SebastienB.90492 (Customer) asked a question.
Hello Okta Community,
I am managing a Linux cluster built with Alma Linux, currently configured to use Okta Advanced Server Access (OASA) for SSH authentication. As part of a new requirement, I need to set up SMB shares accessible to a Windows station. Our cluster is running in an isolated network without access to Active Directory.
I found in Okta documentation that I need to create an `sft.yaml` file but am unsure of the options I should include. According to a post I read, ScaleFT should intercept a PAM request and forward it to Okta for authentication.
Here are the configurations I'm planning to implement:
**`/etc/samba/smb.conf`:**
```ini
[global]
security = user
map to guest = bad user
obey pam restrictions = yes
```
**`sft.yaml`:**
```yaml
PAM:
Enabled: true
ServiceName: "smb"
AccessControl:
RequireSession: false
Labels:
environment: "production"
purpose: "smb-auth"
```
**Questions:**
Are these configurations correct for enabling SMB authentication through OASA?
Has anyone successfully set up a similar configuration, and what challenges did you encounter?
Are there any other recommendations or best practices for securing and optimizing this setup?
Any insights from those who have navigated similar integrations would be invaluable.
Thank you in advance for your support!
Hello @SebastienB.90492 (Customer) Thank you for posting on our Community page!
Due to the complexity of this use case, I suggest opening a case with the Support engineers.
https://support.okta.com/help/s/opencase?language=en_US
Thank you for reaching out to our Community and have a great day!
--
Join the discussion for the Ask Me Anything online event on May 23, 2024 with Okta Tactical Edge Product Experts
I tried support already, but it wasn't really helpful.
they gave me that link that I knew https://help.okta.com/asa/en-us/content/topics/adv_server_access/docs/sftd-configure.htm
Then I need to configure that file, /etc/sft/sftd.yaml. There is no template, I do not know what options are available. I am trying to figure it out by myself.
I know yaml for AWS, assuming syntax would be similar...