Join Domain

Questions about using Windows AD service.
Post Reply
CIA-Andy
New here
Posts: 2
Joined: Thu Apr 15, 2010 1:45 am

Join Domain

Post by CIA-Andy »

I have been patiently trying to join 2 nas units to domains in two different locations. I cannot get either to join. Here is the message I get:

Microsoft Networking configured failed. Cannot resolve domain, please check DNS server, AD Server Name and Domain.

======== DEBUG START =======
/usr/local/samba/bin/net time set -S loki.midgard.local.midgard.local
Sync time with domain name fail, try to sync time with IP
/usr/local/samba/bin/net time set -S
[command] echo ******** | /usr/bin/kinit "admiral@MIDGARD.LOCAL"
kinit(v5): Cannot resolve network address for KDC in realm MIDGARD.LOCAL while getting initial credentials
[command] echo ******** | /usr/bin/kinit "admiral@MIDGARD.LOCAL"

I have made sure that the DNS server is correct, I have made sure the time sysncs, and I can ping servers, the QNAP and any computers on the network. The can be pinged by IP or fqdn. I have changed the password to simple numbers to avoid the ! issue, and I have changed the speeds on the network cards. Still no luck. I would appreciate any ideas on this one.

Thanks in advance
Andy
QNAPJauss
QNAP Staff
Posts: 499
Joined: Fri Oct 02, 2009 12:18 pm
Location: Taipei, TAIWAN

Re: Join Domain

Post by QNAPJauss »

CIA-Andy wrote:I
======== DEBUG START =======
/usr/local/samba/bin/net time set -S loki.midgard.local.midgard.local
Dear Andy,

From the log i guess there is something wrong with the field you entered :
we can read "loki.midgard.local.midgard.local " but it should be "loki.midgard.local"

I think you should have something like that :
Domain NetBIOS Name: : midgard
AD Server Name: loki
Domain : midgard.local

You can have an exemple with the application notes:
How to join active directory : http://qnap.com/pro_application.asp?ap_id=153

BR,
Jauss
CIA-Andy
New here
Posts: 2
Joined: Thu Apr 15, 2010 1:45 am

Re: Join Domain

Post by CIA-Andy »

Hi Jauss

You are right. I did have it entered as loki.midgard.local
That was in frustration. Here is the one I get when I only put it in once:
Microsoft network settings failed. Please check the DNS server, domain name, and user name and password for logging in the domain.

======== DEBUG START =======
/usr/local/samba/bin/net time set -S kvasir.midgard.local
[command] echo ******** | /usr/bin/kinit "Andy@MIDGARD.LOCAL"
Password for Andy@MIDGARD.LOCAL:
Specify WORKGROUP = MIDGARD
[command] /usr/local/samba/bin/net ads join -S kvasir -U "Andy%********" -s /etc/config/smb.conf
Failed to join domain: failed to lookup DC info for domain 'MIDGARD.LOCAL' over rpc: Logon failure
[command] /usr/local/samba/bin/net ads join -S kvasir.midgard.local -U "Andy%********" -s /etc/config/smb.conf
Failed to join domain: failed to lookup DC info for domain 'MIDGARD.LOCAL' over rpc: Logon failure
[command] /usr/local/samba/bin/net ads join -U "Andy%********" -s /etc/config/smb.conf
Failed to join domain: failed to lookup DC info for domain 'MIDGARD.LOCAL' over rpc: Logon failure


This is a different QNAP machine, but on the same domain. I am having the same problem with both of them. One server on one site is Loki, and Kvasir on the other site.

Thank you for your response, but I still cannot join the domain.

Andy
QNAPJauss
QNAP Staff
Posts: 499
Joined: Fri Oct 02, 2009 12:18 pm
Location: Taipei, TAIWAN

Re: Join Domain

Post by QNAPJauss »

Dear Andy,

I think you make your domain security higher with a security option in your GPO.
In order to fix it :
In your GPO, you have to change this setting :
2010-04-16_170651.jpg
Network security: Lan Manager authentication level
from : Send NTLMv2 response only/refuse LM & NTLM
to : Send NTLMv2 response only/refuse LM

This behavior will be fixed in a newer firmware.

BR,
Jauss
You do not have the required permissions to view the files attached to this post.
Post Reply

Return to “Windows Domain & Active Directory”