Hi dear forum members,
i would like to ask you for advice regarding SMB and LDAP. I have an LDAP-Server (Univention corporate Server) running to successfully authenticate users on various services in my IT-environment. Now my aim is to let people access the SMB-Shares on my Freenas-Device using credentials provided by said LDAP-Server.
Things that work:
LDAP authentication for SMB shares is disabled unless the LDAP directory has been configured for and populated with Samba attributes. The most popular script for performing this task is smbldap-tools. Source: https://www.ixsystems.com/documentation/freenas/11.3-U1/directoryservices.html#ldap
Unfortunately i am absolutely cluesless whhat that even means and why this is necessary. I just want to have user-/group-permissions on files. When a user is part of the group then that permission should apply. No additional fancy stuff.
I would be glad if someone could enlighten me on this topic.
Thanks in advance
PS: What else do you need to know in order to draw conclusions?
i would like to ask you for advice regarding SMB and LDAP. I have an LDAP-Server (Univention corporate Server) running to successfully authenticate users on various services in my IT-environment. Now my aim is to let people access the SMB-Shares on my Freenas-Device using credentials provided by said LDAP-Server.
Things that work:
- I can enable LDAP-Service using en encrypted LDAP-Access on Port 7636, with the LDAP-Servers certificate plced in te CA-Section.
- When I create a share i can select the various users and groups provided by the LDAP-Server
- I can see my share from e.g. a Windows 10 client and access it when I use (Freenas)-local usernames or set the share it to guests allowed .
- I cannot log into the web-interface using LDAP-users
- I do not yet know the correct syntax like my_name@my.domain or workgroup\my_name
- I am not able to open a SMB-share from a e.g. Windows 10 client when i restrict the user permissions to a specific LDAP-group or -user.
LDAP authentication for SMB shares is disabled unless the LDAP directory has been configured for and populated with Samba attributes. The most popular script for performing this task is smbldap-tools. Source: https://www.ixsystems.com/documentation/freenas/11.3-U1/directoryservices.html#ldap
Unfortunately i am absolutely cluesless whhat that even means and why this is necessary. I just want to have user-/group-permissions on files. When a user is part of the group then that permission should apply. No additional fancy stuff.
I would be glad if someone could enlighten me on this topic.
Thanks in advance
PS: What else do you need to know in order to draw conclusions?