asked on
NAS connected to Windows Domain:
NAS connected to Windows Domain:
We are considering connecting a QNAP NAS to a Windows Domain. I have read the QNAP advice on how to achieve this but have some questions as to the practicality and security.
1. Although the Windows Domain users are copied to the NAS, I wonder if an account can be setup on the NAS that would by-pass the domain security?
2. Does access to data on the NAS require a separate login or, does the Windows login get passed through seamlessly?
Thanks
We are considering connecting a QNAP NAS to a Windows Domain. I have read the QNAP advice on how to achieve this but have some questions as to the practicality and security.
1. Although the Windows Domain users are copied to the NAS, I wonder if an account can be setup on the NAS that would by-pass the domain security?
2. Does access to data on the NAS require a separate login or, does the Windows login get passed through seamlessly?
Thanks
Windows OSSecurity
Last Comment
gerlis
If the NAS device is joined to the domain, it can use domain users for authentication and thus, it will be seamless.
I don't understand question 1. If you administer the NAS, why would you want accounts other than domain accounts? If you have a reason to use other accounts, where would be the problem, why is this a bypass of domain security? There is no "domain security".
I don't understand question 1. If you administer the NAS, why would you want accounts other than domain accounts? If you have a reason to use other accounts, where would be the problem, why is this a bypass of domain security? There is no "domain security".
ASKER
I was curious as to whether someone could bypass domain security - i.e get into folders they shouldn't be able to get into, by creating another account directly on the NAS.
I was curious as to whether someone could bypass domain security - i.e get into folders they shouldn't be able to get into, by creating another account directly on the NAS
Yes you can access the folders with the local NAS accounts, if they have permissions to do so. These permissions are managed on the NAS.
Gerlis, it's still not clear at all.
Folders have ACLs and if you create a local user at the NAS and you let that user access a folder on purpose, where's the bypass?
Folders have ACLs and if you create a local user at the NAS and you let that user access a folder on purpose, where's the bypass?
ASKER
Somehow i'm not being clear. Is data on the NAS just as secure as it would be if stored on the server itself?
Now I understand. If we are looking at share security, yes, it's as secure. If you look at aspects like data in transit encryption, the answer might be different. Do you utilize smb encryption at your server?
ASKER
No SMB encryption.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks
Its a simple and straightforward process
You can always access the QNAP with the built in admin account in the WebUI (separate from the AD account). You can create and manage other local NAS accounts.