Abilities of FreeNAS

[k-paxian]

Want to create for my office NAS.
What i need:
1.Separete Users with their own disk space, that connected as HDD to thier PCs, using login/password.
2.Data archiving to separate drive.
3.Something like "Alert button" for Admin for fast change all users passwords to thier storages. NOT WIPE, just lock down.

Is it possible?
Thank you!

 

[snaptec]

1. yes 2. yes 3. what exactly so you want?


Gesendet von iPhone mit Tapatalk

 

[k-paxian]

About 3: i need to drop all users passwords quick in case of emergency.
Example: 3rd person got access to laptop or PC or to group of machines, where users network drives connected, so i need to change to random password quickly. Sure, administrator of system should recieve new passwords.

 

[Mirfster]

So I would assume that the scenario is along the lines that there is a SSI Leak/Spill?

I would think that the process could involve:

1. Simply Stopping any pertinent Services on FreeNAS (NFS, CIFS, etc); that would/should immediately disable everyone's access
   • Not sure if that is the extent you would want to go to though
   • Could easily be added to a script
2. A script could be created that would simply generate random passwords for existing accounts
   • Of course, you may want to ensure that is skips certain "Administrator" Accounts; like "root" which would/should be handled manually
3. Notifying everyone of their new passwords
4. Starting pertinent Services

Is that along the lines of what you are envisioning?

 

[k-paxian]

Mirfster, yes! You understood me correctly.
But, excluding notifying of users. New passwords should be sent just to administrator.

 

[mattbbpl]

This is kind of outside of the FreeNAS arena, but I would think it would be better to do this at the centralized LDAP Repository/Access Manager layer. In such an emergency event in an office setting, you aren't going to want to block off access at each protected device - you're going to want to block off access to everything.

 

[Mirfster]

Agreed with @mattbbpl it would be better if this were in an AD/LDAP type of structure. That way changing the User's passwords would not only protect the Network Shares; it would assist in protecting the actual devices (laptops, desktops, etc) that are used as well.

Of course, this would also entail those devices are Domain Members and some GPOs applied. May consider having FreeNAS as a Domain Controller (with RSAT on a Windows Machine for administration) or if you already have AD making FreeNAS a Domain Member.

Either way, it still could be scripted. Via a shell script or with VBS/PowerShell (in Windows).