asked on Synology permissions
We have a Synology NAS and joined it to our domain.
I wish to create a folder and give an individual domain user access to that folder without the individual needing to supply a username and password... as if the NAS was a share on the server.
Is this possible?
I wish to create a folder and give an individual domain user access to that folder without the individual needing to supply a username and password... as if the NAS was a share on the server.
Is this possible?
* SynologyNASWindows OS
Last Comment
Bembi
ASKER
We have a DS418. I wanted to create a Data share and allow everyone access. When a user currently tries they are prompted for credentials.
you might be kissing a component handler tie-in to AD domain.
Searching the synology could help resolve your issue.
The below deals with an azure AD
https://www.synology.com/en-us/knowledgebase/DSM/tutorial/Management/How_to_join_NAS_to_Azure_AD_Domain
The user could provide creds and save the in control keymgr.dll....
To not be prompted until the user changes password....
Smb version might be the cause/explanation...
Searching the synology could help resolve your issue.
The below deals with an azure AD
https://www.synology.com/en-us/knowledgebase/DSM/tutorial/Management/How_to_join_NAS_to_Azure_AD_Domain
The user could provide creds and save the in control keymgr.dll....
To not be prompted until the user changes password....
Smb version might be the cause/explanation...
ASKER
I'm not understanding you @arnold.
We have an on premise server. We were hoping to create shares on the NAS and allocate permissions like normal shares.
We have an on premise server. We were hoping to create shares on the NAS and allocate permissions like normal shares.
Check the shares and whether you have the ntlm optionom the synology through which commonly the token from the Windows system can be validated.
Kerberos...
Init prompts, suggests your synology either is not presented by the client or the client does not trust the requestor to provide the auth token.
Checking synology support to confirm all that you need is on the device.
Kerberos...
Init prompts, suggests your synology either is not presented by the client or the client does not trust the requestor to provide the auth token.
Checking synology support to confirm all that you need is on the device.
I guess you have to seperate the synology permissions to acces a volume and possible file permissions on the device.
If a user connects to the device, the client has to send an authentication to the NAS, and the NAS device has to validate it against a DC. So it depend a bit, which method you use to connect to the device.
The most easiest way would be to map it like a file share.
For accessing the file system, be aware that not all file systems on the NAS can deal with windows crendetials / permission. So you need a file system (like NTFS) which supports AD Users / groups permission.
If you have that, make sure, you have set them on the directory structure of your NAS.
See also.
https://www.synology.com/en-us/knowledgebase/DSM/tutorial/Management/How_to_join_my_Synology_NAS_into_Windows_Active_Directory_domain#t3.1
If a user connects to the device, the client has to send an authentication to the NAS, and the NAS device has to validate it against a DC. So it depend a bit, which method you use to connect to the device.
The most easiest way would be to map it like a file share.
For accessing the file system, be aware that not all file systems on the NAS can deal with windows crendetials / permission. So you need a file system (like NTFS) which supports AD Users / groups permission.
If you have that, make sure, you have set them on the directory structure of your NAS.
See also.
https://www.synology.com/en-us/knowledgebase/DSM/tutorial/Management/How_to_join_my_Synology_NAS_into_Windows_Active_Directory_domain#t3.1
ASKER
I had joined my NAS to the domain.
To give domain users access I just needed to go into the Control Panel, of the NAS, then Shared Folder.
Select the folder and click Edit.
From there click the Advanced Permissions tab and then the Advanced Share Permissions button at the bottom.
Select Domain Users and then select the appropriate user and assign the permission.
To give domain users access I just needed to go into the Control Panel, of the NAS, then Shared Folder.
Select the folder and click Edit.
From there click the Advanced Permissions tab and then the Advanced Share Permissions button at the bottom.
Select Domain Users and then select the appropriate user and assign the permission.
An then you ge the logon sceen, right?
ASKER
No...
So, as the NAS admin I did the process above and gave Fred read/write access. Prior to this Fred would get a prompt and I couldn't figure out the username and password to use.
I did the steps above and now Fred gets right in without a prompt.
He accesses the NAS via \\NASDevice
So, as the NAS admin I did the process above and gave Fred read/write access. Prior to this Fred would get a prompt and I couldn't figure out the username and password to use.
I did the steps above and now Fred gets right in without a prompt.
He accesses the NAS via \\NASDevice
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Double check the supoorted smb version and the IP of the local system versus the synology nas.
Definition, type of share,
Which synology appliance do you have, version of?