Welcome to this guide on how to integrate TrueNAS with LDAP / Active Directory for user Authentication. In the world, many people use both LDAP and Active Directory interchangeably. This habit often causes confusion because these two tools work together but aren’t the same.
Active Directory is a database with a set of services that allows users to connect to services. The database has critical information about your environment such as the user and computers allowed to make connections. As a Microsoft product, it is often used within a Windows environment.
LDAP( Lightweight directory access protocol) just like AD tackles authentication in that users can sign in once and access several files on a server. This protocol can not only read Active Directory but also be integrated with other Linux -based programs.
By following this guide to the end, you should be able to integrate TrueNAS with LDAP / Active Directory for user Authentication
Setup requirements
This guide requires one to have TrueNAS already installed, The below guide can be used to install and configure TrueNAS.
Once TrueNAS has been installed, you need to configure Samba shares. This can be achieved using the aid from the dedicated guide below.
Integrate TrueNAS with Active Directory
Active Directory provides authentication and authorization services for the users in a network. This in turn eliminates the need to create user accounts on TrueNAS. Once connected to an AD domain, you can use the use and group in the local ACLs on the files/shares. It is possible to configure AD services on Windows on Unix Operating Systems that support Samba Version 4.
Before you Begin
To be able to integrate TrueNAS with Active Directory, you need the following:
- Time Synchronization
Synchronize the time between the AD server and the TrueNAS server. For TrueNAS, configure the time by setting the Time Zone under System > General as shown.
- Verify Name Resolution
You also need to verify if the Active Directory server is reachable. For this case, we will use the ping command as below.
If the server doesn’t resolve, edit the /etc/resolv.conf as below.
# Generated by resolvconf
search local
nameserver 192.168.205.100Replace the IP Address with the Active Directory server’s IP address that serves as the DNS.
Connect TrueNAS with Active Directory
After the prerequisites have been executed, proceed and connect to Active Directory by navigating to Directory Services > Active Directory
On the above page, provide the Active Directory domain name, and the account credentials. Remember to check the Enable box in order to attempt connecting to the AD immediately after saving the changes.
The Advanced options provide additional configuration for tuning the AD, but here, we will proceed with the defaults. Once connected, the settings will be saved.
Once the connection is successful, launch the TrueNAS shell and execute the command.
wbinfo -gSample execution.
Connect to Shares.
From any system connected to the Active Directory server, you can access the configured Samba share easily. This is done by launching the file manager and then clicking on Network. The share will be available as shown.
When connecting to the share for the first time, you may need to provide the AD account credentials.
On successful authentication, you will be able to access the share as below.
Permissions Settings
In order to have write permissions, you need to edit the storage pool and set the right permissions under Windows shares(SMB) > Edit Filesystem ACL. If the option is greyed out, create a new data set in the pool and use it for SMB sharing.
Make the below changes; set group and check apply group
Select an ACL preset
Save the made changes and proceed to access the share with read and write permissions.
Integrate TrueNAS with LDAP
To be able to use LDAP services on TrueNAS, you need to make configurations. First, synchronize the time between your LDAP server and the TrueNAS server. You also need to perform ping requests to verify if your LDAP server is reachable from your TrueNAS server. Once verified, proceed to make the configurations under Directory Services > LDAP.
Here you need to provide your LDAP hostname, Base DN(dc=test,dc=org), Bind DN(cn=Manager,dc=test,dc=org), Bind Password( password for the admin account in the Bind DN), and set enable to be able to activate the configuration.
The details can be filled in as shown below.
More configuration options can be found in the Advanced Options tab.
With the enable option checked and the connection is successful, the settings will be saved as shown above. Proceed and use LDAP on TrueNAS as desired.
Unfortunately LDAP authentication for SMB shares is disabled and can only work if the LDAP directory is configured/populated with Samba attributes. Normally the command used for this is smbldap-tools. The LDAP server must also support SSL/TLS and the certificates for the server imported.
Closing Thoughts
That marks the end of this guide on how to integrate TrueNAS with LDAP / Active Directory for user Authentication. I hope this was significant.
See more:
- Install LDAP Account Manager on CentOS 8
- Setup OpenLDAP Multi-Master Replication on CentOS 8
- Configure OpenLDAP Master-Slave Replication on CentOS 8
- Authenticate Kubernetes Dashboard Users With Active Directory
Exelente tutorial. Muchas gracias por el aporte.