New to NAS and rockstor, basic queries

I have mild exposure to synology nas devices but have only used those for storage. My small office currently runs windows 2019 with active directory, but as I’m not well trained in AD, I have found it difficult to administer. We have only two users and I’m considering ditching the Windows server OS and moving to something else for authentication. I know Synology offers a directory app that would handle this but as I have some older pcs and 4t hdds around it occurs to me that I could consider building my own NAS. But I really don’t know the zone so thought I’d ask here.

Anticipated needs:

• user authentication (really basic is ok) for windows 11 pcs
• file storage
• media vault (possibly)
• backup target

I have almost no exposure to linux. If I use a NAS for the above I’d like it to be as hands off as possible. I realize there will be a learning curve of course, but I’m already busy and want to preserve my spare time if possible.

Questions:

• does user authentication via NAS imply instantiating a domain? No problem if it does just curious.
• what software would be used for authentication/domain?
• Is the authentication/domain software built in to Rockstor
• do most NAS softwares have a feature that allows the NAS to sleep when not in use?
• I gather that Rockstor is well regarded but also that it’s relatively new. Could that mean that another open source NAS solution would be simpler for someone like myself to set up?
• How much more work is it for a new to NAS user like myself to just buy a Synology unit vs configuring a NAS with Rockstor or other? Software side, I don’t think lining up the hardware would be an issue if I built a NAS from what I have on hand. I realize this question depends on a lot of factors but still interested in opinions.

Whelp Ill give it a shot.

I have had synology, netgear, buffalo NASes in the past. Frankly Rockstor was the easiest to deal with in the long run. But other than being at home with myself and one other person saving stuff to it on their laptop its a pretty basic setup, while also streaming media. The very mildest of security concerns, mostly making sure no one deletes anything by accident.

I can say that in its current form i never go into the command line/terminal. You could if you wanted to know doubt, but I know DOS. that was enough for me lol

So lets say you have a computer ready and assume its compatible with a small ssd that the OS is going to. and you have two 4TB mechanical drives installed that are going to store your data in raid but they are currently unformatted and brand new.

During the initial rockstor install you set up the root/admin username and password. So thats user can make all the admin changes needed in the web browser at the IP of the NAS. Great similar to the other NASes.

The next thing the installer does is have you format those 4TB data drives into a “Pool” and assign that pool a name, lets go with “Mechdrives”.

So after a reboot youd be able to access the configuration page in a browser. log in with your admin name and password. Wham you can start to configure stuff.

You add a “share” to the Mechdrive pool, lets say called Media. That share is assigned space on the pool that is where the data is stored but it doesnt do anything until the File sharing settings are configured.

In the file sharing settings youd want to set up a “Samba” protocol that will adverstise the “media” to windows computers. Really it could be any device that knows the samba protocol. It very well might be all you need.

On your windows 11 PC youd add a network location and type in the rockstor IP address with the share name. like 192.168.1.25\Medka. As you do that youd then be asked for a login.

The login would come from creating and assigning a user or User group in the rockstor UI to have read/write access to the Share in the file sharing options. You could have a separate share for each user to only see their stuff, as well as assigned each user to a communal share. Then each share would have only the admin and that user be able to read and write to it.

This setting up is where most of the security comes in, but the good news is everything is on UI.

Now I know there are domain options in “RockOn” addons but it doesnt really sound like thats a thing you actually need? Is the data accessed remotely? The current release candidates for Rockstor version 5 have added tailscale which I have dabbled in and so far that does work great to acces my data remotely on my phone while out and about.

That’s a very helpful post warbucks, thank you. A good look ahead to what the first steps would be.
It does make sense to use a small ssd for the OS and hdd for the data. I suppose it’s simple to assign each to those roles during configuration.
I would want a domain because while I won’t have remove users I will have multiple windows pcs that need to auth against something. That’s mostly what I get out of Windows Server AD at this point.
You’ve encouraged me, hopefully I’ll have time this week to set up an experimental NAS.

Possibly it would be more accurate to say that I need directory services, instead of that I need a domain. I don’t need to land on this machine from outside of my lan.

I’m part way there, your intro and the docs have been great.
I have a pool, but I’m now a bit baffled by setting up a share and what to do in general about directory services.
I created a share “media” and I’d expect it (possibly) to be available to my windows 10 workstation at

\192.168.30.102\media

however it is not. Windows says it cannot access. It’s not prompting for auth. I see root has all rights.
I don’t understand Samba, NFS, or SFTP. Samba and NFS services are not running and there is no SFTP share yet. I am not sure which of those I need to enable? Bear in mind that down the road my intent is not just file sharing and backup target, but also for rockstor to handle directory services so that I can ditch windows 2019 AD and use rockstor for network authentication.

I will keep on with the docs, I’m sure it’s all in there, but thought I’d ask here as well.

sorry, short on time, but the shares are just “inside” Rockstor. If you want something accessible by Windows, you need to activate Samba, and then list the share you just created in there … that gives you another opportunity to lock down access by user (if you’re not playing with joining an AD yet).

OK, thanks for that.
Rockstor asked if I wanted to update, and present a long list of packages. I let it do that, but I think something is amiss. The box with rockstor has of what look like errors:
systemd-cryptsetup-generator assertion idx > 0 failed at src/basic/hashmap.c.658 and other stuff then aborting.
It’s been showing the same terminal output for over an hour no change.
And the browser based UI doesn’t show anything, really, just the left and right frames, any menu item I click changes nothing, just a big blank page in the middle.

It sounds like you’re on your way, and I wish you luck. Rockstor is a fantastic product.
I will share one concern, and it isn’t specific to Rockstor: we live in a world where “trusting each other” is a thing of the past. As a small business, be careful with your security from various perspectives: the day-to-day risk of malware in general and ransomware in particular, and whatever compliance requirements you may have (HIPAA, SOX, CCPA, GDPR, etc. etc.). The risks are real.

Like I said, it’s a great product; just be tuned into what it can and cannot provide.

Good luck!

Hi Hooverdan
At this time, for testing, the rockstor machine is in the same subnet as my existing windows ad domain. The existing ad dc must have issued it the ip it has, 192.168.30.102.
However I don’t actually want to integrate Rockstor with Windows AD. AD is too complex I don’t need all of that. What I need is to be able to set up users, groups, permission in a network environment that my windows 10 11 pcs can authenticate against so that resources can be shared, without Windows AD. I hope to have only Windows 11 pcs soon; no Windows servers at all.
Unfortunately I cannot find docs or threads here or elsewhere that fill in the gaps in my understanding, so that I could make it work. Almost everything I find re auth of windows against samba is really about integrating Samba into an AD domain. I want to eliminate the AD domain completely. I think it has to be possible to have windows pcs rely on some auth system other than windows AD. I cannot find a good description of what is involved.

I will hold on more with rockstor until I have a better idea about all of this.

It is cool that Rockstor is up and running and that this wasn’t difficult. Maybe I should boot the rockstor box on to a different subnet for starters. With this quick test I just wanted to see if I could get it off the ground at all. But at this time it is in an AD network and that’s not what I’m looking for long term.

@periodic, also a belated welcome to the Rockstor community.

Rockstor uses the underlying user/group concepts from OpenSUSE that it’s based on.

If you don’t want to use AD, but local authentication, you essentially set up local groups and users in the corresponding menu:

https://rockstor.com/docs/interface/system/identity.html

from there, when creating the shares (initially created with root:root) you assign a user:group combination and the corresponding authorizations. When you create the corresponding Samba export you can additionally assign administrator/superusers, but fundamentally when connecting to the samba share you would use either the share owner credentials or a user that belongs to the group you’ve assigned to the Rockstor share.

So, no need for the Samba/AD flavor.

Hope that helps a bit. I run a mix of Win/Linux machines and am using the local Rockstor credentials to connect to Rockstor’s Samba exports.

Thanks Hooverdan, that is helpful.
Does it mean that the WIndows pcs can then authenticate to each other using the local Rockstor credentials? That is the most important feature of my existing Windows Server AD configuration that I would like to replace, much less so shares on Rockstor that can be accessed from the Windows pcs.
I have never heard the term Samba export before. One exports the local user:group + auth settings to other machines on the network so that they can utilize those?

I think Samba “export” was coined here in the Rockstor context, as to distinguish between a share being set up and it then being made visible outside of Rockstor by “exporting” it using samba … or it has some other roots.

Unfortunately, Rockstor itself is not set up to be the authentication server/center for the rest of your windows network. The original design intent (I believe) was to offer either Rockstor local user authentication or the ability to join it to an AD type network and then inherit the authentication/user mechanisms.

You can set up Samba to be an AD server, but you would have to do that using the command line and whatever tutorials are out there.

I see. That’s kind of what I was arriving at.
I may go with synology and synology directory services then. They seem to have about what I need out of the box. I didn’t want to buy more gear, but maybe I will have to. Unless you or anyone else knows of a well supported software that would be close to the ease of use of synology directory server?
Thanks to all of you. Rockstor is impressive and the community is as well.

Incidentally the synology directory server is based on samba … of course nicely packaged with a UI.

There is a UI available to manage a samba domain controller:

which then needs the Samba Plugin:
https://wiki.samba.org/index.php/GSOC_cockpit_samba_ad_dc

I have not used it, so I can’t say whether this is the best thing since sliced bread, or whether it’s a pain to set up (seems pretty straightforward).

If you were to do that, you still would need Rockstor to join the AD domain, as to make it aware of the Users/Groups, etc. same as with windows based machines.