Chapter 8. user access, 1 workgroup or domain mode – PLANET NAS-7410 User Manual
Page 75
4-Bay SATA NAS RAID Server with iSCSI
NAS-7410
75
Chapter 8. User access
The NAS server fits into the network environment as soon as it is properly configured. This chapter
describes how to get the NAS server ready for user access from various network operating
systems.
Before reading on, please make sure that the NAS server is configured with an IP address and a
volume is created successfully. For the rest of the sections, we assume that the server name is
NAS SERVER, the IP address is 192.168.0.100 and there is a volume named volume01.
8.1 Workgroup or domain mode
The NAS server can work in either the workgroup mode or the domain mode. In the workgroup
mode, the administrator creates accounts for the NAS server and maintains the user database per
server. User authentication is done by checking the local user accounts. In the domain mode, the
NAS server can retrieve user names from the domain controller and rely on the domain controller
to authenticate users. It can also authenticate users by local accounts. In the domain mode, when
a Windows user requests to access a shared folder, the user will be authenticated with the domain
accounts first, then the local accounts. If the user is assigned with proper access rights in the
share permissions and the ACL settings, the user will be allowed to access the shared folder.
For those using MacOS, web browsers or FTP to access the NAS server, the security control
mechanism is similar. If set to the workgroup mode, the NAS server authenticates all users from
various network operating systems with local accounts only. If set to the domain mode, the NAS
server can be configured to use different security policies for different network file protocols –
either authenticated by local accounts only, or by both local and domain accounts.
For example, the NAS server can authenticate Windows users by querying the domain controller,
while at the same time check the MacOS users with local user accounts. The administrator can set
the SMB/CIFS protocol to the domain mode and configure the AFP protocol to apply Local
account authentication.