TS-451: How to use built-in AD for everything?

Questions about using Windows AD service.
starkruzr
First post
Posts: 1
Joined: Tue Dec 20, 2016 12:00 pm
Model: TS-410

TS-451: How to use built-in AD for everything?

Postby starkruzr » Tue Dec 20, 2016 1:04 pm

FTR: I actually have a TS-451, which isn't an option in the dropdown. I'd like to use the built-in domain controller functionality to distribute access to all services on the NAS -- for example, people should be able to log in at the web front-end as DOMAIN\user and have access to all of the applications you can see as the local "admin" user. This sort of works; my domain users can at least log in, but they have only access to the file manager app when they log in.

What I can't figure out yet:

  • How to grant access to additional applications to NAS domain users
  • How to get the built-in DNS server in the NAS to go out to DNS forwarders or other root servers for DNS entries. As it is, it looks like it develops and resolves a list of local lookup references for the domain and literally nothing else. This is not functioning DNS!

Does anyone know how to get the "domain controller" functionality up to spec?

User avatar
NoName
Starting out
Posts: 34
Joined: Mon Feb 16, 2015 11:01 pm
Model: TS-x53/x53S/453mini

Re: TS-451: How to use built-in AD for everything?

Postby NoName » Wed Jan 04, 2017 9:03 pm

i am not using the AD, but have you tried changing the users in the Control-Panel -> Privilege Setting -> Users. there i can select local users and domain users. I have no domain users, but for the local users there is a button in the right column 'Actions', normally the right most button, which opens a dialog for application privileges.The button has four yellow squares, may be they should represent folders...

I am wondering what you consider to be the built-in DNS server? I guess you have not configured anything? To answer the question some more information for your network is needed. Do you have a router, or a DHCP server?

User avatar
storageman
Experience counts
Posts: 1500
Joined: Thu Sep 22, 2011 10:57 pm
Model: TVS-x80/x80U

Re: TS-451: How to use built-in AD for everything?

Postby storageman » Fri Jan 06, 2017 11:32 pm

Why do users need to login to the NAS, this requirement is rare. Share access is enough for most people + the client apps.
As for DNS are you joined to AD and still have issues?

User avatar
razormoon
Easy as a breeze
Posts: 458
Joined: Fri Feb 13, 2015 5:05 am
Model: TVS-x71/x71U
Location: Denver, CO

Re: TS-451: How to use built-in AD for everything?

Postby razormoon » Fri Jan 06, 2017 11:50 pm

You're asking for your users to be able to login in using DOMAIN\user which tells me that you are running a domain on your network. Why not join the NAS to AD? The NAS will automatically migrate your users.

Also, the permissions you seek can be found in the App Center. Choose the app you want to set permissions for by clicking the drop down arrow >> Display On menu item.

Capture.PNG


The problem is that some of these apps are not compatible with AD permissions. There are some Q mobile apps that do not allow you to log on using domain credentials (although there are some that do), for instance.
The NAS can indeed be set as domain controller/DNS Server. I haven't tried successfully as I'm probably seeing the same thing as you are. I'm going to say that I just don't know how to do it on QTS.

I usually have my NAS joined to domain as client, but haven't done so after beta. Haven't found the time.
You do not have the required permissions to view the files attached to this post.
:!: TVS-871-i7-16G 4.3.3.0136 Build 20170228, KODI, WSE 2012 r2, pfSense
:?: 1 x KINGSTON SNV325S2 as 2mb block cache, WDC WD40EFRX as RAID5, 1 x WDC WD40EFRX as iSCSI
:arrow: pfSense 2.3.3 (PPPoE), snort, pfBlockerNG, PIA OpenVPN client and server
:idea: CyberPower 1500VA
:-0 WIKI SUPPORT

"Nothing is impossible. Only expensive, illegal or both."

asdf123
New here
Posts: 2
Joined: Tue Feb 14, 2017 11:55 pm
Model: TS-253A/453A/653A/853A

Re: TS-451: How to use built-in AD for everything?

Postby asdf123 » Wed Feb 15, 2017 12:42 am

There's another thread on the same topic that has a trick to modify /etc/group and add your domain user to the administrators group that worked for some people. Didn't work for me but give it a try.
viewtopic.php?f=20&t=69751&p=598170#p598170


Return to “Windows Domain & Active Directory”

Who is online

Users browsing this forum: No registered users and 1 guest