Configure Synology NAS (DSM 7.x) to Use Cloud LDAP

Cloud-hosted LDAP gives you the power of the LDAP protocol with none of the usual setup, maintenance, or failover requirements of traditional LDAP implementations. All you need to do is point your LDAP-connected endpoints to JumpCloud and you’re on your way. This article covers how to integrate Synology NAS with JumpCloud's Cloud LDAP. 

Enabling LDAP Bind DN on a User Account

Accessing a Synology NAS Appliance using the Web Interface (DSM), the Synology Drive Client, or the AFP protocol requires user accounts to be "Enabled as an LDAP Bind DN" in JumpCloud. 

To enable LDAP Bind DN on a User Account:

  1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
  2. Go to USER MANAGEMENT > Users, then select an existing user or create a new user. Learn more: Get Started: Users
  3. On the Details tab, expand User Security Settings and Permissions and select Specify initial password.
  4. Provide a strong password, then select Enable as LDAP Bind DN.

Note:

We recommend setting the service account password to never expire. This option appears in User Security Settings and Permissions after you save a new user. 

  1. Click save user

Configuring JumpCloud LDAP for Samba Authentication

To configure JumpCloud LDAP for Samba authentication

  1. In the JumpCloud Admin Portal, go to USER AUTHENTICATION > LDAP.
  2. Select (+), then select JumpCloud LDAP.
  3. Under LDAP Configuration, select Configure Samba Authentication.
  4. Use the default Workgroup and SID values in JumpCloud if you’re setting up a new Synology NAS environment. For an existing Synology NAS environment, match the Workgroup and SID in JumpCloud to the values you’ve set in the NAS appliance configuration. 
  5. For Samba Service Account, select the user account you enabled as LDAP Bind DN. This account is used as a dedicated Samba Service Account with Samba-enabled services like NAS appliances.

Note:

Don’t use the user Samba Service Account for additional LDAP client services. 

  1. Collect the Samba Service Account DN.
  1. Click save.

Enabling Samba Authentication for User Groups

To enable Samba authentication for a user group:

  1. In the JumpCloud Admin Portal, go to USER MANAGEMENT > User Groups
  2. Select an existing user group or create a new user group. Learn more: Get Started: User Groups.
  3. Select Create Linux group for this user group.
  1. Enter a Group Name, then a Group GID.

Note:

If there are no existing Linux-based groups in your environment that need to be mapped to the NAS appliance, select a GID above 1000000.

  1. Check Enable Samba Authentication.

Note:

Enabling Samba Authentication generates a notice regarding the MD4 hash used for NTLMv2 authentication. This credential can only be accessed by the Samba Service Account over a secured LDAP channel using TLS/SSL encryption.

  1. Navigate to the Users tab and add users to the group. At least one user must be placed in the User Group for it to populate in JumpCloud LDAP.
  2. Click save.

Integrating Synology NAS with JumpCloud LDAP

To integrate Synology NAS with JumpCloud:

  1. Log in to the Synology DSM Web Interface as an Administrator. 
  2. Go to Control Panel > Domain/LDAP > Domain/LDAP.
  3. Click Join. The Domain/LDAP Joining Wizard is launched.
  1. Enter the following server information:
    • Server type: Select LDAP from the drop-down menu.
    • Server address: Set to ldap.jumpcloud.com.
  2. Click Next and configure the following:
    • Bind DN or LDAP administrator account: Enter the LDAP server's Bind DN or administrator account.
    • Password: Enter the password of the LDAP's administrator account.
    • Encryption: Choose SSL/TLS or STARTTLS as the encryption type from the drop-down menu to encrypt the connection with the LDAP server.
    • Base DN: Select the Base DN of the LDAP server from the drop-down menu. The format will be ou=Users,o=<ORG ID NUMBER>,dc=jumpcloud,dc=com.
  1. Profile: Select Custom.
    • Expand the filter attribute.
    • Set the passwd Mapping Target to (objectclass=sambaSamAccount).
    • Expand the passwd attribute.
    • Set the userPassword Mapping Target to sambaNTPassword.
    • Click Save.
  1. Click Next to begin a precondition check. A “Samba Schema is not supported” error will surface.

Tip:

You may also see a “Lack of the sambaNTPassword attribute” warning message surface, depending on how your environment is set up. This message appears because the Synology LDAP Joining Wizard doesn’t detect the sambaNTPassword attribute on the LDAP users that are assigned to the NAS. Since JumpCloud LDAP only writes the sambaNTPassword attribute of the LDAP Bind DN, this message can be skipped.

  1. Click Details and Skip Anyway. The LDAP Joining Wizard will progress and eventually complete.
  1. Click OK to start using LDAP client services. 

Confirming JumpCloud LDAP User Account Integration

Note:

The Synology NAS will display user accounts based on the LDAP Directory entered during configuration. Users are only required to enter the "username" portion of this display "Name" when authenticating to file shares on the NAS appliance.

To confirm JumpCloud users and groups have been integrated:

  1. Log into the Synology DSM Web Interface as an Administrator. 
  2. Launch the Control Panel, then go to Domain/LDAP > LDAP Users.
  3. Click Update LDAP Data, then review the user list imported into the NAS appliance.
  4. Go to LDAP Group.
  5. Click Update LDAP Data, then review the groups imported into the NAS appliance. 

Configuring Microsoft Networking / SMB Support in the Synology NAS

To configure SMB Support in the Synology NAS:

  1. Log in to the Synology DSM Web Interface as an Administrator. 
  2. Go to Control Panel File Services > SMB.
  3. Select Enable SMB Service
  4. Name the Workgroup. This name should be the same as what you have entered for the workgroup of JumpCloud LDAP (refer to step 4 of “Configuring JumpCloud LDAP for Samba Authentication”).
  5. Click Apply.

Configuring AFP Support in Synology NAS

Prerequisites:

  • Make sure you enable LDAP Bind DN on all users in JumpCloud if they will be using AFP to access file shares. See To Enable LDAP Bind DN on a User Account above. 
  • The following tools are required to configure AFP support in Synology NAS:
    • Synology DSM Web Interface
    • Synology Drive Client 
    • MacOS AFP

To configure AFP support in Synology NAS:

  1. In the Synology DSM Web Interface, go to Control Panel > File Services > AFP.
  2. Select Enable AFP service.
  3. Click Apply.
Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case