[Answer ID: 14516]

How to Configure Delegating Authority to an External SMB Server

Created 07/30/2012 10:03  |   Updated 08/29/2014 09:36

The TeraStation can link to an authentication server for centralized management of user accounts and passwords.


Note: When saving changes to the external authentication server settings, click [Yes] to convert all local users to external authentication users. When external authentication is removed, local user passwords will need to be set again.



In Settings, click [Network].



Click the icon to the right of “Workgroup/Domain”.



Click [Edit].



Select "Workgroup" (even if you are in a domain environment), then click [Next].



Enter a workgroup name. Select "Assign authorization to external SMB server" and enter the authentication server's IP address (recommended) or name. If using a Windows Domain Controller for external SMB authentication, enter its name for "Workgroup name" and check "Use a Windows domain controller as an authentication server", "Automatic User Registration" and "Use shared folder for authorization testing". Check "Use shared folder for authorization testing" and "Authentication Test Shared Folder Name". Click [OK].



Create a shared folder for authentication on the TeraStation. Users registered to the specified authentication server are automatically registered as users on the TeraStation when they open the shared folder for authentication. You can also register users directly.



Click the icon to the right of “Folder Setup”.



Choose a shared folder to set access restrictions on.



Click [Edit].



Enable "Access Restrictions".



Select the level of access:

: Read and write access allowed

: Read access allowed

: Access prohibited



Click [OK].






If access restrictions are set for users and groups registered in the authentication server, guest connection is not possible with AFP or FTP connections.
Users who are automatically registered belong to the "power users" group. They can be added to other groups from within group settings.
Access can be restricted to specific shared folders based on username.
The names of registered users are listed in "Users" - "External Users". To delete a user who was registered automatically, select that user and click "Delete External User".
When connecting through AFP or FTP, always use an IP address. Using a server name may cause problems with authentication.
To specify a server from another subnet, enter its IP address.
AFP and FTP connections do not support delegating authority to an external SMB server.
Use AFP to access access-limited shared folders from OS X 10.7 instead of SMB. Enable "AFP (Mac)" under "LAN Protocol Support" on the destination folders to use AFP.



OS / Hardware

Was this answer helpful?
Please tell us how we can make this answer more useful.

Refine your search

Select Product / OS & Hardware

      Enter Keywords or a specified ID