探花大神

Help Center Home > Cloud LDAP > Configure Synology NAS (DSM 7.x) to Use Cloud LDAP

Configure Synology NAS (DSM 7.x) to Use Cloud LDAP

Cloud-hosted LDAP gives you the power of the LDAP protocol with none of the usual setup, maintenance, or failover requirements of traditional LDAP implementations. All you need to do is point your LDAP-connected endpoints to 探花大神 and you鈥檙e on your way. This article covers how to integrate Synology NAS with 探花大神's Cloud LDAP. 

Enabling LDAP Bind DN on a User Account

Accessing a Synology NAS Appliance using the Web Interface (DSM), the Synology Drive Client, or the AFP protocol requires user accounts to be "Enabled as an LDAP Bind DN" in 探花大神. 

To enable LDAP Bind DN on a User Account:

  1. Log in to the 探花大神 Admin Portal: .
  2. Go to USER MANAGEMENT > Users, then select an existing user or create a new user. Learn more: Get Started: Users
  3. On the Details tab, expand User Security Settings and Permissions and select Specify initial password.
  4. Provide a strong password, then select Enable as LDAP Bind DN.

Note:

We recommend setting the service account password to never expire. This option appears in User Security Settings and Permissions after you save a new user. 

  1. Click save user

Configuring 探花大神 LDAP for Samba Authentication

To configure 探花大神 LDAP for Samba authentication

  1. In the 探花大神 Admin Portal, go to USER AUTHENTICATION > LDAP.
  2. Select (+), then select 探花大神 LDAP.
  3. Under LDAP Configuration, select Configure Samba Authentication.
  4. Use the default Workgroup and SID values in 探花大神 if you鈥檙e setting up a new Synology NAS environment. For an existing Synology NAS environment, match the Workgroup and SID in 探花大神 to the values you鈥檝e set in the NAS appliance configuration. 
  5. For Samba Service Account, select the user account you enabled as LDAP Bind DN. This account is used as a dedicated Samba Service Account with Samba-enabled services like NAS appliances.

Note:

Don鈥檛 use the user Samba Service Account for additional LDAP client services. 

  1. Collect the Samba Service Account DN.
  1. Click save.

Enabling Samba Authentication for User Groups

To enable Samba authentication for a user group:

  1. In the 探花大神 Admin Portal, go to USER MANAGEMENT > User Groups
  2. Select an existing user group or create a new user group. Learn more: Get Started: User Groups.
  3. Select Create Linux group for this user group.
  1. Enter a Group Name, then a Group GID.

Note:

If there are no existing Linux-based groups in your environment that need to be mapped to the NAS appliance, select a GID above 1000000.

  1. Check Enable Samba Authentication.

Note:

Enabling Samba Authentication generates a notice regarding the MD4 hash used for NTLMv2 authentication. This credential can only be accessed by the Samba Service Account over a secured LDAP channel using TLS/SSL encryption.

  1. Navigate to the Users tab and add users to the group. At least one user must be placed in the User Group for it to populate in 探花大神 LDAP.
  2. Click save.

Integrating Synology NAS with 探花大神 LDAP

To integrate Synology NAS with 探花大神:

  1. Log in to the Synology DSM Web Interface as an Administrator. 
  2. Go to Control Panel > Domain/LDAP > Domain/LDAP.
  3. 颁濒颈肠办听Join. The聽Domain/LDAP Joining Wizard聽is launched.
  4. Enter the following server information:
    1. Server type: Select LDAP from the drop-down menu.
    2. Server address: Set to .
  5. Click Next and configure the following:
    1. Bind DN or LDAP administrator account: Enter the LDAP server's Bind DN or administrator account distinguished name.
      • Use the Samba Service Account DN collected in the previous section.
      • For example: uid=<LDAP Bind DN>ou=Users,o=<ORG ID NUMBER>dc=jumpcloud,dc=com
    2. Password: Enter the password of the LDAP's administrator account.
    3. Encryption: Choose SSL/TLS or STARTTLS as the encryption type from the drop-down menu to encrypt the connection with the LDAP server.
    4. Base DN: Enter the Base DN manually using the following format:
      • Use the Samba Service Account DN collected in the previous section but remove the "uid" value, for example: ou=Users,o=<ORG ID NUMBER>,dc=jumpcloud,dc=com.
  6. Under Profile: Select聽Custom.
    1. Expand the filter attribute.
    2. Set the passwd Mapping Target to (objectclass=sambaSamAccount).
    3. Expand the passwd attribute.
    4. Set the userPassword Mapping Target to sambaNTPassword.
    5. 颁濒颈肠办听Save.
  7. 颁濒颈肠办听狈别虫迟听to begin a precondition check.聽A 鈥淪amba Schema is not supported鈥 error will surface.

    Tip:

    You may also see a 鈥淟ack of the sambaNTPassword attribute鈥 warning message surface, depending on how your environment is set up. This message appears because the Synology LDAP Joining Wizard doesn鈥檛 detect the sambaNTPassword attribute on the LDAP users that are assigned to the NAS. Since 探花大神 LDAP only writes the sambaNTPassword attribute of the LDAP Bind DN, this message can be skipped.

    1. 颁濒颈肠办听顿别迟补颈濒蝉听补苍诲听Skip Anyway. The LDAP Joining Wizard will progress and eventually complete.
    2. Click OK to start using LDAP client services. 

    Confirming 探花大神 LDAP User Account Integration

    Note:

    The Synology NAS will display user accounts based on the LDAP Directory entered during configuration. Users are only required to enter the "username" portion of this display "Name" when authenticating to file shares on the NAS appliance.

    To confirm 探花大神 users and groups have been integrated:

    1. Log into the Synology DSM Web Interface as an Administrator. 
    2. Launch the Control Panel, then go to Domain/LDAP > LDAP Users.
    3. Click Update LDAP Data, then review the user list imported into the NAS appliance.
    4. Go to LDAP Group.
    5. Click Update LDAP Data, then review the groups imported into the NAS appliance. 

    Configuring Microsoft Networking / SMB Support in the Synology NAS

    To configure SMB Support in the Synology NAS:

    1. Log in to the Synology DSM Web Interface as an Administrator. 
    2. Go to Control Panel File Services > SMB.
    3. Select Enable SMB Service
    4. Name the Workgroup. This name should be the same as what you have entered for the workgroup of 探花大神 LDAP (refer to step 4 of 鈥淐onfiguring 探花大神 LDAP for Samba Authentication鈥).
    5. Click Apply.

    Configuring AFP Support in Synology NAS

    Prerequisites:

    • Make sure you enable LDAP Bind DN on all users in 探花大神 if they will be using AFP to access file shares. See To Enable LDAP Bind DN on a User Account above. 
    • The following tools are required to configure AFP support in Synology NAS:
      • Synology DSM Web Interface
      • Synology Drive Client 
      • MacOS AFP

    To configure AFP support in Synology NAS:

    1. In the Synology DSM Web Interface, go to Control Panel > File Services > AFP.
    2. Select Enable AFP service.
    3. Click Apply.
    Back to Top

    List IconIn this Article

    Still Have Questions?

    If you cannot find an answer to your question in our FAQ, you can always contact us.

    Submit a Case