Configure QNAP QTS NAS to Use Cloud LDAP

This article covers how to integrate QNAP NAS devices with JumpCloud’s LDAP, enabling user management and authentication using JumpCloud accounts and credentials. To configure the integration, it's important understand the relationship between the products and how they are integrated. The following diagram in conjunction with the instructions that follow, show the basic interoperation of JumpCloud’s LDAP authentication service, the QNAP NAS, and the client attempting to access files.

Prerequisites:

  • Cloud LDAP is configured correctly in JumpCloud. See Use Cloud LDAP to learn more.
  • LDAP users and/or user groups are configured in JumpCloud. See Create an LDAP Group to learn more.

Configuring JumpCloud User Groups for QNAP QTS via LDAP

To proceed, Cloud LDAP and a LDAP BindDN user must be configured. If you’ve not configured a BindDN User, see Creating an LDAP Bind User to learn more.

To configure JumpCloud user groups for QNAP:

  1. Log in to the JumpCloud Admin Portal.
  2. Go to USER MANAGEMENT > User Groups.
    1. Select a user group that you want to be synced to QNAP QTS.
    2. Under the Details tab, select both Create Linux group for this user group and Enable Samba Authentication checkboxes.
    3. Fill out a Linux Group Name and Group GID.
      • Note: QTS reserves a GID range from 0 to 99. When adding a new account, ensure that the UID and GID does not conflict with an existing UID or GID.
    4. At the bottom right, click Save to apply your changes.
  3. Repeat this step for all of the user groups you want to be available in QNAP QTS.

Note:

These JumpCloud User Groups will be available on the NAS in Domain Groups


Configuring QTS for Microsoft Networking

In order to access file shares on Windows devices, the name of the workgroup configured in QTS must be identical to the name of the workgroup configured in your JumpCloud LDAP Instance. 

To view Workgroup information in the LDAP Directory:

  1. First, get the name of the QNAP QTS Workgroup:
    1. In QNAP QTS, go to Control Panel > Network & File Services > Win/Mac/NFS/WebDAV > Microsoft Networking.
  2. Then view the name of the JumpCloud Workgroup:
    1. In the JumpCloud Admin Portal, go to USER AUTHENTICATION > LDAP.
    2. Click on the JumpCloud LDAP instance.
    3. Go the Details tab > LDAP Configuration to locate the Workgroup.

Configuring QNAP QTS to use JumpCloud LDAP

To configure the QNAP QTS device to use JumpCloud LDAP:

  1. In QNAP QTS, go to Control Panel > Privilege > Domain Security
  2. Select LDAP authentication
  3. For Select the type of LDAP server, select Remote LDAP server
  4. For the LDAP server host, enter ldap.jumpcloud.com.
  5. For the LDAP security setting, select a security type such as ldap://(ldap+TLS).
  6. For the Base DN, enter the string displayed in JumpCloud under ORG DN in LDAP’s Details Tab.
    This should look like the value: o=XXXXXXXXXXXXX,dc=jumpcloud,dc=com
  7. For the Root DN, enter the string displayed in JumpCloud under Samba Service Account DN in JumpCloud’s LDAP Details Tab.
    This should look like the value: uid=your.ldab.bind.userid,ou=Users,o=XXXXXXXXXX,dc=jumpcloud,dc=com
  8. Enter the password for the SAMBA SERVICE ACCOUNT (the JumpCloud BindDN User LDAP password).
  9. For Users base DN and Group base DN, enter the same string:
    ou=Users,o=XXXXXXXXX,dc=jumpcloud,dc=com
    Where the o= value is the same from your earlier configurations from earlier.
  10. Click Apply. The LDAP authentication options window will appear.
  11. Select LDAP users only: Only LDAP users can access the NAS via Microsoft Networking.
  12. Click Finish.

The NAS connects to the JumpCloud LDAP directory. The connection is established when the Status displays Online.

Verifying LDAP Users and User Groups

JumpCloud Users will be displayed in Users or Shared Folders under Domain Users.

JumpCloud User Groups will be displayed in User Groups under Domain Groups.

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case