How to set up network user authentication into Windows? Like in the average business or university
How do organizations like schools or hospitals set up their network where you need to login into their organization through Windows?
I've attempted to research myself, but I'm not getting clear answers. Windows Server? Radius? Active Directory?
(My cousin has a non-profit organization, only 15-20 users. I set up a NAS storage device for the users and shared it over Networking Sharing and enabled authentication for each user on the drive. I want to make it much more professional and have it where you actually own a network account ran by the organization (or me) so that it works more seamlessly and can be better managed from the top down.)
Solution 1:
Yes, you use AD and Windows servers. You need to have at least one, but seriously you want two, Domain Controllers running on Windows servers. Doing this will create a domain. Then you join each workstation to the domain you created. Then, everyone's user account lives in AD. Depending on the NAS unit, you should be able to also join it to AD, or at least use AD credentials in some fashion.
This gets you a lot of benefits because now you manage the user accounts in one place, and can apply GPOs to manage those accounts. You can now also manage the workstations using GPOs.
Since the organization is a non-profit, they can probably take advantage of discounted pricing for the Windows Server licenses needed for this.
Also, if this is important to the business, they should probably hire a professional who already knows this. I applaud your desire to help, but the IT assets of a non-profit should not be your testbed or learning experience, without the benefit of someone who knows what they're doing. I suggest you pitch it as an opportunity for you, who presumably knows something about the business, to act as the internal contact and manage the work of a consultant or MSP, and explicitly put in the contract that you'll need documentation and knowledge transfer. This is more business and career advice than a technical component of the answer, but it will serve you and your cousin's non-profit better than you just trying things until they work (or don't.)
/Further edit - RADIUS is typically used by network devices to connect to another authentication source, like LDAP or AD. It's most often used (IME) when you want VPN connections, or wireless or even wired authentication, to be tied into your organization's central authentication mechanism, like AD. Even though AD is over 15 years old, most network vendors don't support it directly and require other protocols, typically vendor-neutral ones like RADIUS. I think there are Windows GINA modules that can tie into RADIUS, but that's kind of a steampunk way to get things done and you lose out on most of what AD offers, and you'll still need a RADIUS server and something for it to authenticate against.