Had my DS412+ for a number of years but never really had time to play around with it.
I have been recently.
Professionally I am a cloud architect specialising in Azure.
I know a little to something, when it comes to Linux/Unix/AIX.
I've been attempting to get the DS412+ connected to Azure AD domain services, so I can authenticate with Azure AD accounts. Reason being is, my laptops are Azure AD joined, so having to authenticate to the shared folders on the DSM with local accounts, is a bit crap.
It would be an understatement to say its a pain.
To start with, this Debian/GNU bastardised OS is a *****.
After going down the route of trying LDAPS, I managed to get the DSM talking to Azure AD DS via LDAPS, and pulling in users and groups.
The mapping for the profile attributes (Samba > AADS) was guess work. If anyone wants to compare notes let me know.
However, even with that up and running, the SSO/SSL, just doesn't work.
Plus the costs soon start adding up. Azure AD tenant, Azure AD Domain Services, enable LDAPS, even then it's going over the internet, even if it is LDAPS.
Next option is to stand up the Azure VPN gateway, and establish VPN Point to Site connection between the DSM and the Azure VPN gateway. Even more expensive. More secure though.
Doesn't work. The VPN client on the DSM can only cope with AES-256-CBC cipher and the Azure P2S VPN server demands AES-256-GCM.
Attempting to use ncp-disable switch in the ovpn config seems like a good idea, but the dsm won't recognise that as a valid switch due to the locked down limited versions of openvpn and openssl that are available.
The next step would be to stand up a linux box in a docker container on the DSM to establish the VPN and then route through that.
This is becoming massive overkill.
Anyway, hi all.
If anyone has any suggestions that would be great.
I'm close to just trying to blat the OS, installing a vanilla version of linux/unix and seeing what I could do with that instead of the DSM provided one.