Microsoft Entra ID as a Credential Option

[Keaters44]

I would love to see Microsoft Entra ID (aka Microsoft Azure Active Directory) as an option for the Credentials section. Businesses, such as mine, are full in with Microsoft SSO and want the ability to stop using Local Users as a Credential and setup Microsoft Entra ID. I have many linux tools I am using for our business that have this option, so I am wondering if this can be added as part of the full release of Dragonfish. It is not hard to implement and code and I feel for alot of IT professionals and end users, it would make things a lot easier for both.

Thanks!

 

[anodos]

I would love to see Microsoft Entra ID (aka Microsoft Azure Active Directory) as an option for the Credentials section. Businesses, such as mine, are full in with Microsoft SSO and want the ability to stop using Local Users as a Credential and setup Microsoft Entra ID. I have many linux tools I am using for our business that have this option, so I am wondering if this can be added as part of the full release of Dragonfish. It is not hard to implement and code and I feel for alot of IT professionals and end users, it would make things a lot easier for both.

Thanks!

You can already join entra via the AD plugin

 

[Keaters44]

You can already join entra via the AD plugin

What AD plugin? Is there something I need to add to Truenas Scale to do this @anados?

 

[anodos]

What AD plugin? Is there something I need to add to Truenas Scale to do this @anados?

There is a webui form for Active Directory. You fill in details there and join Entra like any other AD domain.

 

[Keaters44]

There is a webui form for Active Directory. You fill in details there and join Entra like any other AD domain.

The way that Entra is setup right now, you need Web URL Logout data and you need to enter into Truenas the Client ID, which there is no field for that. Kerabos has been deprecated by Microsoft so it cannot be done that way anymore. If you can provide any alternative instructions that I am not aware of or cannot find, that would be greatly appreciated.

 

[anodos]

Please provide documentation that keberos has been deprecated for entra.

 

[Keaters44]

This document, which confirmed with Microsoft, only works if you have an on premise active Directory setup using Windows Server 2016, 2019 and 2022. I am not using these since I use Intune with my Macs.
https://learn.microsoft.com/en-us/e...ication-passwordless-security-key-on-premises

Below is the link showing how wiki.js does it using the cloud authentication and creating an app for wiki.js and microsoft to talk. This is what I am talking about to add to Truenas Scale.
https://docs.requarks.io/auth/azure

 

[anodos]

This document, which confirmed with Microsoft, only works if you have an on premise active Directory setup using Windows Server 2016, 2019 and 2022. I am not using these since I use Intune with my Macs.
https://learn.microsoft.com/en-us/e...ication-passwordless-security-key-on-premises

Below is the link showing how wiki.js does it using the cloud authentication and creating an app for wiki.js and microsoft to talk. This is what I am talking about to add to Truenas Scale.
https://docs.requarks.io/auth/azure

Kerberos will be a requirement for AD integration for the foreseeable future. It's hard to keep track of things through the various rebrandings, Azure Active Directory Domain Services was the old requirement. SMB protocol basically won't work without kerberos, so options that lack this are quite uninteresting for a NAS generally.

Join a SLE VM to Microsoft Entra Domain Services - Microsoft Entra ID

Learn how to configure and join a SUSE Linux Enterprise virtual machine to a Microsoft Entra Domain Services managed domain.

learn.microsoft.com

That's an example of joining a server to an entra domain in a useful way.