Vsftpd/AD Authentication

vsftpd (Very Secure FTP Daemon) is a major FTP server.

pam (Puggable Authentication Modules for linux) is a system of libraries that handle the authentication tasks of applications (services) on the system.

winbind. Name Service Switch daemon for resolving names from NT servers

Vsftpd USE Flags
We should enable a pam tcpd caps and, optionally, ssl (for security reasons) use flags:

Install vsftpd
Install :

Samba USE Flags
We should enable a ads use flag

Install samba
Install :

/etc/krb5.conf
Note: parameters are case-sensitive

/etc/vsftpd/vsftpd.conf
FTP-Server will authenticate users in Microsoft Active Directory via pam + winbind.

Chroot to user's home directory
Note: If you want to chroot all users to one fixed directory, just add the following to your /etc/vsftpd/vsftpd.conf: local_root=/var/ftp

SECCOMP Filtering and 64-bit Kernels with =net-ftp/vsftpd-3.0.x
Note: If running an amd64 kernel, you will need to add the following to your /etc/vsftpd/vsftpd.conf: seccomp_sandbox=NO If the above change is not added, the following error may occur on the client side: Fatal error: 500 OOPS: priv_sock_get_cmd For further information, refer to https://bugzilla.redhat.com/show_bug.cgi?id=845980.

/etc/samba/smb.conf
Note: parameters in file are case-sensitive!

Samba localization
Note: If using samba in localized network, just add following to your /etc/samba/smb.conf (change codepage to yours): dos charset = cp866

pam configuration
Users, who are not in FTP-ACCESS groip in Active Directory, will get "Password incorrect"

Winbind service
Making winbindd daemon to start with samba service. Just change following string in /etc/conf.d/samba: daemon_list="smbd nmbd winbind"

Joining samba to Windows Domain
user@corp.domain.com should have permittions to join computers in Windows Domain

Enter password for user.

All done!