Original article here.
- Install Free Nas (do the normal assign disks mount them take default access settings)
- Configure access (active directory) if you got your settings right you should be able to go into information (ms active directory) and see its now grabbed the list of users and groups, ignore the failed to create users or groups bit in the log, im no linux expert but i dont belive its anything to worry about since my log still says it and AD is working FINE !!
- Enable cifs/smb (ensure you select to turn on EA support and Dos attributes)
- Once you have done that create a master share to your mount point, i called mine Admin ENSURE your master share has set HOSTS ALLOW as your FIXED STATIC IP ADDRESS of your main SERVER or the administators IP, in Hosts deny put ALL this will block everyone else, also take the tick out of browsable.
- On your windows AD server (the one you just put the IP address in for above) map the admin share, either manually create the map, or set the share you created to browsable, then map it and then change it back to not browsable once you mapped the drive.
- Now we have a secure (well its as good as its going to get) way to administrate the shares lets create some folders.
- Now its the time when it all goes wrong for everyone else from what ive read, ive heard a few people managed but no conclusive way, which is why im documenting mine. Right click the folder and select properties, then the security tab, then the advanced buttont (dont cheat you need to press the advanced button it wont work if you dont, you will see why in a minute)
- Click add and select the user(s) or groups you want to add, once added select their access permission to the folder, finally click apply, as soon as you do you will see you previous had administator, everyone and wheel listed in users, you added a few but the system has also loaded on creator group, creator owner and a second everyone flag.
- If you use the basic add users you cant see the second everyone, see one has None in permission and the other has read and execute, delete the one with read and execute permission and click apply. it should stay gone. Ignore the other permissions, delete anything other than what i say they will just come back and screw it all up, trust me. The hours i spent before i realised in advanced it was duplicating the everyone flag…
- Now the new folder with permissions in the admin share is accessable by the admins ip only, so we need to share this. Create a new cifs/smb share (ensure you tick inherit permissions and browsable this time) and select it map it to your created (permission set) folder.
- Test it out, the user(s) with permissions can see the folder and use it (read / write) the users who cant can see the folder and cant access it.