The LDAP setup works perfectly and I can see all of my Domain Users/Groups. If I add Domain User permissions to a Shared Folder it works fine. However if I only add a Domain Group, members of that group cannot access the Shared Folder (testing using Filestation—the user can log into Filestation without difficultly, but they can see no shares). CORRECTION—FreeIPA creates private user-specific groups for each user (of the same name) and if I add one of those user groups rather than the user itself, that user has no problem accessing the share.
I believe that the QNAP is not pulling the users of the group properly because if I go to Privilege > User Groups, select a Domain Group and View Group Details, it does not show any group members (but if I select on of those private user-specific groups, it does show the user as a member).
The closest hint I could find as to what might be happening was in this post: https://confluence.atlassian.com/stashk ... 09328.html for a different product but with precisely this problem that says:
I'm wondering if that might the cause. Anyone know what schema QNAP uses for LDAP?LDAP support falls into two flavours of directory schema. There's the RFC-2307 style, and the RFC-4519 style.
FreeIPA implements a RFC-4519 schema similar to OpenLDAP or Active Directory.