Enabling a domain controller
When the NAS is configured as a domain controller, only domain users can access shared folders through CIFS/SMB (Microsoft Networking). All local NAS users are denied access.
To enable Domain Controller, you must first enable Advanced Folder Permissions by going to Control Panel > Privilege > Shared Folders > Advanced Permissions.
When you enable the domain controller, FTP and AFP services will be restarted.
- Go to Control Panel > Privilege > Domain Controller.
-
Select Enable Domain Controller.
Important:
The domain controller cannot be enabled if an LDAP server is already running on the NAS.
-
Select the domain controller
mode.
Mode
Description
Domain Controller
Only a domain controller can create a domain. The first NAS that creates the domain must be a domain controller. In this mode, the NAS can create and authenticate users.
Additional Domain Controller
If more than one domain controller is needed, you can add additional domain controllers. When the NAS is set as an additional domain controller, it can create and authenticate users.
Read-Only Domain Controller
This configures the NAS as a read-only domain controller to accelerate the user authentication process for specified websites. Read-only domain controllers can authenticate users, but not create domain user accounts.
-
Specify the following
information.
Domain Controller Mode
Field
Description
Domain Controller
Domain
Specify the domain.
Administrator Password
Specify an administrator password between 8 and 127 characters that contains at least one of each of the following:-
Uppercase characters (A through Z)
-
Lowercase characters (a through z)
-
Base 10 digits (0 through 9)
-
Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/
Verify Password
Verify the administrator password.
-
Additional Domain Controller
-
Read-Only Domain Controller
Domain
Specify the domain.
Domain DNS IP
Specify the domain DNS IP.
Administrator Account
Specify the administrator account name.
Administrator Password
Specify the administrator password.
-
-
Select the server signature rule for the domain.
Option
Description
Optional
SMB signing is offered but not enforced. Clients can choose whether to use SMB signing or not.
Required
SMB signing is required.
Optional for SMBv2 and SMBv3
SMB signing is disabled for SMB 1. For SMB 2 and above, this option behaves the same as Optional.
- Click Apply.