Synology NAS and secure domain authentication (SASL)

You’ve also experienced this: your domain controller is telling you every day that a sum of clients have tried to authenticate without encryption?


SSH into the synology box, using the admin credentials.
Edit the file: /usr/syno/etc/smb.conf using your favorite editor.

Under the [global] section add these two lines.

Code: Select all
   ldap ssl=start tls
   ldap ssl ads=yes

Restart samba

Code: Select all
/usr/syno/etc/rc.sysv/ restart

Log in with kerberous, using the command

Code: Select all
kinit -V a_domain_admin_username

Replace “a_domain_admin_username” with a username on the domain, that have admin level access. It should ask you for the password.

Make sure it worked

Code: Select all
wbinfo -u

Please Synology add a GUI option for the “ldap ssl ads=yes”. The lack of SSL is a security risk and gives big warnings on Windows Server 2012.


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.