|
Post by slyttle on Nov 19, 2007 20:55:14 GMT 7
I just recently purchased a N3200 and so far am pretty impressed.
One thing I have been struggling a bit with is security configurations.
I have a very simple network of three laptops (all running XP) joined through a linksys firewall router. No ADS, and no domain set up ... just the standard NT workgroup.
I'd like to be able to have private folders for each user in the household on the NAS, and have those folders authenticate seamlessly when the user logs into their laptop.
Not being a network specialist I naively thought I might be able to set the Domain to "Workgroup" in the N3200's WAN config, and then set up identical users / passwords on both the NAS and XP machines and have it recognize them as the same. This didn't work.
I really don't want to have a separate machine running ADS or a DNS ... but I also don't want to have to authenticate again to access the NAS once I have logged into my computer?
Do I have any other options?
thx for any advice you can offer
-Sheldon
|
|
|
Post by rookie on Nov 19, 2007 23:00:07 GMT 7
With having the NAS in the same workgroup as your laptops and creating the same usernames and password on both, you're on the right way. When you have Windows XP Professional you have the option to add a logon-script to users via 'Computer management' and (if you like) a home-folder location. This logon-script can only be read from the 'netlogon'-share on your local Windows installation. You have to create the folders 'C:\WINDOWS\system32\Repl\Import\Scripts' and share the 'Scripts'-folder as 'Netlogon'-share. Place your logon-script in this 'Scripts'-folder and try if it works from your Windows installation.
Example login-script, i.e. logon.bat:
@echo off net use f: \\[ip address nas]\[shared folder1 on nas] net use g: \\[ip address nas]\[shared folder2 on nas]
P.s.:Windows need to be started completely. Sometimes when you logon to fast, the network component has not been started and the logon-script will not be executed. To avoid this you can set a local computer policy to 'wait for the network at system startup'
|
|
|
Post by slyttle on Nov 20, 2007 21:18:19 GMT 7
Brilliant!
I'm not exactly sure how it knows to go to that directory you had me create, but I guess that is a bit of built-in logic inside XP.
So now it creates the drive, but I still haven't quite got the authentication working. It is just popping up an authentication screen when I click on the drive.
It is obviously trying to authenticate though, because the text in the authentication dialog box says something like "unknown user or password".
I've double checked that both my laptop and the NAS are on the same workgroup / domain (when I go to the "Workgroup" domain in Microsoft Windows Network, they both appear there)
Tonight I am going to go back and double check the user names, passwords, and authorizations on both the N3200 and my windows account and see if there is some discrepancy.
If you have any other suggestions please let me know.
BTW. I also tried to hard code the user name and password into the NET USE command for testing purposes, but that didn't help either .... there must be some disconnect somewhere.
Will post more tonight after I play with this a bit more.
thanks again
|
|
|
Post by rookie on Nov 20, 2007 23:04:08 GMT 7
Well, maybe it's also good to check the ACL-settings which are set on your shared-folders via the web-gui. You can create users, groups and passwords, but if you don't have the correct ACL-settings on the folders(deny, read, write), you won't get any further.
|
|
|
Post by dbridges on Nov 21, 2007 4:13:16 GMT 7
Well, maybe it's also good to check the ACL-settings which are set on your shared-folders via the web-gui. You can create users, groups and passwords, but if you don't have the correct ACL-settings on the folders(deny, read, write), you won't get any further. I think that rookie is right on with this suggestion. I run the same configuration that you're trying to set up and the biggest hurdle was the ACL's
|
|
|
Post by slyttle on Nov 21, 2007 18:49:14 GMT 7
Ok, finally worked out the problems .... turns out it was a combination of things in my case.
I'd screwed up and specified the workgroup "WORKGROUP" in the domain field in WAN as well as in the "workgroup / domain" field in the Authentication screen.
As soon as I changed the Domain field in WAN to something else it worked fine, although I am still a bit confused why this should matter.
Also, there was some strange behavior with upper / lower case names in the ALC. Turned out that I had to put in the user "Sheldon" and "sheldon" in order to make that user be recognized. All the other users worked fine without issue so I guess I screwed up that user account in some way at the beginning.
Anyway, it all seems to be working now .... Thanks for all your help!
-Sheldon
|
|
|
Post by rookie on Nov 21, 2007 19:55:15 GMT 7
Nice to hear that it's working now. The box is running on Linux and this OS indeed cares about upper- and lowercase usernames in the contrary to Windows OS. Good thinking
|
|