This article covers the configuration of TrueNAS for use with JumpCloud's LDAP-as-a-Service, verified with TrueNAS Core 12 and TrueNAS SCALE 12. It also covers an optional configuration for SMB Service, for IT admins who want users to authenticate to SMB file shares that are set up on the TrueNAS appliance.
Prerequisites:
- Cloud LDAP is configured correctly in JumpCloud. See Use Cloud LDAP to learn more.
- LDAP users and/or user groups are configured in JumpCloud. See Create an LDAP Group to learn more.
- The steps in Configuring LDAP in TrueNAS must be followed before starting an SMB configuration, though SMB configuration is NOT required in order to set up LDAP on TrueNAS.
Configuration Notes:
- Reference the TrueNAS Support Site during configuration.
- This process was last qualified on 03/17/2022 using TrueNAS Core 12.0-U8.
- Users from the LDAP connection do not seem to show up in the TrueNAS GUI. Be aware that LDAP users and groups appear in the dropdown menus of the Permissions screen of a dataset after configuring the LDAP service. See the TrueNAS documentation for further details.
- SSH access is limited to local users only by default.
- Once configured, you may have to click Rebuild Directory Service Cache (see image below) for users to be imported from LDAP, or for any updates to the JumpCloud Samba User Group to propagate to TrueNAS.
Configuring LDAP in TrueNAS
To find the information for step 3, see Use Cloud LDAP.
To configure LDAP in TrueNAS:
- Log in to the TrueNAS Administrator Dashboard.
- Go to Directory Services > LDAP.
- Provide the following information:
- Hostname: ldap.jumpcloud.com
- Base DN: o=YOUR_ORG_ID,dc=jumpcloud,dc=com
- Bind DN: uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
- Bind Password: LDAP_BINDING_USER_PASSWORD
- Enable: Checked
Configuring START_TLS LDAP Settings in TrueNAS
To configure advanced LDAP settings in TrueNAS:
- Log in to the TrueNAS Administrator Dashboard.
- Go to Directory Services > LDAP.
- Click Advanced Options.
- Select START_TLS from the Encryption Mode dropdown.
- Check the Samba Schema option.
- Click SAVE to complete the advanced configuration.
Configuring TrueNAS for SMB Service
- This is an optional configuration, but if you plan to implement SMB Service, LDAP must be configured in TrueNAS first.
- Samba must be enabled for LDAP. See Configure Samba Support with LDAP.
- Read and understand the SMB options available for the TrueNAS Core in their knowledge base. The appropriate advanced settings will depend on your environment and needs of the client machines.
For instances where Windows or other Samba clients need to access the file share via UNC path or smb syntax:\\freenas.server\share
smb://freenas.server/share
To add SMB Service:
- From the TrueNAS Dashboard, go to Sharing > Windows Shares (SMB) and click ADD.
To activate SMB Service:
- From the TrueNAS Dasboard, go to Services and click the toggle for SMB.
- Click the pencil icon to configure the service.
- The NetBIOS Name defaults to truenas and is the only required setting.
- If it is not already pre-populated, copy the WORKGROUP from the JumpCloud LDAP Samba configuration (See Configure Samba Support with LDAP) and paste it into the corresponding Workgroup field on the TrueNAS configuration.
- Click SAVE.