Get some hints on solving IT problems

Synology NAS and secure domain authentication (SASL)

You’ve also experienced this: your domain controller is telling you every day that a sum of clients have tried to authenticate without encryption?

 


SSH into the synology box, using the admin credentials.
Edit the file: /usr/syno/etc/smb.conf using your favorite editor.

Under the [global] section add these two lines.

Code: Select all
   ldap ssl=start tls
   ldap ssl ads=yes



Restart samba

Code: Select all
/usr/syno/etc/rc.sysv/S80samba.sh restart

Log in with kerberous, using the command

Code: Select all
kinit -V a_domain_admin_username


Replace “a_domain_admin_username” with a username on the domain, that have admin level access. It should ask you for the password.

Make sure it worked

Code: Select all
klist
wbinfo -u



Please Synology add a GUI option for the “ldap ssl ads=yes”. The lack of SSL is a security risk and gives big warnings on Windows Server 2012.

 

Leave a Reply

Your email address will not be published.