{"id":76887,"date":"2023-06-05T13:10:53","date_gmt":"2023-06-05T17:10:53","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=76887"},"modified":"2023-06-05T13:10:53","modified_gmt":"2023-06-05T17:10:53","slug":"configure-synology-nas-dsm-7-x-to-use-cloud-ldap","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/configure-synology-nas-dsm-7-x-to-use-cloud-ldap","title":{"rendered":"Configure Synology NAS (DSM 7.x) to Use Cloud LDAP"},"content":{"rendered":"\n

Cloud-hosted LDAP gives you the power of the LDAP protocol with none of the usual setup, maintenance, or failover requirements of traditional LDAP implementations. All you need to do is point your LDAP-connected endpoints to JumpCloud and you\u2019re on your way. This article covers how to integrate Synology NAS with JumpCloud’s Cloud LDAP. <\/p>\n\n\n\n

Enabling LDAP Bind DN on a User Account<\/h2>\n\n\n\n

Accessing a Synology NAS Appliance using the Web Interface (DSM), the Synology Drive Client, or the AFP protocol requires user accounts to be “Enabled as an LDAP Bind DN” in JumpCloud.\u00a0<\/p>\n\n\n\n

To enable LDAP Bind DN on a User Account<\/strong>:<\/p>\n\n\n\n

    \n
  1. Log in to the JumpCloud Admin Portal: https:\/\/console.jumpcloud.com\/login<\/a>.<\/li>\n\n\n\n
  2. Go to\u00a0USER MANAGEMENT<\/strong>\u00a0>\u00a0Users<\/strong>, then select an existing user or create a new user. Learn more:\u00a0Get Started: Users<\/a>.\u00a0<\/li>\n\n\n\n
  3. On the Details <\/strong>tab, expand User Security Settings and Permissions<\/strong> and select Specify initial password<\/strong>.<\/li>\n\n\n\n
  4. Provide a strong password, then select\u00a0Enable as LDAP Bind DN<\/strong>.<\/li>\n<\/ol>\n\n\n\n

    <\/p><\/div>

    Note:<\/strong> \n

    We recommend setting the service account password to never expire. This option appears in\u00a0User Security Settings and Permissions<\/strong>\u00a0after you save a new user.\u00a0<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

      \n
    1. Click\u00a0save user<\/strong>.\u00a0<\/li>\n<\/ol>\n\n\n\n

      Configuring JumpCloud LDAP for Samba Authentication<\/h2>\n\n\n\n

      To configure JumpCloud LDAP for Samba authentication<\/strong>: <\/p>\n\n\n\n

        \n
      1. In the JumpCloud Admin Portal, go to USER AUTHENTICATION<\/strong> > LDAP<\/strong>.<\/li>\n\n\n\n
      2. Select (+<\/strong>), then select JumpCloud LDAP<\/strong>.<\/li>\n\n\n\n
      3. Under LDAP Configuration<\/strong>, select Configure Samba Authentication<\/strong>.<\/li>\n\n\n\n
      4. Use the default Workgroup <\/strong>and SID<\/strong> values in JumpCloud if you\u2019re setting up a new Synology NAS environment. For an existing Synology NAS environment, match the Workgroup <\/strong>and SID <\/strong>in JumpCloud to the values you\u2019ve set in the NAS appliance configuration. <\/li>\n\n\n\n
      5. For\u00a0Samba Service Account<\/strong>, select the user account you enabled as LDAP Bind DN. This account is used as a dedicated Samba Service Account with Samba-enabled services like NAS appliances.<\/li>\n<\/ol>\n\n\n\n

        <\/p><\/div>

        Note:<\/strong> \n

        Don\u2019t use the user Samba Service Account for additional LDAP client services.\u00a0<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

          \n
        1. Collect the\u00a0Samba Service Account DN<\/strong>.<\/li>\n<\/ol>\n\n\n\n
          \"\"<\/figure>\n\n\n\n
            \n
          1. Click save<\/strong>.<\/li>\n<\/ol>\n\n\n\n

            Enabling Samba Authentication for User Groups<\/h2>\n\n\n\n

            To enable Samba authentication for a user group<\/strong>:<\/p>\n\n\n\n

              \n
            1. In the JumpCloud Admin Portal, go to USER MANAGEMENT<\/strong> > User Groups<\/strong>. <\/li>\n\n\n\n
            2. Select an existing user group or create a new user group. Learn more:\u00a0Get Started: User Groups<\/a>.<\/li>\n\n\n\n
            3. Select Create Linux group for this user group<\/strong>.<\/li>\n<\/ol>\n\n\n\n
              \"\"<\/figure>\n\n\n\n
                \n
              1. Enter a\u00a0Group Name<\/strong>, then a\u00a0Group GID<\/strong>.<\/li>\n<\/ol>\n\n\n\n

                <\/p><\/div>

                Note:<\/strong> \n

                If there are no existing Linux-based groups in your environment that need to be mapped to the NAS appliance, select a GID above 1000000.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

                  \n
                1. Check\u00a0Enable Samba Authentication<\/strong>.<\/li>\n<\/ol>\n\n\n\n

                  <\/p><\/div>

                  Note:<\/strong> \n

                  Enabling Samba Authentication generates a notice regarding the MD4 hash used for NTLMv2 authentication. This credential can only be accessed by the Samba Service Account over a secured LDAP channel using TLS\/SSL encryption.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

                    \n
                  1. Navigate to the\u00a0Users\u00a0<\/strong>tab and add users to the group. At least one user must be placed in the User Group for it to populate in JumpCloud LDAP.<\/li>\n\n\n\n
                  2. Click save<\/strong>.<\/li>\n<\/ol>\n\n\n\n

                    Integrating Synology NAS with JumpCloud LDAP<\/h2>\n\n\n\n

                    To integrate Synology NAS with JumpCloud<\/strong>:<\/p>\n\n\n\n

                      \n
                    1. Log in to the Synology DSM Web Interface as an Administrator. <\/li>\n\n\n\n
                    2. Go to Control Panel<\/strong> > Domain\/LDAP<\/strong> > Domain\/LDAP<\/strong>.<\/li>\n\n\n\n
                    3. Click\u00a0Join<\/strong>. The\u00a0Domain\/LDAP Joining Wizard\u00a0<\/strong>is launched.
                      \"\"<\/li>\n<\/ol>\n\n\n\n
                        \n
                      1. Enter the following server information:\n