Synology Directory Server - not to be confused with Synology LDAP Server - is a Samba-based installable package for Synology. NADI has no official support for Samba but it has been tested successfully against Samba 4.12.14.
Setting up Synology Directory Server
- Set up your Active Directory/Samba domain as described in the official documentation.
- Add an additional administrator in SDS. By default, SDS creates the first NAS user without a userPrincipalName. A valid userPrincipalName is required for the initial authentication between NADI and SDS. SDS versions having been released until atleast 2021-06-03 don’t contain the userPrincipalName.
When connecting NADI to Samba/SDS, you have to choose STARTTLS for the configuration option Environment/Use Encryption and check the Environment/Allow self-signed certificates option.
For the initial authentication, use the newly created administrator and not SDS’ default user.
Possible issues when conecting to Synology Directory Server
Most of the general issues described in the environment configuration do also apply when connecting to SDS.
[AD: Strong(er) authentication required] [AD error code: 8` during verification of the connection]
You don’t have STARTTLS enabled in NADI. See above.
[AD: Can’t contact LDAP server] [AD error code: -1]
Assuming the SDS can be reached from NADI, the error can could be occur due to an invalid X.509 certificate for STARTTLS. This can happen if you have renamed your NAS.
dns-MYNAS@domain.tld’ could not be found.[ERROR] NextADInt_Adi_Authentication_VerificationService::findActiveDirectoryDomainSid [line 69] objectSID for AD user ‘
During the initial authentication, this can happen because of the following problems:
- The base DN is not properly configured; the userPrincipalName used for the initial authentication can not be found below the configured base DN. Check the configured base DN.
- You are trying to do the initial authentication with the SDS default user, who does not have a userPrincipalName. Create a new user in SDS.