Thecus N4100PRO NAS Server ReviewNemo - July 19, 2010
» Discuss this article (2)
User and Group Authentication:
The N4100PRO offers the ability to manage users and access either locally or through a Windows Active Directory Server (ADS)/Windows NT server. In addition to managing users, you can also create groups and assign users to them for easier management.
If you have a Windows Active Directory Server or Windows NT server handling security and user authentication on your network, you can turn on the ADS/NT support and the N4100PRO will connect with the ADS/NT and use the domain users and groups for authentication. To set it up you'll need to specify the necessary information to allow the NAS to synch with the domain server. On the ADS page you can click on the enable ADS support radio button which in turn enables the fields needed to identify the domain server including server name, realm and login credentials.
Local User and Group
Users and groups go hand in hand in a kind of chicken or egg relationship. Groups are useful for managing users needing similar access so you can assign those rights once to a group and have it affect all users in the group. But, you can't assign users to groups unless you have created some users, and the users you created can't be assigned to groups until they are created. So let's examine them together and see how they intertwine.
On the Local User Configuration screen you need to click on the Add icon on the menu bar to bring up the Add dialog. Creating a user account is simple and requires only that you supply a user name and password. The system automatically supplies a user ID which is a unique numeric identifier, although you can override the system-supplied value. Each user is automatically added to the default 'users' group. You also have the option of adding the user to any existing groups, but since we haven't created any yet, we'll need to add users when the group is created. Clicking the Apply button adds the user to the system and you will see a confirmation pop-up message to let you know the operation was successful. Once you return to the user configuration screen, you will see the new user on the screen. At this point you can highlight the user on the screen and choose the Edit option to change the user password and group membership. You can not alter the user name or ID.
Now that we have created a user, you'll see it listed on the Local Group Configuration screen as a member of the default 'users' group. Groups are useful in being able to administer rights on the NAS and have those rights affect all members of the group rather than assigned a set of rights to each user individually. As with creating a user, clicking the Add button allows you to create a new group by supplying a group name and group ID, although you can use the default ID number generated by the system.
Tying users and groups together is simply a matter of choosing the users you want to add to the group by highlighting the users from the user pane on the right and dragging them to the Members List pane on on the left. You can do this when the group is created or by editing the group and adding the user(s) at a later time.
Adding users one at a time and then assigning them to groups can be a tedious process, especially when there are a large number of users to add at the same time. Fortunately, the N4100PRO provides the ability to do a bulk add by creating a file of user name, passwords and groups. You can then add all the users and assign them to groups by simply importing the file. One you have the text file created, you can browse to the location on the Batch Create screen and then hit the Import button. Once the users are loaded you then hit the Apply button and confirm you wish to add the users. Once the process is complete the users will be visible in the Local User window and you can verify the group memberships by editing the local group and ensuring the members have been added.
Shares and Access Control Lists Revisited
When we went through the share setup in the previous section, we briefly touched on the Access Control List and I promised we'd revisit the topic once we had users and groups created. Originally we set up a share folder called OCCTestFolder and made it Public which means everyone has access to it and noticed the ACL icon was grayed out. In tour second example shown here, the folder is no longer public and we need to assigned specific rights to users and groups by highlighting the share in the Folder window and clicking on the ACL icon. We can assign rights to either groups or individual users and give them no access (Deny), Read Only or full (Writable) access. You add each entity to the proper category by highlighting it and dragging it to the desired column. Assigning access at the group level means all users in the group have the same access. You could also assign different levels of access to users as shown. In either case you will need to hit the Apply button in order for the changes to take place.
Now that we've worked our way through the User and Group Authentication section, it's time to check out the different applications available on the N4100PRO.