The EVO can be configured to work with directory services such as LDAP and Active Directory.
Some basic considerations:
- The EVO can use either Active Directory or LDAP, but not both simultaneously
- Names of users and groups must contain only Latin letters and digits and must be shorter than 32 characters
- Dots, dashes, and underscores are allowed, but names with spaces and other special characters will not be imported
- A conflict with the EVO's internal root user may be created if the directory also has a user named "root"
- For best compatibility, it is recommended that all usernames be lowercase
Requirements for configuration:
- For either integration, the EVO must be pointed at a local DNS that can resolve the directory server's hostname. This is found at the Connectivity page in the EVO web GUI.
- The EVO clock must also be in agreement with the directory server's clock. The EVO time is found at the System page, and the NTP server or NTP client role can be chosen. Check the Connectivity page to ensure a gateway is properly configured if an internet provider is to be used.
The Active Directory configuration is located at the Users & Passwords page
1. Tick "Enable AD"
2. Specify the domain name
3. In the User and Password fields, specify credentials of the domain administrator or another user that has permission to manage computer accounts
4. Click the Save button.
User permission can then be managed individually or according to groups at the NAS & Project Sharing page.
It is also possible to maintain a whitelist of AD groups, if you prefer to only import a selection of users, rather than the complete directory. This can save system resources and make user management easier. Contact us if you'd like to configure a whitelist for groups.
LDAP functionality can easily be added to EVO, but there are some important caveats to consider before configuring it. Please read to the end of this article before following the steps required to add LDAP communication.
The LDAP section is found at the Users & Passwords page
Assuming an example hostname of "ldap-server.mydomain.com", these are the settings required:
Base DN: dc=ldap-server,dc=mydomain,dc=com
Samba mode: pam
Next, tick the "Enable LDAP" box.
AFP users can now connect with LDAP credentials.
SMB users will need to connect with plain-text passwords, which also requires setting the server to use SMB1.
You can change this under the "NAS Configuration" section on the Advanced page in EVO. Change the "SMB Protocol" setting to SMB1 and click Save.
To enable plaintext passwords on the workstations -
Mac clients will need to either edit or create the /etc/nsmb.conf file with the following contents:
For Windows clients, either download and double-click the attached patch, or browse in Registry Editor to
In the current release of EVO, it is also required that both User IDs and Group IDs are above 5000.
Any users or groups with an ID below 5000 will be skipped when synchronizing EVO with the LDAP server, so those users would not be able to access EVO resources.
This requirement is expected to be lifted after EVO version 5.8.x. If you're unable to accommodate these ID requirements with a lower EVO version, please contact us to see what options are available.