Configuring SMB | JumpCloud University Tutorial (2021)

Enabling Samba support allows for LDAP users to authenticate to endpoints that require Samba attributes within the LDAP directory. This tutorial will explain the JumpCloud configuration. Configuration of the endpoint authenticating to JumpCloud, such as a NAS or Application leveraging LDAP and SMB Authentication, will vary and may require vendor documentation to complete.

In the JumpCloud Admin Portal, go to User Authentication in the menu on the left and select LDAP. To see details and configurations, simply click the LDAP instance.

To configure Samba, you will see a checkbox: Configure Samba Authentication.
Click the checkbox to enable Samba.

You’ll now see several attributes appear below the checkbox, such as WORKGROUP, SID, and Samba Service Account.

You’ll need to elect a Samba Service Account. To do this, use the drop down menu and select the JumpCloud User Account that you’ve elevated with the Bind DN Privilege. If you do not see any accounts in the drop down, check out JumpCloud University’s course for Configuring LDAP or associated Knowledge Base articles. In our use case, I will elect the Super Admin account to be my Samba Service account.

Once Samba Authentication is configured for LDAP, it must be explicitly enabled on a per group basis. In certain applications, a Linux group must be created for group presentation to function properly with Samba.

In our example, we’re going to enable both the Sales and Marketing User Groups to have Samba Authentication. To enable a User Group for SMB access, I will navigate to the User Groups tab in the LDAP configuration, select the User Groups I want to enable, in this case Sales and Marketing, and then ensure that the User Group has Samba Authentication Enabled.

To commit these changes, I will then hit the “save” button in the bottom right.

Once this has been saved, anyone within the Sales or Marketing User Groups will have the ability to use their JumpCloud Credentials to access SMB Shares over LDAPS, depending on the permissions and ACLs you set on those shares.

Check out JumpCloud’s knowledge base article(s) for more information about configuring and utilizing JumpCloud’s LDAP-as-a-Service and SMB configurations.