2

I have a customer with Office 365 business premium subscriptions that he got primarily for exchange and office apps. However now that he is expanding, he's increasing the number of computers and employees he has. He has a NAS and we've duplicated the usernames and passwords on each local computer and the nas, so that logging in with an account on the PC automatically logs in to the nas when they go to the share (A server would have been better, but at the time he had limited resources and only a few employees).

So with new employees, instead of having to add each user to each computer, I've decided to join them to Azure AD so that as long as each computer is azure ad joined (or connected...what is the proper terminology?) then whenever we create new users, they can login to any computer. The issue I'm having is trying to get NAS access for each user without having to login to the NAS on each user for each PC. So what I tried was taking the "username" from the azure ad logged in user and replicated that username to the nas with the same password but it didnt work. Here's my example:

  • O365 account: bobsmith@domain.com
  • Path in windows "C:\users\bobsmith"
  • Assumption: username is "bobsmith"
  • NAS account: bobsmith
  • Password is same on both NAS and O365

However when trying to access the NAS, username and password prompt come up, which means it's not passing the authentication through.

Any thoughts?

Dave M
  • 4,494
  • 21
  • 30
  • 30
Richard Chase
  • 121
  • 1
  • 2
  • 1
    Have you successfully joined your QNAP NAS to your Azure AD? – sippybear Oct 17 '18 at 23:54
  • I have not looked at that yet. I'm not sure if it's capable. If I were able to do that, i assume it would need it's own O365 account? Would it need Essentials, or Business Prem or...? And then if it can do that and it's licensed, would it work with the users? In the end, what I'm really trying to acomplish is having unified logins for workstations through O365 and then access to a file share with permissions. Was looking at sharepoint but performance isnt great and it wont work for situations where clients arent assigned to users because of the IE token thing. – Richard Chase Oct 18 '18 at 16:17

1 Answers1

2

So after you manually set this - it works because the credentials are stored in the credential manager.

The reason it doesn't work automatically without your intervention is likely that the NAS does not support or is not configured for windows login. A lot of devices require you to join to a domain before you can do this, and your workstations have to be on the same domain as well. The reason for this is it becomes a mutual form of trust to pass and accept credentials.

Two ways to do this (neither are free)

  1. Enabled Domain Services in AzureAD - you can join the NAS (if supported) to this domain like a traditional domain network. You'll have to create a site to site VPN. All this requires a separate Azure subscription to get started.
  2. The other method is the local domain controller, join NAS to that. You then use Azure AD connect to connect and sync identities from the local domain to the AzureAD directory.

Both options are probably a bit more expensive and complex than what you are looking for. If they have the Business suite for Office 365, users should have access to OneDrive for Business, and SharePoint Online. Consider moving the files off the NAS and into the cloud alternatives. Users can use the OneDrive sync client to reach those cloud files.

Jesus Shelby
  • 1,284
  • 9
  • 14
  • I thought I had it working, by adding the user on the nas with the same user they're logging in with, which is the full email address. But today the access isnt working anymore. If the customer logs in with user@domain.com, they can sign in and use outlook other apps but when they try to access the NAS, they have to put in a username and password. If they put in their email, user@domain.com and the same password, then they have access again. I was hoping i would be able to avoid having to put the username and password in again, as this worked with normal user accounts if they are the same – Richard Chase Oct 23 '18 at 20:03
  • I also was looking at sharepoint/onedrive but for sharepoint, it's not ideal for roaming clients since you have to open up the sharepoint site, login to sharepoint, set IE trusted zones etc...so its not just set it up and go and then any user with an azure email address can login. However I am interested in your second option, having a local domain controller and then connecting it. The NAS itself does have the ability to connect to a domain however the customer doesnt have a machine capable of being a domain so thats a fairly expensive test to make sure it works. – Richard Chase Oct 23 '18 at 20:06
  • However, if connecting the NAS to a domain for syncing users would work, then shouldnt manually putting those users in the NAS also work? How is it different? – Richard Chase Oct 23 '18 at 20:13
  • The plot thickens. I was on a different computer, logged in with the same user@domain that I was testing and its working, no prompt to ask for credentials for the NAS. Tripple checked startup and all-users startup as well as credential manager and nothing in either, yet when you login to the PC, you can access the NAS shares without passing credentials. I have no idea why this is happening. – Richard Chase Oct 23 '18 at 20:37
  • The reason why the PC wasn't working where others were had to do with it's network profile. It was somehow set to public at some point. Once on private, it all started working. The only other thing he/I was wondering is if it's possible to set up an ALIAS login for azure AD, so instead of user@domain.com it could just be user or perhaps a shortened form of user@domain.com without changing email address or primary account login. – Richard Chase Oct 30 '18 at 15:48