Thecus N3200XXX NAS Server ReviewNemo - October 6, 2011
» Discuss this article (10)
User and Group Authentication:
The N3200XXX supports users and groups either through Windows Active Directory Service (ADS) or locally defined on the NAS server itself. This section is used to create users, assign them to groups, and perform general maintenance around those items.
If you have a Windows Server environment handling authentication on your network, either through an ADS server or a Windows NT server, you can enable support on the box and choose one of the authentication methods. Once you click on the Enable radio button, the fields will be available and you can provide the server name, realm, and login credentials. If you are using ADS, you will not need to define local users or groups. You can also define the work group or domain name on this page.
Local User and Group Configuration
While user and group configuration are two different subsections, it make sense to discuss them together as users are best administered in groups and groups are meaningless without users. They just go together, sort of like Bogie and Bacall.
Like other items we've seen so far in the review, when you want to create an entity like a user, you click on the Add button. This brings up the Add page where you key in the user name and password. A unique user ID is provided for you, although you can change it if you desire. The new user is automatically added to the default 'users' group. On the right-hand pane you see the group list, which is blank for now as we haven't created any groups. After you click the Apply button and confirm you want to create the new user, you'll see a confirmation message and then you can use the Edit button to change the user's password or edit the group list. You cannot change the user name or user ID once the user has been created.
On the Local Group Configuration page, you can see the default group 'users' listed. As you might expect, creating a new group is much like creating a new user in that you use the Add button to get started. You need to enter a group name and the group ID if you don't like the default. The Members List pane is empty, so we can add a user to the group from the list of users on the right. To add a user, you see one or more rows from the Users List pane and drag and drop them in the Members List area and hit the Apply button when done. You will see the newly-created group in the Local Group Configuration window, where they can then be edited or removed.
Now that we have a group created, we can return to the Local User Configuration section and edit a user in order to add it to the group. Like we saw in the group creation page, adding a user to a group in the Edit user pane simply involves highlighting the group and dragging and dropping it on the Group Members pane. Removing a member from a group is the reverse of adding a group, where you highlight the group in the Group Members pane and drag and drop it back on the Group List pane.
If you have a lot of users to input at one time, like when first setting up the NAS server, entering them one at a time and selecting the proper group can be tedious. That's where the Batch Input process comes in, where you can create a comma-delimited text file consisting of user name, password and group name, and then performing a bulk upload of the users into the system. You can use the browse button to locate the input file and then hit the Import button to read the contents of the file. If everything looks good, you finalize the loading by hitting the Apply button and confirming you wish to add the users. If everything is set up correctly, you should see a confirmation message telling you the users were added successfully. The new users are now visible in the Local User Configuration pane. Editing the local group, 'OCCTestGoup', will show all the new users are now members of that group.
Share Folders Access Control List (Revisited)
When we were examining share folders in the previous section, we skipped over the Access Control List because we hadn't set up users and groups at that point. Now is a good time to see how we can control access to a non-public share using the ACL. To do this, you highlight the folder in the list and click on the ACL button to bring up the ACL Setting page. On the left-hand pane, you will see a list of the groups and users, color-coded to denote source and type. You have a search button at the top in case you want to locate a specific entity. Above that is a check box labeled “Recursive'. Checking this box means that all sub-folders inherit the rights of the parent.
You can deny rights, grant read-only access, or grant read/write access. As we saw earlier, you do this by highlighting a group/user and dragging and dropping them in the appropriate column. Granting a group access rights mean all users in the group have the same level of access. For large numbers of users, you can eliminate a lot of administrative headaches by managing rights only at the group level. However, you could choose to grant different users different levels of access, if you so desire.
The ability to limit the amount of storage space any single user can utilize by assigning a user quota is a feature that the N3200PRO and N4100PRO both lacked, using previous versions of the management firmware. You will first need to click on the Enable radio button and hit Apply to turn quotas on. Once you confirm the action, the system will also populate the user list. A value of '0' means there is no quota assigned and the user is only limited by the physical amount of space in the volume. Each volume on the server will be listed by name to the right of the quota column, which in our example is named 'RAID' (how clever). If you have multiple volumes, the quota applies separately to each volume. Quotas cannot be assigned at the folder or group level.
Now that we know how to manage users and groups, we'll move on and have a look at the network services section.