黑料海角91入口

Help Center Home > Cloud LDAP > Configure Synology NAS (DSM 7.x) to Use Cloud LDAP

Configure Synology NAS (DSM 7.x) to Use Cloud LDAP

Cloud-hosted LDAP gives you the power of the LDAP protocol with none of the usual setup, maintenance, or failover requirements of traditional LDAP implementations. All you need to do is point your LDAP-connected endpoints to 黑料海角91入口 and you鈥檙e on your way. This article covers how to integrate Synology NAS with 黑料海角91入口's Cloud LDAP. 

Enabling LDAP Bind DN on a User Account

Accessing a Synology NAS Appliance using the Web Interface (DSM), the Synology Drive Client, or the AFP protocol requires user accounts to be "Enabled as an LDAP Bind DN" in 黑料海角91入口.听

To enable LDAP Bind DN on a User Account:

  1. Log in to the 黑料海角91入口 Admin Portal: .
  2. Go to聽USER MANAGEMENT听&驳迟;听Users, then select an existing user or create a new user. Learn more:聽Get Started: Users.听
  3. On the Details tab, expand User Security Settings and Permissions and select Specify initial password.
  4. Provide a strong password, then select聽Enable as LDAP Bind DN.

Note:

We recommend setting the service account password to never expire. This option appears in聽User Security Settings and Permissions聽after you save a new user.听

  1. 颁濒颈肠办听save user.听

Configuring 黑料海角91入口 LDAP for Samba Authentication

To configure 黑料海角91入口 LDAP for Samba authentication

  1. In the 黑料海角91入口 Admin Portal, go to USER AUTHENTICATION > LDAP.
  2. Select (+), then select 黑料海角91入口 LDAP.
  3. Under LDAP Configuration, select Configure Samba Authentication.
  4. Use the default Workgroup and SID values in 黑料海角91入口 if you鈥檙e setting up a new Synology NAS environment. For an existing Synology NAS environment, match the Workgroup and SID in 黑料海角91入口 to the values you鈥檝e set in the NAS appliance configuration. 
  5. 贵辞谤听Samba Service Account, select the user account you enabled as LDAP Bind DN. This account is used as a dedicated Samba Service Account with Samba-enabled services like NAS appliances.

Note:

Don鈥檛 use the user Samba Service Account for additional LDAP client services.听

  1. Collect the聽Samba Service Account DN.
  1. Click save.

Enabling Samba Authentication for User Groups

To enable Samba authentication for a user group:

  1. In the 黑料海角91入口 Admin Portal, go to USER MANAGEMENT > User Groups
  2. Select an existing user group or create a new user group. Learn more:聽Get Started: User Groups.
  3. Select Create Linux group for this user group.
  1. Enter a聽Group Name, then a聽Group GID.

Note:

If there are no existing Linux-based groups in your environment that need to be mapped to the NAS appliance, select a GID above 1000000.

  1. 颁丑别肠办听Enable Samba Authentication.

Note:

Enabling Samba Authentication generates a notice regarding the MD4 hash used for NTLMv2 authentication. This credential can only be accessed by the Samba Service Account over a secured LDAP channel using TLS/SSL encryption.

  1. Navigate to the聽鲍蝉别谤蝉听tab and add users to the group. At least one user must be placed in the User Group for it to populate in 黑料海角91入口 LDAP.
  2. Click save.

Integrating Synology NAS with 黑料海角91入口 LDAP

To integrate Synology NAS with 黑料海角91入口:

  1. Log in to the Synology DSM Web Interface as an Administrator. 
  2. Go to Control Panel > Domain/LDAP > Domain/LDAP.
  3. 颁濒颈肠办听Join. The聽Domain/LDAP Joining Wizard聽is launched.
  1. Enter the following server information:
    • Server type: Select LDAP from the drop-down menu.
    • Server address: Set to .
  2. 颁濒颈肠办听狈别虫迟听and configure the following:
    • Bind DN or LDAP administrator account: Enter the LDAP server's Bind DN or administrator account.
    • Password: Enter the password of the LDAP's administrator account.
    • Encryption: Choose SSL/TLS or STARTTLS as the encryption type from the drop-down menu to encrypt the connection with the LDAP server.
    • Base DN: Select the Base DN of the LDAP server from the drop-down menu. The format will be聽ou=Users,o=<ORG ID NUMBER>,dc=jumpcloud,dc=com.
  1. Profile: Select聽Custom.
    • Expand the filter attribute.
    • Set the passwd Mapping Target to (objectclass=sambaSamAccount).
    • Expand the passwd attribute.
    • Set the userPassword Mapping Target to sambaNTPassword.
    • 颁濒颈肠办听Save.
  1. 颁濒颈肠办听狈别虫迟听to begin a precondition check.听A 鈥淪amba Schema is not supported鈥 error will surface.

Tip:

You may also see a 鈥淟ack of the sambaNTPassword attribute鈥 warning message surface, depending on how your environment is set up.听This message appears because the Synology LDAP Joining Wizard doesn鈥檛 detect the sambaNTPassword attribute on the LDAP users that are assigned to the NAS. Since 黑料海角91入口 LDAP only writes the sambaNTPassword attribute of the LDAP Bind DN, this message can be skipped.

  1. 颁濒颈肠办听顿别迟补颈濒蝉听补苍诲听Skip Anyway. The LDAP Joining Wizard will progress and eventually complete.
  1. Click OK to start using LDAP client services. 

Confirming 黑料海角91入口 LDAP User Account Integration

Note:

The Synology NAS will display user accounts based on the LDAP Directory entered during configuration. Users are only required to enter the "username" portion of this display "Name" when authenticating to file shares on the NAS appliance.

To confirm 黑料海角91入口 users and groups have been integrated:

  1. Log into the Synology DSM Web Interface as an Administrator. 
  2. Launch the Control Panel, then go to Domain/LDAP > LDAP Users.
  3. Click Update LDAP Data, then review the user list imported into the NAS appliance.
  4. Go to LDAP Group.
  5. Click Update LDAP Data, then review the groups imported into the NAS appliance. 

Configuring Microsoft Networking / SMB Support in the Synology NAS

To configure SMB Support in the Synology NAS:

  1. Log in to the Synology DSM Web Interface as an Administrator. 
  2. Go to Control Panel File Services > SMB.
  3. Select Enable SMB Service
  4. Name the Workgroup. This name should be the same as what you have entered for the workgroup of 黑料海角91入口 LDAP (refer to step 4 of 鈥淐onfiguring 黑料海角91入口 LDAP for Samba Authentication鈥).
  5. Click Apply.

Configuring AFP Support in Synology NAS

Prerequisites:

  • Make sure you enable LDAP Bind DN on all users in 黑料海角91入口 if they will be using AFP to access file shares. See聽To Enable LDAP Bind DN on a User Account above.听
  • The following tools are required to configure AFP support in Synology NAS:
    • Synology DSM Web Interface
    • Synology Drive Client 
    • MacOS AFP

To configure AFP support in Synology NAS:

  1. In the Synology DSM Web Interface, go to Control Panel > File Services > AFP.
  2. Select Enable AFP service.
  3. Click Apply.
Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case