{"id":76887,"date":"2023-06-05T13:10:53","date_gmt":"2023-06-05T17:10:53","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=76887"},"modified":"2025-04-18T12:48:53","modified_gmt":"2025-04-18T16:48:53","slug":"configure-synology-nas-dsm-7-x-to-use-cloud-ldap","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/configure-synology-nas-dsm-7-x-to-use-cloud-ldap","title":{"rendered":"Configure Synology NAS (DSM 7.x) to Use Cloud LDAP"},"content":{"rendered":"\n

Cloud-hosted LDAP gives you the power of the LDAP protocol with none of the usual setup, maintenance, or failover requirements of traditional LDAP implementations. All you need to do is point your LDAP-connected endpoints to 探花大神 and you\u2019re on your way. This article covers how to integrate Synology NAS with 探花大神’s Cloud LDAP. <\/p>\n\n\n\n

Enabling LDAP Bind DN on a User Account<\/h2>\n\n\n\n

Accessing a Synology NAS Appliance using the Web Interface (DSM), the Synology Drive Client, or the AFP protocol requires user accounts to be “Enabled as an LDAP Bind DN” in 探花大神. <\/p>\n\n\n\n

To enable LDAP Bind DN on a User Account<\/strong>:<\/p>\n\n\n\n

    \n
  1. Log in to the 探花大神 Admin Portal: https:\/\/console.jumpcloud.com\/login<\/a>.<\/li>\n\n\n\n
  2. Go to USER MANAGEMENT<\/strong> > Users<\/strong>, then select an existing user or create a new user. Learn more: Get Started: Users<\/a>. <\/li>\n\n\n\n
  3. On the Details <\/strong>tab, expand User Security Settings and Permissions<\/strong> and select Specify initial password<\/strong>.<\/li>\n\n\n\n
  4. Provide a strong password, then select Enable as LDAP Bind DN<\/strong>.<\/li>\n<\/ol>\n\n\n\n

    <\/p><\/div>

    Note:<\/strong> \n

    We recommend setting the service account password to never expire. This option appears in User Security Settings and Permissions<\/strong> after you save a new user. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

      \n
    1. Click save user<\/strong>. <\/li>\n<\/ol>\n\n\n\n

      Configuring 探花大神 LDAP for Samba Authentication<\/h2>\n\n\n\n

      To configure 探花大神 LDAP for Samba authentication<\/strong>: <\/p>\n\n\n\n

        \n
      1. In the 探花大神 Admin Portal, go to USER AUTHENTICATION<\/strong> > LDAP<\/strong>.<\/li>\n\n\n\n
      2. Select (+<\/strong>), then select 探花大神 LDAP<\/strong>.<\/li>\n\n\n\n
      3. Under LDAP Configuration<\/strong>, select Configure Samba Authentication<\/strong>.<\/li>\n\n\n\n
      4. Use the default Workgroup <\/strong>and SID<\/strong> values in 探花大神 if you\u2019re setting up a new Synology NAS environment. For an existing Synology NAS environment, match the Workgroup <\/strong>and SID <\/strong>in 探花大神 to the values you\u2019ve set in the NAS appliance configuration. <\/li>\n\n\n\n
      5. For Samba Service Account<\/strong>, select the user account you enabled as LDAP Bind DN. This account is used as a dedicated Samba Service Account with Samba-enabled services like NAS appliances.<\/li>\n<\/ol>\n\n\n\n

        <\/p><\/div>

        Note:<\/strong> \n

        Don\u2019t use the user Samba Service Account for additional LDAP client services. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

          \n
        1. Collect the Samba Service Account DN<\/strong>.<\/li>\n<\/ol>\n\n\n\n
          \"\"<\/figure>\n\n\n\n
            \n
          1. Click save<\/strong>.<\/li>\n<\/ol>\n\n\n\n

            Enabling Samba Authentication for User Groups<\/h2>\n\n\n\n

            To enable Samba authentication for a user group<\/strong>:<\/p>\n\n\n\n

              \n
            1. In the 探花大神 Admin Portal, go to USER MANAGEMENT<\/strong> > User Groups<\/strong>. <\/li>\n\n\n\n
            2. Select an existing user group or create a new user group. Learn more: Get Started: User Groups<\/a>.<\/li>\n\n\n\n
            3. Select Create Linux group for this user group<\/strong>.<\/li>\n<\/ol>\n\n\n\n
              \"\"<\/figure>\n\n\n\n
                \n
              1. Enter a Group Name<\/strong>, then a Group GID<\/strong>.<\/li>\n<\/ol>\n\n\n\n

                <\/p><\/div>

                Note:<\/strong> \n

                If there are no existing Linux-based groups in your environment that need to be mapped to the NAS appliance, select a GID above 1000000.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

                  \n
                1. Check Enable Samba Authentication<\/strong>.<\/li>\n<\/ol>\n\n\n\n

                  <\/p><\/div>

                  Note:<\/strong> \n

                  Enabling Samba Authentication generates a notice regarding the MD4 hash used for NTLMv2 authentication. This credential can only be accessed by the Samba Service Account over a secured LDAP channel using TLS\/SSL encryption.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

                    \n
                  1. Navigate to the Users <\/strong>tab and add users to the group. At least one user must be placed in the User Group for it to populate in 探花大神 LDAP.<\/li>\n\n\n\n
                  2. Click save<\/strong>.<\/li>\n<\/ol>\n\n\n\n

                    Integrating Synology NAS with 探花大神 LDAP<\/h2>\n\n\n\n

                    To integrate Synology NAS with 探花大神<\/strong>:<\/p>\n\n\n\n

                      \n
                    1. Log in to the Synology DSM Web Interface as an Administrator. <\/li>\n\n\n\n
                    2. Go to Control Panel<\/strong> > Domain\/LDAP<\/strong> > Domain\/LDAP<\/strong>.<\/li>\n\n\n\n
                    3. Click\u00a0Join<\/strong>. The\u00a0Domain\/LDAP Joining Wizard\u00a0<\/strong>is launched.
                      <\/li>\n\n\n\n
                    4. Enter the following server information:\n
                        \n
                      1. Server type<\/strong>: Select LDAP <\/strong>from the drop-down menu.<\/li>\n\n\n\n
                      2. Server address<\/strong>: Set to ldap.jumpcloud.com<\/a>.<\/li>\n<\/ol>\n<\/li>\n\n\n\n
                      3. Click Next <\/strong>and configure the following:\n
                          \n
                        1. Bind DN or LDAP administrator account<\/strong>: Enter the LDAP server’s Bind DN or administrator account distinguished name. \n