TS-509 Unable to add Active Directory

[fsatech]

I'm currently using a TS-509 Pro
Firmware Ver: 2.1.1 (0122T)
I'm running a W2k3 enviroment...

when I'm trying to add it to our AD I'm contantly getting the error message
"Microsoft network settings failed. Please check the DNS server, domain name, and user name and password for logging in the domain."

for server description I've used the NAS box name I've configured it with
with the AD Server name: I've tried IP Address and host name
for the domain user name I've tried userID and domain\userID
none of these combinations work

how do people get there NAS boxes connected to the domain

thanks
FSATECH

[QNAPCelia]

Hi, FSATECH,

Before enabling NAS as AD domain member, pls also set up following items
- time same as AD server (5mins gap acceptable)
- primary DNS server ip as AD server

for server description I've used the NAS box name I've configured it with
with the AD Server name: I've tried IP Address and host name
for the domain user name I've tried userID and domain\userID
none of these combinations work

AD Server name and domain name can be checked from AD Server (right click my computer --> content --> you can see computer name & domain name).
Domain user should be administrator or a user who is a member of administrators group.
Pls let us know if it can work. Thx in advance.

Best Regards,
Celia

[fsatech]

Celia,

I've checked the time and it's ok
also DNS is set to the local AD server
I've also put in out secondary DNS server in as well

Ad Server name I used server.domain
and the domain user I'm user is a Domain Administrator

and still no luck

[QNAPCelia]

Hi,

Can you put only AD server name withou domain as AD Server name and try again??
Moreover, the username you use is not allowed containing space character.
If still no luck, pls use AD debug to find what's wrong and post the result back here.
Thx in advance.

Best Regards,
Celia

[dannis]

i have a TS-509 pro. And i cannot join it into out AD domain too.

I have a qustion here. What's a pure AD domain. I saw it at "http://www.qnap.com/faq_detail.asp?q_id=585"
it says "QNAP Turbo Station Pro or U model can only be joined to pure AD domain (DC, domain controller). It is suggested to use Windows 2000 Service Pack 4 or Windows 2003 Service Pack 1."

I need confirm this with out IT.

i show you the debug log.
[/tmp] # more setup_smb.debug
======== DEBUG START =======
[command] /etc/init.d/smb.sh stop
[command] echo ###### | /usr/bin/kinit yudannis@AGILENT.COM
Password for yudannis@AGILENT.COM:
[command] /usr/local/samba/bin/net ads join -U yudannis%####### -s /etc/config/smb.conf
Invalid configuration. Exiting....
Host is not configured as a member server.
[command] /etc/init.d/smb.sh start

[QNAPCelia]

Hi, Dannis,

May I know the firmware version of TS-509 and the type of your AD Server (2000, 2003 or 2008)??

Invalid configuration. Exiting....
Host is not configured as a member server.

According to the error message, it seems that the AD Server can't get the information of your NAS.
So can you please add your nas into computer list of AD Server manually and try to join TS-509 into AD server again??
Please let me know if it can work. Thx in advance.

Best Regards,
Celia

[dannis]

Hi,

My firmware is Version 2.0.3 build 1016T.
Out AD server is based on Windows 2003

I can not do this job.
but i will ask our IT do this.

[QNAPCelia]

Hi,

Please let me know if it can work. Thx in advance.

Best Regards,
Celia

[fsatech]

Celia,

I went to follwo your instruction to do the AD Debug and I was able to successful add it into AD
But with the 509 will it add a computer account into AD ??

[QNAPCelia]

Hi,

But with the 509 will it add a computer account into AD ??

If your NAS already join to AD Server successfully, it means that your AD server can find the NAS.
So you don't have to add a computer account in AD server.

Best Regards,
Celia

[dannis]

What's mean "add your nas into computer list of AD Server" ?
If I can use ping from AD server and using my nas's name, do i need to add my nas into computer list of AD?
my nas ip get from DHCP. and the DNS server is set to the AD server.

Is it possible my account does not have the adminstrators rights? Do you have a example debug log if the AD acount does not have administrator rights?
I think there are less information to me in debug log.

[QNAPCelia]

Hi, Dannis,

If I can use ping from AD server and using my nas's name, do i need to add my nas into computer list of AD?

Can you also try to ping AD server's name (not ip) from NAS??
Thanks in advance.

Best Regards,
Celia

[dannis]

Yes, I can ping my AD server form the NAS.

[QNAPCelia]

Hi,

Is it possible my account does not have the adminstrators rights? Do you have a example debug log if the AD acount does not have administrator rights?

I just checked with our engineers. From the debug info, it is possible that your account doesn't have administrator's right.
Do you mind to ask your MIS if your account has administrator's right or offer you an account which belongs to administrator group.
Please let me know the result. Thanks in advance.

Best Regards,
Celia

[dannis]

I have told my IT that i may not have the rights. I asked him enter his administraotr acount for me too. We are not in the same contury. It is hard to explain this problem. We try this job about a month. So i must return to ask you to solve this problem. First, i must confirm 509 can join the windows ad domain. here is my configure below. Could you check for me?

[global]
workgroup = Agilent
netbios name = WSSNAS02
security = USERS
domain master = NO
local master = NO
domain logons = Yes
server string = WSSNAS02
encrypt passwords = Yes
username level = 0
map to guest = Bad User
null passwords = yes
max log size = 10
socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=32768 SO_RCVBUF=32768
os level = 32
preferred master = No
dns proxy = No
config file = /etc/config/smb.conf
smb passwd file=/etc/config/smbpasswd
username map = /etc/config/smbusers
guest account = guest
directory mask = 0777
create mask = 0777
oplocks = yes
locking = yes
disable spoolss = yes
load printers = no
dos charset = CP950
force directory security mode = 0000
template shell = /bin/sh
veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/.@__thumb/.@__desc/
delete veto files = yes
map archive = yes
map system = yes
map hidden = yes
map read only = yes
realm = agilent.com
use sendfile = yes
case sensitive = auto
deadtime = 10
wins support = no
wins server = 141.183.6.46