Azure AD with Office 365 users and a NAS share

azure-active-directorymicrosoft-office-365qnap

I have a customer with Office 365 business premium subscriptions that he got primarily for exchange and office apps. However now that he is expanding, he's increasing the number of computers and employees he has. He has a NAS and we've duplicated the usernames and passwords on each local computer and the nas, so that logging in with an account on the PC automatically logs in to the nas when they go to the share (A server would have been better, but at the time he had limited resources and only a few employees).

So with new employees, instead of having to add each user to each computer, I've decided to join them to Azure AD so that as long as each computer is azure ad joined (or connected…what is the proper terminology?) then whenever we create new users, they can login to any computer. The issue I'm having is trying to get NAS access for each user without having to login to the NAS on each user for each PC. So what I tried was taking the "username" from the azure ad logged in user and replicated that username to the nas with the same password but it didnt work. Here's my example:

  • O365 account: bobsmith@domain.com
  • Path in windows "C:\users\bobsmith"
  • Assumption: username is "bobsmith"
  • NAS account: bobsmith
  • Password is same on both NAS and O365

However when trying to access the NAS, username and password prompt come up, which means it's not passing the authentication through.

Any thoughts?

Best Answer

So after you manually set this - it works because the credentials are stored in the credential manager.

The reason it doesn't work automatically without your intervention is likely that the NAS does not support or is not configured for windows login. A lot of devices require you to join to a domain before you can do this, and your workstations have to be on the same domain as well. The reason for this is it becomes a mutual form of trust to pass and accept credentials.

Two ways to do this (neither are free)

  1. Enabled Domain Services in AzureAD - you can join the NAS (if supported) to this domain like a traditional domain network. You'll have to create a site to site VPN. All this requires a separate Azure subscription to get started.
  2. The other method is the local domain controller, join NAS to that. You then use Azure AD connect to connect and sync identities from the local domain to the AzureAD directory.

Both options are probably a bit more expensive and complex than what you are looking for. If they have the Business suite for Office 365, users should have access to OneDrive for Business, and SharePoint Online. Consider moving the files off the NAS and into the cloud alternatives. Users can use the OneDrive sync client to reach those cloud files.

Related Topic