1. Home
  2. LogonBox Directory
  3. Logging into Resources
  4. Logging in to a Synology NAS box

Logging in to a Synology NAS box

Can't find what you're looking for?
Request Supporthere

Chris Dakin 22 May, 2023

Introduction

This article shows how you can configure a Synology NAS box to use the LogonBox Directory to authenticate file shares.

 

Configure password support

For the Synology box to connect, we need to turn on some extra password support. This is disabled by default as the NTLM password support enables some weaker cryptography, but this is required in order for this to work.

Navigate to Authentication Flows->Authentication Options->Passwords and turn ON both Enable LDAP Password Support and Enable NTLM Password Support (Discouraged).

Click Apply to save the changes.

 

Create an LDAP service account

Firstly, configure an LDAP service account on your LogonBox Directory. Please refer to the following article:

/app/manpage/agent/article/6673467

 

 

Synology NAS Configuration

Log into your Synology admin web page on port 5000 and go to Control Panel->Domain/LDAP.

 

Click Join.

Set the Server type to LDAP and enter the LogonBox server address.

Click Next.

 

For the Bind DN, enter the DN of your LogonBox LDAP service account.

Enter the password for this account and set the encryption type to SSL/TLS.

Set your Base DN as the same base DN mentioned in the service account article and click Next.

 

The Synology NAS will now perform some checks.

You will likely get an error that the Samba schema is not supported, just click Details, then Skip Anyway.

 

You may then get Lack of the sambaNTPassword attribute. Click Details to see which accounts this refers to.

Make a note of these users. If any of these users want to use the Synology, you will need to reset their password on the LogonBox directory (as this will now create the required sambaNTPassword attribute on the directory).

Click Skip Anyway.

 

Click OK to complete the joining.

 

Assign Users

In your control panel, edit a Shared Folder and assign permissions to your LogonBox Directory users, which you can do from the LDAP users dropdown on the Permissions tab.

 

Note that the username format (in this case, user1@demo.logonbox.directory).

 

Testing login

Check that a user can log in to the Synology web UI and can see their fileshare.

 

Now try mapping a network drive with the same user.

 

This should succeed.