Create an FTP server

1.Goals

For vCenter and NSX-v, I need an FTP server to make application consistency backup. This post will explain the installation path I have used to be able to have an ftp server usable for both solutions.

Each authenticated users have their home dir on the ftp server. I have redirected users home directory on a logical partition on the path /ftp01/$user.

Configurations files will be given as an example :

  • sssd.conf is modified after integration in Active Directory domain.
  • vsftpd.conf et /etc/pam.d/vsftpd are configured to allow active directory authentication and redirection to the home directory of the user.

 

2.Tasks

 

2.Tools

3.Operations

3.1 Starting point

I have a fresh server installed on linux. Domain authentication is working, I have created two mount point so I want to create an FTP server that will allow me to make consistant backup of my vCenter server and NSX manager with two specific Active Directory credentials and ftp folder.

 

3.1 Install vsftpd

 

#sudo yum install vsftpd -y

 

3.2 Modify configuration files

3.2.1 sssd.conf

This file should be based on your own domain (domains / ad_domain etc …).

[sssd]
domains = int.virtualy-labs.com
config_file_version = 2
services = nss, pam[domain/int.virtualy-labs.com]
ad_domain = int.virtualy-labs.com
krb5_realm = INT.VIRTUALY-LABS.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /ftp01/%u
access_provider = ad

3.2.2 vsftpd.conf

Configuration file of vsftpd.conf

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_log=YES
local_root=/ftp01/$USER
tcp_wrappers=NO
chroot_local_user=NO
session_support=YES

3.2.3 vsftpd.conf

#%PAM-1.0
auth required pam_env.so
auth sufficient pam_winbind.so
account sufficient pam_winbind.so
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include password-auth
account include password-auth
session required pam_loginuid.so
session include password-auth

3.3 Configure the firewall

#firewall-cmd –permanent –add-service=ftp

#firewall-cmd –reload

3.4 Login with active directory user

Login with active directory will create the directory /ftp01/$user. In this case, all the required permission are well configured.

 

3.5 Test connexion

3.5.1 On the server itself

launch a command

#ftp localhost

-> Name : specify the username (Active Directory)

-> Password : specify the password of the user

-> pwd : validate the directory

 

3.5.1 From another server

Well my first objective was to backup nsx manager … . I configured the parameters.

 

 

This part is validated.

Leave a Reply

Your email address will not be published. Required fields are marked *