Synology NAS and secure domain authentication (SASL)

von

You’ve also experienced this: your domain controller is telling you every day that a sum of clients have tried to authenticate without encryption?

 


SSH into the synology box, using the admin credentials.
Edit the file: /usr/syno/etc/smb.conf using your favorite editor.

Under the [global] section add these two lines.

Code: Select all
   ldap ssl=start tls
   ldap ssl ads=yes



Restart samba

Code: Select all
https://phonelookupbase.ca , 蘋果儷中黑, 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; line-height: 1.3em; color: #2e8b57;">/usr/syno/etc/rc.sysv/S80samba.sh restart

Log in with kerberous, using the command

Code: Select all
kinit -V a_domain_admin_username


Replace „a_domain_admin_username“ with a username on the domain, that have admin level access. It should ask you for the password.

Make sure it worked

Code: Select all
klist
wbinfo -u



Please Synology add a GUI option for the „ldap ssl ads=yes“. The lack of SSL is a security risk and gives big warnings on Windows Server 2012.