Welcome, AzureMurph

Currently reading
Welcome, AzureMurph

18
6
NAS
DSM412
Operating system
  1. Linux
  2. Windows
Last edited:
Hi All,

Had my DS412+ for a number of years but never really had time to play around with it.

I have been recently.

Professionally I am a cloud architect specialising in Azure.

I know a little to something, when it comes to Linux/Unix/AIX.

I've been attempting to get the DS412+ connected to Azure AD domain services, so I can authenticate with Azure AD accounts. Reason being is, my laptops are Azure AD joined, so having to authenticate to the shared folders on the DSM with local accounts, is a bit crap.

It would be an understatement to say its a pain.

To start with, this Debian/GNU bastardised OS is a *****.

After going down the route of trying LDAPS, I managed to get the DSM talking to Azure AD DS via LDAPS, and pulling in users and groups.
The mapping for the profile attributes (Samba > AADS) was guess work. If anyone wants to compare notes let me know.

However, even with that up and running, the SSO/SSL, just doesn't work.
Plus the costs soon start adding up. Azure AD tenant, Azure AD Domain Services, enable LDAPS, even then it's going over the internet, even if it is LDAPS.
Next option is to stand up the Azure VPN gateway, and establish VPN Point to Site connection between the DSM and the Azure VPN gateway. Even more expensive. More secure though.
Doesn't work. The VPN client on the DSM can only cope with AES-256-CBC cipher and the Azure P2S VPN server demands AES-256-GCM.
Attempting to use ncp-disable switch in the ovpn config seems like a good idea, but the dsm won't recognise that as a valid switch due to the locked down limited versions of openvpn and openssl that are available.

The next step would be to stand up a linux box in a docker container on the DSM to establish the VPN and then route through that.
This is becoming massive overkill.

Anyway, hi all.

If anyone has any suggestions that would be great.

I'm close to just trying to blat the OS, installing a vanilla version of linux/unix and seeing what I could do with that instead of the DSM provided one.
 
18
6
NAS
DSM412
Operating system
  1. Linux
  2. Windows
Thanks for the welcome SynoMan. Forgot to start with that. Should have done. This DSM OS, has sidetracked, and pre-occupied me.
 
18
6
NAS
DSM412
Operating system
  1. Linux
  2. Windows

MS and DSM can both ******

This shouldn't be so hard.

[email protected]:/etc/ipsec.d/private# ipsec restart
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.8.2 IPsec [starter]...
ipsec_starter[1228]: Starting strongSwan 5.8.2 IPsec [starter]...

[email protected]:/etc/ipsec.d/private# ipsec_starter[1239]: charon has quit: initialization failed

ipsec_starter[1239]: charon refused to be started

ipsec_starter[1239]: ipsec starter stopped
 
18
6
NAS
DSM412
Operating system
  1. Linux
  2. Windows
Makes sense. Is there one you would recommend?
I've had a look through most of them, and done some digging for previous threads, with keywords of Azure, OpenSSL, OpenVPN, P2S.

I wasn't going to post but saw your welcome thread response. Would have been rude not to get involved. (y)
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Trending threads

Top