Unable to access SMB share with LDAP user in TrueNAS Core

A

adahsuzixin

Dabbler
Joined
Mar 7, 2023
Messages
14
Hello,

I'm having trouble accessing an SMB share on my TrueNAS Core system using an LDAP user. I've set up the LDAP configuration in Directory Services, and the Directory Services Monitor shows that the LDAP state is "HEALTHY". I can also see LDAP users when setting permissions for my shares.

However, when I try to access the SMB share using an LDAP user, I am unable to do so.

Here's what I've tried so far:

  1. Verified that the LDAP server is running and accessible.
  2. Confirmed that TrueNAS and the LDAP server are on the same network.
  3. Checked the permissions on the dataset in Storage > Pools.
Despite these efforts, I'm still unable to access the SMB share with an LDAP user.

Could you please provide some guidance on how to resolve this issue? Any help would be greatly appreciated.

Thank you.
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
There are basically two support authentication mechanisms for SMB protocol (NTLM and Kerberos). NTLM requires someone somewhere has access to an NT hash for the user's password. If your LDAP server doesn't have NT hashes stored anywhere and if truenas doesn't have access to them, then this isn't going to work. Exposing NT hashes to us directly via LDAP is also not a great idea security-wise. This alternate configuration will be deprecated and support removed at some point in the future. Kerberos + LDAP + SMB is generally speaking possible but can be quite fiddly if you're not familiar with the underlying protocols. Generally speaking, the best way to do SMB access with directory services is to use Active Directory (either Samba or Microsoft).
 
A

adahsuzixin

Dabbler
Joined
Mar 7, 2023
Messages
14
Thank you for your response. Based on your suggestion, I would like to explore the possibility of integrating Kerberos, LDAP, and SMB in my setup. I am not very familiar with the underlying protocols, so I would appreciate it if you could provide some guidance or point me to some resources to help me through this process.
 
Samuel Tai

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
adahsuzixin said:
Thank you for your response. Based on your suggestion, I would like to explore the possibility of integrating Kerberos, LDAP, and SMB in my setup. I am not very familiar with the underlying protocols, so I would appreciate it if you could provide some guidance or point me to some resources to help me through this process.
Click to expand...
If you are not familiar with the relevant protocols, then you should probably investigate active directory (it's a smaller hurdle).
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Unable to access SMB share with LDAP user in TrueNAS Core"

Similar threads

C
Authenticating SMB share via LDAP to (google.ldap.com)
Replies
6
Views
2K
Accust
A
M
Setting up SMB Shares with LDAP (Univention) problems (SAMBA attributes)
Replies
4
Views
3K
mimesot
M
E
  • Locked
SOLVED Access SMB share via ldap users in windows xp?
Replies
2
Views
3K
Elias Pereira
E
daniel2
LDAP usage (login and shares)
Replies
3
Views
4K
anodos
anodos
K
  • Locked
User access with LDAP is not working
Replies
2
Views
1K
Kiran Rokkam
K
Top