Domain name not being passed with Samba login
-
- New here
- Posts: 7
- Joined: Thu Aug 13, 2009 9:58 am
Domain name not being passed with Samba login
I have a TS-531P NAS succesfully connected to a windows 2012 domain controller. As of yesterday all domain users credentials were properly being passed to the NAS and allowing file access. Last night something happened which broke AD authentication. I tried to reconnected domain authentication in the Control Panel --> Domain Security --> Active Directory authentication (Domain member). I was able to do this without a problem and I can see domain users in the users and shared folder settings of the NAS. I tried to remove all previous domain users and then add them back to the shared folders manually. This worked without any problems but domain users still aren't able to get their files using ipaddres, name or FQN. The one strange thing I noticed in the system connection logs is that now all users are not showing up with their domain prefix before their login name. Yesterday the logs had all login users names displaying like "domainname\username". Today the same users are showing in the log as just username. Does anyone know how to resolve this to make Samba calls receive the domainname and allow domain user access again?
-
- New here
- Posts: 7
- Joined: Thu Aug 13, 2009 9:58 am
Re: Domain name not being passed with Samba login
I never did get to the bottom of this and tech support took over 24 hours to respond to the help request. This was being used at a business and they couldn't wait that long to get to the their data. I also couldn't just open up all of the file shares to everyone because there was sensitive financial data on it.
I ended up backing up all of the data, doing a factory restore and drive format, and setting up the entire NAS from scratch.
I ended up backing up all of the data, doing a factory restore and drive format, and setting up the entire NAS from scratch.
-
- New here
- Posts: 9
- Joined: Wed Jul 08, 2015 3:03 am
Re: Domain name not being passed with Samba login
Interesting... your post just led me to a temporary fix until QNAP fixes the issue. When the QNAP prompted me for my credentials. I typed:
myusername@mydomain.com (com, net, local... whatever you use.)
mypassword
It worked!! Something is definitely wrong with the QNAP.
/RajW
myusername@mydomain.com (com, net, local... whatever you use.)
mypassword
It worked!! Something is definitely wrong with the QNAP.
/RajW
-
- New here
- Posts: 9
- Joined: Wed Jul 08, 2015 3:03 am
Re: Domain name not being passed with Samba login
I think I fixed it... QNAP should validate. I ssh'd into the QNAP and adjusted a few things:
1) Edit the /etc/config/krb5.conf file
2) Edit the /etc/config/smb.conf file. Added this line under [global]
Now my QNAP is behaving as expected.
/RajW
1) Edit the /etc/config/krb5.conf file
Code: Select all
[libdefaults]
default_realm = MYDOMAIN.COM
[realms]
MYDOMAIN.COM = {
kdc = SERVER01.MYDOMAIN.COM
kdc = SERVER02.MYDOMAIN.COM
default_domain = MYDOMAIN.COM # I Added this
}
[domain_realm] # Took off the 's'... They had "[domain_realms]"
.MYDOMAIN.COM = MYDOMAIN.COM # Adjusted these
MYDOMAIN.COM = MYDOMAIN.COM # two lines
Code: Select all
winbind use default domain = yes
/RajW
- Don
- Guru
- Posts: 12289
- Joined: Thu Jan 03, 2008 4:56 am
- Location: Long Island, New York
Re: Domain name not being passed with Samba login
Please open a ticket with QNAP and pass along this info.
Use the forum search feature before posting.
Use RAID and external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced, and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.
NAS: TVS-882BR | F/W: 5.0.1.2346 | 40GB | 2 x 1TB M.2 SATA RAID 1 (System/VMs) | 3 x 1TB M.2 NMVe QM2-4P-384A RAID 5 (cache) | 5 x 14TB Exos HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-h674 | F/W: 5.0.1.2376 | 16GB | 3 x 18TB RAID 5
Apps: DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS3, Entware, DLstation, VS, +
Use RAID and external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced, and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.
NAS: TVS-882BR | F/W: 5.0.1.2346 | 40GB | 2 x 1TB M.2 SATA RAID 1 (System/VMs) | 3 x 1TB M.2 NMVe QM2-4P-384A RAID 5 (cache) | 5 x 14TB Exos HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-h674 | F/W: 5.0.1.2376 | 16GB | 3 x 18TB RAID 5
Apps: DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS3, Entware, DLstation, VS, +
-
- New here
- Posts: 9
- Joined: Wed Jul 08, 2015 3:03 am
Re: Domain name not being passed with Samba login
Never mind... It's still messed up. I'm going to reinitialize the QNAP and get it back to defaults and start fresh in the morning.
/RajW
/RajW
-
- New here
- Posts: 9
- Joined: Wed Jul 08, 2015 3:03 am
Re: Domain name not being passed with Samba login
Update... I've been testing in a new environment (a.k.a. no users yet) and in my testing I've been using the IP address of the server instead of the DNS name.
- When I use the ip address, i.e. \\10.1.100.20\Group I get prompted for a password / Using 'username@mydomain.com' is the only way to be granted access
- When I use the servers name, i.e. \\servername\Group, everything works fine and I don't get prompted for a password
I'm guessing it's a Kerberos thing maybe? I wasn't expecting the above behavior since a true Windows file server would be fine with the IP or the name.
NOTE: I did still have to edit the krb5.conf file. This is my current krb5.conf file the "[domain_realms]" in the QNAP-created original is invalid:
/RajW
- When I use the ip address, i.e. \\10.1.100.20\Group I get prompted for a password / Using 'username@mydomain.com' is the only way to be granted access
- When I use the servers name, i.e. \\servername\Group, everything works fine and I don't get prompted for a password
I'm guessing it's a Kerberos thing maybe? I wasn't expecting the above behavior since a true Windows file server would be fine with the IP or the name.
NOTE: I did still have to edit the krb5.conf file. This is my current krb5.conf file the "[domain_realms]" in the QNAP-created original is invalid:
Code: Select all
[libdefaults]
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
[realms]
MYDOMAIN.COM = {
admin_server = server01.mydomain.com
default_domain = MYDOMAIN.COM
kdc = server01.mydomain.com
kdc = server02.mydomain.com
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM