AD Authentication stops working until reboot

Questions about using Windows AD service.
soosp
First post
Posts: 1
Joined: Fri Nov 04, 2016 4:49 pm

Re: AD Authentication stops working until reboot

Post by soosp » Fri Nov 04, 2016 5:16 pm

We have same issue with a TS-EC880U unit joined a Wondows 2008R2 AD. The Windows ACL Support are set. I had problems set permissions via AD groups. Only grant permissions to users worked. After I set and tested all setting I had to reboot the unit. After reboot granted rights do not work. It seems that there is no proper idmap settings in the internal samba software of the NAS.

User avatar
stefano.pederzani
Getting the hang of things
Posts: 99
Joined: Thu Nov 03, 2016 9:28 pm
Location: Italy
Contact:

Re: AD Authentication stops working until reboot

Post by stefano.pederzani » Fri Nov 04, 2016 5:44 pm

It can not be neither a functional level issue nor a time issue, otherwise you had problem immediately, not after days.
I am not an expert of AD, but it seems like samba (samba suite, likely winbind) loses sync with the server about the token.
The authentication token is released by the DC to a user. It has an expiring time.
I agree to those who say it is a bug.
If a patch does not solve the problem, in your ** I would try a workaround, like saving the password when the connection to the share asks for it.

Not always problems can be fixed. Sometimes you have to find a remedy.
System Administrator & DBA since 1995

cotefr
New here
Posts: 3
Joined: Thu Jun 09, 2016 11:20 pm

Re: AD Authentication stops working until reboot

Post by cotefr » Tue Nov 08, 2016 4:15 am

I have the same issue with a TS-231+ and firmware 4.2.2. The shortest interval before needing to reboot was 3h, the longest interval was 3 days. Unfortunately, saving the password as proposed doesn't work, because you can't connect even by entering to correct credential. The only solution is to reboot the NAS and everything starts working fine again.

User avatar
stefano.pederzani
Getting the hang of things
Posts: 99
Joined: Thu Nov 03, 2016 9:28 pm
Location: Italy
Contact:

Re: AD Authentication stops working until reboot

Post by stefano.pederzani » Tue Nov 08, 2016 5:59 pm

cotefr wrote:Unfortunately, saving the password as proposed doesn't work, because you can't connect even by entering to correct credential. The only solution is to reboot the NAS and everything starts working fine again.


This is worse than I thought. This does mean the Qnap is in some way "out" of the AD domain.
System Administrator & DBA since 1995

cpjones131
Starting out
Posts: 10
Joined: Wed Jun 04, 2014 12:00 am

Re: AD Authentication stops working until reboot

Post by cpjones131 » Wed Nov 16, 2016 5:20 am

I stayed at 2012 because r2 does have an issue with the current version of SAMBA. I figured out the issue. You can't allow the drives to sleep. The delay causes the problem. Since I turned that off I have not had any complaints about access denied! {knocking on wood}

fkollmann
First post
Posts: 1
Joined: Fri Nov 18, 2016 11:22 am

Re: AD Authentication stops working until reboot

Post by fkollmann » Fri Nov 18, 2016 11:26 am

Same issue here, very annoying. Restarting SMB resolves the issue (/etc/init.d/smb.sh restart). We do this every night automatically, but still happens from time to time. Requires fixing, ASAP.

cpjones131
Starting out
Posts: 10
Joined: Wed Jun 04, 2014 12:00 am

Re: AD Authentication stops working until reboot

Post by cpjones131 » Thu Dec 01, 2016 4:32 am

It always seems to be the first person to log in. If you view that account on the QNAP --> Domain Users, I find that the description(their name in my case)" on the Username that is having the login issue is missing. All the other users will look fine. So it only seems to truly effect one or two users that login first. I prefer the QNAP as the backups are flawless and so much faster than anything else we use. Hopefully the Domain connection issue is resolved soon as I just has it happen this morning on a new box i just implemented in one of our offices. I have a task that maps a drive to the QNAP just before everyone comes in and places a text file on the server. This wakes up the box before they start logging in. This morning a User came in earlier then when the task runs so he got the denied access issue when trying to get to his drives. After 15 minutes the issue goes away.

User avatar
StefanNissen
New here
Posts: 3
Joined: Mon Dec 19, 2016 6:15 pm
Location: Vaduz

Re: AD Authentication stops working until reboot

Post by StefanNissen » Mon Dec 19, 2016 6:27 pm

Oh I also have this problem. Only reboot the NAS helps(

RecoveryForce
Starting out
Posts: 15
Joined: Thu Jul 09, 2015 12:16 am

Re: AD Authentication stops working until reboot

Post by RecoveryForce » Wed Jan 11, 2017 1:11 am

I, too, have been having issues with my TS431 dropping AD domain authentication...it seems to have come about within the last few updates. I have found that I don't have to reboot the system if I go through the process of rejoining the domain...though, it might be just as simple to manually restart smb, as per @fkollmann.

I created a support ticket last week and can see that it has been assigned to a someone a few days ago, yet they haven't even gone so far as to say that they are aware of the issue and are working on it. A little disappointing, to say the least.

If it is an issue with a newer version of Samba that isn't easily figured out, would it not make sense to provide an optional update which reverts samba back a couple versions to a point where it was stable?
TS-431 replaced with TS-453B
FW Version: 4.3.4.0569

Anguel
New here
Posts: 5
Joined: Sun Jan 31, 2016 9:39 pm

Re: AD Authentication stops working until reboot

Post by Anguel » Tue Mar 28, 2017 5:39 pm

These minor "bugs" seem to be everywhere. I have not seen anything that just works so far... Useless for productive use.

guimchevalier
New here
Posts: 5
Joined: Tue Apr 11, 2017 8:50 pm

Re: AD Authentication stops working until reboot

Post by guimchevalier » Tue Apr 11, 2017 10:00 pm

My TS-453Mini is NAS acting as domain controller.

I have the same problem for me since a few weeks. NAS reboot is helping.
Ni success so far with Qnap support, but it is not reproductible ...

guimchevalier
New here
Posts: 5
Joined: Tue Apr 11, 2017 8:50 pm

Re: AD Authentication stops working until reboot

Post by guimchevalier » Tue Jun 06, 2017 3:05 pm

No more problems for me with 4.3.3, running now build 0188 :-)

i hope it is the same for you ...

cpjones131
Starting out
Posts: 10
Joined: Wed Jun 04, 2014 12:00 am

Re: AD Authentication stops working until reboot

Post by cpjones131 » Wed Aug 09, 2017 9:52 pm

The problem has seemed to have gotten much better. I still run a script that appends a text file every hour to all my production drives (16 of them) so I don't have an issue even with the old firmware. I also just telnet and reset SMB if need be if someone is connecting remotely off hours instead of rebooting. The issue we have remotely is DNS does not always update from the QNAP so if there is not a static entry in DNS remote users can connect. If I uncheck register DNS automatically and recheck it, I find it will register with DNS again and be good for a month.

RecoveryForce
Starting out
Posts: 15
Joined: Thu Jul 09, 2015 12:16 am

Re: AD Authentication stops working until reboot

Post by RecoveryForce » Wed Aug 09, 2017 9:54 pm

My QNAP is much more stable now that I've disabled the built-in Anti-Virus.
TS-431 replaced with TS-453B
FW Version: 4.3.4.0569

pirosganga
First post
Posts: 1
Joined: Tue Mar 19, 2019 6:10 am

Re: AD Authentication stops working until reboot

Post by pirosganga » Tue Mar 19, 2019 6:13 am

kuste wrote:
Fri Aug 12, 2016 3:38 pm
Had the same problem as well. But only with TS-420. TS-412 worked like a charm.

Have a look at your system time. It seems, that the update overwrites the NTP-settings. My system time jumped up to 30 minutes into future and back. (The system log was not chronolical anymore, that is why I recognized it).
After enabling NTP-settings again and synching every hour the problem didn't occur anymore.
It is a know issue, that the AD authentication does not work, if the the time between client and server lacks too much.
Maybe it will help you.
Yes, incredible but that was the trick.
The system time on QNAP was 14 minutes sooner, and that was enough for not syncing users.
Thank you so much.

Post Reply

Return to “Windows Domain & Active Directory”