication method is windows authentication.
Www.2cto.com
The file server uses the NTFS permission provided by windows itself for allocation, while the mail server uses IBM domino. Now that you know the current solutions and related software, integrate them. According to the following, the latest version of Server-u ftp supports AD and LDAP authentication, and domino also supports AD. However, I heard that the configuration is complex. I will explain the integration of AD and domino in the next article. This time, we will only explain AD and Server-u ftp.
To integrate Server-U with AD at www.2cto.com, we have the following requirements: 1. Be familiar with Server-U and be proficient in configuring Server-U. 2. Be familiar with AD and be able to install, configure, and operate AD independently. 3. Configure NTFS permissions as required. All of the following experiments are performed on the windows server 2003 Enterprise Edition server. The IP address is 192.168.128.133, the client is XP, And the IP address is 192.168.128.134. First of all, we need to install and configure AD. You can search Baidu or google for the installation and configuration of AD. I will not explain it here. The preceding figure shows information about the correct configuration of AD. After the configuration is complete, we need to establish an organizational unit. The name of the organization unit must not be Chinese. Remember this. Otherwise, FTP cannot be logged in after integration with Server-U. Here we create a new organizational unit, as shown below: Then, we create a new user "erxian1" and "ceshi1" under "erxian" and "ceshi" respectively ": the configuration in AD is complete. The following describes the configuration in Server-U. After Server-U is installed, you will be prompted to create a new domain (PS: this domain is different from the domain in AD). For example, follow the prompts to fill in, after that, you will be prompted to create a new user. For example, click "no", go to the control panel, and find "Configure windows Authentication Settings" under the "user" option ": in the pop-up window, click "Enable windows Verification", for example, enter the AD domain name in the pop-up window, for example, after saving, click "Configure OU group" and fill in the name with the same organizational unit structure as the AD in the pop-up window. For example, during this configuration, we can create an access directory, and the corresponding directory access permissions: Well, after the above settings are complete. We started to set the FTP-related access directory. The current FTP root directory is C: \ testFTP, which contains several other directories. For example, the NTFS permission of the "testFTP" directory is: common domain users can read and view the permission directories "Test Department" and "second-line department", which belong to members of their respective organizational units. For example, you may ask, why do you not see individual user access permissions in this figure? That's because the "second-line department" in the figure is a group, and this is a group in AD. The permission is as long as all the Members in the second-line department group of AD can perform related operations on the directory "second-line department. Why are we doing this? This is mainly for future convenience. If you are a new employee, you only need to add a new account and add it to the group. In the future, we do not need to configure his permissions. Now that the configuration is complete, log on to the client and perform relevant tests. Through the above, we can know that now "erxian1" users can log on to FTP and create folders under the "second-line" directory. Now, switch to the "Test Department" directory to see if it can be entered. You can see the prompt that you do not have the access permission. That means our goal has been achieved. The FTP service is provided through Server-U, the account is provided by AD, and the permission is set by NTFS. PS: in fact, there is another problem, that is, the Server-U and NTFS can both set permissions. What is the final permission? In this case, after my test, the final permissions are superimposed ......