QNAP Shared Folders

QNAP shared folder set up can be a little confusing as the settings which effect shared folders are separated across a number of headings in the TurboNAS control panel

1. Set the server name, in General Settings/System Administration

2. Set SAMBA Network Access Protection (optional), in Security/Network Access Protection.  This is a deny hosts alike feature, which will ban IP addresses which send a set number of incorrect passwords within a set time frame. When configuring the SAMBA setting, keep in mind that some client processes may retry a failed connection, whcih may lead to auto-banning after the user has entered one incorrect password.

3. Restrict Everyone Group

The Users and User Groups menu items refer to local users and groups.  

By default the local Everyone group is granted Read Only access to Public and Multimedia default folders.  The share permissions can be removed with User Groups/Access Rights (icon) but may be reapplied by TurboNAS following enabling of services, such as Download Station.

4. Set Workgroup name.

The workgroup name is set in Network Services/Win, Mac, NFS/Microsoft Networking.  The workgroup name should be set before enabling the LDAP.  initially set the service as standalone server, with the required workgroup name. 

5. Disable unwanted UPnP and Bonjour service discovery

UPNP and Bonjour advertisements, can be disabled from Network Services/Service Discovery.  The Bonjour announcements should be disabled to prevent hosts appearing multiple times in OSX browse lists.

6. Disable network recycle bin (optional)

The network reycle bin service creates multiple @Recycle folders which may not be wanted.  Delete Empty All Network Recycle bins before disabling the service.  The service must be running to empty the bins. 

7. Enable the LDAP server and initialise the LDAP service and database

The LDAP server is enabled and initialised from, Applications/LDAP Server. The server should be enabled before the file sharing services (Win/AFP/NFS) are enabled in LDAP mode.

8. Enable Priviledge Settings/Domain Security/LDAP authentication.  The setting is self explanatory.  Use LDAP server of the local NAS to have the NAS act as a master LDAP directory.

Access to Microsoft Networking (SMB shared folders) is restricted to local NAS users OR LDAP defined users. LDAP would be the best choice for a mixed server network.

Most other NAS applications and network protocols are accessible from local AND LDAP defined users.

9. Enable Network Services/Win, Mac, NFS/LDAP authentication.

Finally set the Windows file sharing service to use LDAP authentication.  The configured workgroup name should now stick and not be reset to my-domain.

10.  From, Privilege Settings/Shared Folders/Advanced Permissions.  Set Enable Advanced Folder Permissions to allow LDAP User and Group permissions to be set on folders within shares.  Enable Windows ACL support will enable NTFS file level Access Control Lists.

11. Create LDAP users and groups in Applications/LDAP Server.  

Create new shares and assign Share permissons to LDAP groups from Privilege Settings/Shared Folders.