QNAP

QTS 5.0.x

Enabling a Domain Controller

Important:

When the NAS is configured as a domain controller, only domain users can access shared folders through CIFS/SMB (Microsoft Networking). All local NAS users are denied access.

To enable Domain Controller, you must first enable Advanced Folder Permissions by going to Control Panel > Privilege > Shared Folders > Advanced Permissions.

  1. Go to Control Panel > Privilege > Domain Controller.
  2. Select Enable Domain Controller.
    Important:

    The domain controller cannot be enabled if an LDAP server is already running on the NAS.

  3. Select the domain controller mode.

    Mode

    Description

    Domain Controller

    Only a domain controller can create a domain. The first NAS that creates the domain must be a domain controller. In this mode, the NAS can create and authenticate users.

    Additional Domain Controller

    If more than one domain controller is needed, you can add additional domain controllers. When the NAS is set as an additional domain controller, it can create and authenticate users.

    Read-Only Domain Controller

    This configures the NAS as a read-only domain controller to accelerate the user authentication process for specified websites. Read-only domain controllers can authenticate users, but not create domain user accounts.

  4. Specify the following information.

    Domain Controller Mode

    Field

    Description

    Domain Controller

    Domain

    Specify the domain.

    Administrator Password

    Specify an administrator password between 8 and 127 characters that contains at least one of each of the following:
    • Uppercase characters (A through Z)

    • Lowercase characters (a through z)

    • Base 10 digits (0 through 9)

    • Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/

    Verify Password

    Verify the administrator password.

    • Additional Domain Controller

    • Read-Only Domain Controller

    Domain

    Specify the domain.

    Domain DNS IP

    Specify the domain DNS IP.

    Administrator Account

    Specify the administrator account name.

    Administrator Password

    Specify the administrator password.

  5. Select the server signature rule for the domain.

    Option

    Description

    Optional

    SMB signing is offered but not enforced. Clients can choose whether to use SMB signing or not.

    Required

    SMB signing is required.

    Optional for SMBv2 and SMBv3

    SMB signing is disabled for SMB 1. For SMB 2 and above, this option behaves the same as Optional.

  6. Click Apply.