Join QNAP-NAS to NethServer LDAP Directory?

openldap

(fpausp) #1

NethServer Version: latest

I would like to join my QNAP NAS to NethServer LDAP Directory, can someone please help me to find out the credentials:

I hope this can give me the abillity to use the RADIUS Server on the QNAP for WPA2-Enterprise…


(Markus Neuberger) #2

Have a look here, it explains LDAP settings and should work for your QNAP too:

LDAP server host: your nethserver
Base DN: dc=directory,dc=nh
Root DN: cn=ldapservice,dc=directory,dc=nh
Users base DN: ou=People,dc=directory,dc=nh
Group base DN: ou=Groups,dc=directory,dc=nh

See account-provider-test dump on your Nethserver for more infos.


(Michael Träumner) #3

Hi @mrmarkuz,
if you mean the command at the terminal it’s

account-provider-test dump

@fausp
You can find your settings, as Markus said, with this command.


(fpausp) #4

Thank you both, I used the command, but had no luck until now… I mean QNAP did not accept the credentials…


(Michael Träumner) #5

I think it show’s you a binary password. Perhaps Qnap doesn’t accept a binary password. Please try to create a new user at ldap. Try this user for binding.

You could also have a look here:

Also you should try ldap tls, not only ldap.

PS: Could you show us your config please, so it’s easier to help.


(fpausp) #6

Hope this is enough?

[root@infra30 ~]# account-provider-test
...
msDs-masteredBy: CN=NTDS Settings,CN=NSDC-HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=lan
msDS-IsDomainFor: CN=NTDS Settings,CN=NSDC-HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=lan
masteredBy: CN=NTDS Settings,CN=NSDC-HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=lan
fSMORoleOwner: CN=NTDS Settings,CN=NSDC-HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=lan
...

P.S. I joined the QNAP NAS to my AD Domain but the RADIUS Server on the NAS did not show me the NethServer Domain User, this is the reason why I like to test it with LDAP, by the way…


(Michael Träumner) #7

Could you show us

account-provider-test dump

you only do it without the “dump” part

and how you filled the ldap settings at qnap.


(fpausp) #8
[root@hostname ~]# account-provider-test dump
{
   "BindDN" : "ldapservice@AD.MYDOMAIN.LAN",
   "LdapURI" : "ldaps://ad.mydomain.lan",
   "DiscoverDcType" : "dns",
   "StartTls" : "",
   "port" : 636,
   "host" : "ad.mydomain.lan",
   "isAD" : "1",
   "isLdap" : "",
   "UserDN" : "dc=ad,dc=mydomain,dc=lan",
   "GroupDN" : "dc=ad,dc=mydomain,dc=lan",
   "BindPassword" : "mypassword",
   "BaseDN" : "dc=ad,dc=mydomain,dc=lan",
   "LdapUriDn" : "ldap:///dc%3Dad%2Cdc%3Dmydomain%2Cdc%3Dlan"

(Michael Träumner) #9

Here everything looks fine

Did you also try this. For me this works with horde.

Have you seen this?

Is it OpenLDAP or AD LDAP?

You can find some more information about ldap binding with AD at the horde howto. Most settings you should can use also for OpenLDAP.

Have a look at the ldap settings at the config and at the hooks at the howto.


(Markus Neuberger) #10

You seem to have AD. In this case you should use Active Directory authentication (domain member) instead of LDAP authentication.

Maybe you have to workaround an untrusted certificate on Nethserver:

To make it work for Nethserver DC you need to disable strong auth or a valid certificate


(fpausp) #11

Yes I tried it…


(fpausp) #12

Yes

This worked but I did not get Domain Users under the RADIUS Server in QNAP. I guess it does only work with local users…


(fpausp) #13

It works ! I used another server and installed LDAP accounts provider instead of AD… Sorry for my ignorance !

I used this credentials (Webinterface > Status > Domain accounts):

Now I have to check if QNAP RADIUS Server can use LDAP Directory from NethServer.
Thank you agn… :slightly_smiling_face: