Zadara VPSA Storage Array introduced a support of JumpCloud Directory-as-a-Service for managing SMB user authentication of a NAS share.
This article will cover the required steps for configuring JumpCloud as the authentication principal for SMB volumes access.
Prerequisites:
- VPSA running version 19.08 or later with Public IP assigned.
- JumpCloud account.
Preparing your JumpCloud account
In order to allow the VPSA to connect to a JumpCloud directory, we will need to:
- Enable SAMBA authentication for the JumpCloud directory
- Create a SAMBA service (and directory bind) user
- Create a Group of Users with SAMBA Authentication permissions
(1) Enable SAMBA authentication for the JumpCloud directory
- In JumpCloud directory console, navigate to the "Directories/LDAP" section in the navigation menu and select your JumpCloud LDAP directory.
- Under the "Details" tab, check the "Configure Samba Authentication" option.
- Select a "SAMBA SERVICE ACCOUNT" using the drop down menu (in case you do not have a user qualifies to be a service account proceed with the next step to configure one).
(2) Create a SAMBA service (and directory bind) user
- In case you have no user configured as SAMBA service account, navigate to the "Users" section with JumpCloud's management console, and select the designated service account.
- Under the "User Security Settings and Permissions", Check the "Enable as LDAP Bind DN" option
- A Unix UID/GID should be configured per your users ID Management policies.
- Save the user attributes and navigate back the the directory properties and set this user as "SAMBA SERVICE ACCOUNT" as described in the previous step.
(3) Create a Group of Users with SAMBA Authentication permissions
- In JumpCloud directory console, navigate to the "Groups" section, and select the group of users you'd like to grant with permissions to access SMB Volumes from your VPSA.
- Under the "Details" tab, check the "Enable Samba Authentication" option.
Configure the VPSA to use JumpCloud directory
- From the VPSA Management Interface, navigate to "NAS Access Control" - > "LDAP" section.
- Click on the "Join" button.
- Fill the information to match to your directory configuration, with the following attributes:
Interface - the VPSA network interface that will be used for LDAP connectivity (unless internet connectivity can be gain from the VPSA Frontend network, Public IP configuration will be required - a request for Public IP allocation should be submitted via Zadara's Provisioning Portal).
LDAP Server - for JumpCloud - "ldap://ldap.jumpcloud.com"
LDAP Workgroup - as configured in JumpCloud's management console
LDAP Search base DN - JumpCloud's directory DN.
LDAP Bind Username/password - as configured in the "Preparing your JumpCloud account" section of this guide. - Click the "Submit" button.
Upon successful bind, you may proceed with attaching your NAS Volumes to your hosts and try to access these shares using your JumpCloud managed credentials.
In case you encounter any issues, please contact support@zadarastorage.com