Domain Server

Questions about using Windows AD service.
Post Reply
bramschats
Easy as a breeze
Posts: 440
Joined: Thu Apr 23, 2009 1:51 am

Re: Domain Server

Post by bramschats »

Hey Eraser-EMC2,

Thanks for the reply, i have used this guideline for registry edit:

http://wiki.samba.org/index.php/Windows7

When i compare this with your registry edit i have some other entries:

Code: Select all

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LMCompatibilityLevel"=dword:00000001 
"current 0"

Code: Select all

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"CompatibleRUPSecurity"=dword:00000001  
"current 0"

Code: Select all

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
"signsecurechannel"=dword:00000000  
"current 1"

Do i have to edit the other entries to and why do i have to do that when samba says it is not needed?

thanks in advance.
Qnap TS-453D
bramschats
Easy as a breeze
Posts: 440
Joined: Thu Apr 23, 2009 1:51 am

Re: Domain Server

Post by bramschats »

I have edit all the registry settings above and tried it with a clean on my qnap but still no succes.

any other ideas are always welcome.
Qnap TS-453D
aakerbeere
Starting out
Posts: 14
Joined: Sun Oct 24, 2010 5:11 pm
Location: Switzerland

Re: Domain Server

Post by aakerbeere »

Hi

I just come from ordering a QNAP NAS (see profile and signature, didn't get it yet) and i am a absolute linux noob. But i want to get higher state setting it up as controller for a Microsoft Domain using Samba as described in this task.
Now my noob question: Without any precautions beeing taken, will this custom configuration be lost in case of firmware update and getting me to start over? If so, is there any way to save configuration and if yes, how?

Kind regards
markus
TS-459 Pro+
2*Samsung hd204ui 2*TOSHIBA DT01 ACA200 MX40RAID5
4.2.6 Build 20181026
svn
Getting the hang of things
Posts: 63
Joined: Mon Oct 20, 2008 3:24 am

Re: Domain Server

Post by svn »

Bramschats,

Damn you have problems bro! Well I haven't tried to join a win7 pc. Ehm you say "with a clean on my qnap" you mean you reset it to factory defaults? You still receive the same error message after that? I'm out of ideas, as I said, I haven't joined a win7 pc to an samba domain yet.

Markus,

I think the answer is somewhere in this thread, I've read someone lost a part of the config due to an firmware upgrade. So my advice is to switch off the automatic update option, and save your system settings. I'ts really easy, just browse a while in the super user friendly web interface and you will find an option for it, currently I'm at work and can't check out where exactly (configuration ports are blocked by the firewall)

Best regards, Sven
manuelgod
New here
Posts: 4
Joined: Tue Mar 02, 2010 11:32 am

Re: Domain Server

Post by manuelgod »

I have a TS-110 Turbo, I have always wanted to centralize my 4 computers at home with a PDC, does this hardware able to do such a thing?
If so, where I can find more info on how to do it?

Thanks Guys!\
svn
Getting the hang of things
Posts: 63
Joined: Mon Oct 20, 2008 3:24 am

Re: Domain Server

Post by svn »

manuel,

as long as it has SAMBA installed, yes it will. Don't expect massive performance, but for home it's ok. Read this thread, and my step by step guide (in this thread) and you will exactly know what it can and can't do.
bearslumber
New here
Posts: 3
Joined: Tue Mar 09, 2010 10:42 pm

Re: Domain Server

Post by bearslumber »

Hi Sven and All,

I'd like to say a big "thank you" for your post.

I have successfully turned my TS209 II into a fully featured PDC.

One thing I thought I'd add is the ability to create users on the fly by using samba, and join machines to the domain without having to explicitly create an account on the samba server ....

I added the following to the [GLOBALS] section of the smb.conf file.

Code: Select all

    ##########################################################################
    # NASBOX busybox version is ancient (version 1.01). 
    #   Q-Nap has not upgraded and do not officially support an upgrade 
    #   and any upgrade is overwritten during reboot.
    # Therefore Using version 1.18.4 manually installed 
    #   into the user data area "/share/HDA_DATA/busybox/" 
    #   to ensure it is not overwritten at reboot 
    ##########################################################################
    add user script = /share/HDA_DATA/busybox/adduser -h /share/HDA_DATA/User/%u %u
    delete user script = /share/HDA_DATA/busybox/deluser %u
    add group script = /share/HDA_DATA/busybox/addgroup %g
    delete group script = /share/HDA_DATA/busybox/delgroup %g
    add user to group script = /share/HDA_DATA/busybox/addgroup %u %g
    add machine script = /share/HDA_DATA/busybox/adduser -s /bin/false -h /share/HDA_DATA/Machines/nobody %u
    
Note: I installed the latest busybox to enable "add user to group" script. This is because the built in busybox version does not support this functionality. Also note that there is no busybox version built for the ARM 9 processor, but there is a generic version for all ARM processors and I have installed that version. It is impossible to overwrite the built in busybox version, so it is installed in a separate folder.

Also Note: To create a user you must use "smbpasswd" (or whatever password means you have specified in the smb.conf). This automatically runs the "add user" script so the user is created both for samba use and for the linux box in one stroke. I have not experimented with the groups yet, but I suspect utilising "net" or "winbind" will have the same effect.

Also Note: To add a windows machine to the domain, simply join the domain using the windows "join domain" wizard, and the machine will be created for you.

If someone has already posted this on information then I apologise.

Otherwise,

Hope this helps

Lucas
bmitchel1976
First post
Posts: 1
Joined: Fri Jul 01, 2011 8:44 am

Re: Domain Server

Post by bmitchel1976 »

I recently have tried to get the domain controller going on my QNAP TS 209 II, and have run into a few issues, of which some I could fix, and this latest one I'm unsure of what to do.

Firstly, I ran into an issue finding the domain. I fixed this by adding the server into the TCIP/IP settings as a WINS server so it would resolve netbios, so I could find the domain.

Secondly, I had an issue, where it appears that the domain group mappings were disappearing, I saw up above in this thread on how there was a line in the smb.sh which removed from the locks dir, all the tdb files. This appears to have fixed this. This was causing an error "Access Denied" which i assumed is because my user name wasn't mapping up to a Domain Admin group.

This last issue, I keep getting:

The following error occurred attempting to join the domain "NAS_DOMAIN":

The specified computer account could not be found. Contact an administrator to verify the account is in the domain. If the account has been deleted unjoin, reboot and rejoin the domain.

Is there somewhere in the script, that you need to add the workstation, to allow it to join the domain?

Any help would be appreciated!

Edit: Running latest firmware. I think the samba version is 3.5.2?
Eraser-EMC2-
Been there, done that
Posts: 711
Joined: Sat Oct 13, 2007 5:26 pm
Location: Germany

Re: Domain Server

Post by Eraser-EMC2- »

I am working on a QPKG for the SAMBA-PDC with the LDAP-Server as User-Database (Since QNAP Firmware 3.6) .
It is a menu based script to activate and manage the SAMBA-PDC.

Is somebody interesting ?

You can see some pictures and the download of the QPKG on the german QNAP-Club-Forum :
http://forum.qnapclub.de/viewtopic.php? ... 24#p119125
Last edited by Eraser-EMC2- on Wed Jun 13, 2012 2:43 am, edited 2 times in total.
_________________
Windows 7 32/64bit, German
TS-439 , 1x 512GB SSD/1x 512GB Samsung ; SAMBA as NT4 PDC, DHCP/DNS-Server
TS-431+, 1x 1TB WD green, 2x 3TB WD red , 1x 2TB Samsung
TS-220 , 2x 2TB Samsung, for Backup
Eraser-EMC2-
Been there, done that
Posts: 711
Joined: Sat Oct 13, 2007 5:26 pm
Location: Germany

Re: Domain Server

Post by Eraser-EMC2- »

!!! Only use on your own risk !!!

Here first BETA of my QPKG for a SAMBA-PDC with LDAP-User-Database.

Pictures of the console function are in the thread above.

You have to use the command "smb_cmd.sh" to start the UserInterface on the linux console.

Roaming profiles are possible, i tested it with
+ Windows 2000 pro
+ Windows XP Pro
+ Win 7 Ultimate 32 bit

It has no problem with the new Firmware 3.7.0

The WebGUI is still under development and has not reach the full functionality.

+ V3.0.29
- I had a little bug, the menu point for creating the PDC was not shown
Last edited by Eraser-EMC2- on Sat Jun 09, 2012 9:08 pm, edited 1 time in total.
_________________
Windows 7 32/64bit, German
TS-439 , 1x 512GB SSD/1x 512GB Samsung ; SAMBA as NT4 PDC, DHCP/DNS-Server
TS-431+, 1x 1TB WD green, 2x 3TB WD red , 1x 2TB Samsung
TS-220 , 2x 2TB Samsung, for Backup
Eraser-EMC2-
Been there, done that
Posts: 711
Joined: Sat Oct 13, 2007 5:26 pm
Location: Germany

Re: Domain Server

Post by Eraser-EMC2- »

I had again an issue with slow rebooting of the NAS,
i have to investigate, why it is.
_________________
Windows 7 32/64bit, German
TS-439 , 1x 512GB SSD/1x 512GB Samsung ; SAMBA as NT4 PDC, DHCP/DNS-Server
TS-431+, 1x 1TB WD green, 2x 3TB WD red , 1x 2TB Samsung
TS-220 , 2x 2TB Samsung, for Backup
bramschats
Easy as a breeze
Posts: 440
Joined: Thu Apr 23, 2009 1:51 am

Re: Domain Server

Post by bramschats »

Eraser-EMC2,

I am going to give the PDC another try, thanks for your help.

BTW, i have a laptop and a desktop (both win 7 (prof/ ultimate) and i use my laptop also on the road and on vacation. Is it possible to login my "domain" account when i am not on my LAN using offline files or something?

My problem was the last time i only could logon my temporarily profile and not on the domain, when i put the files on the "public" share the profile works fine. i think it has something to do with access rights.

Is the windows 7 samba tweak still needed or is samba updated to it's latest version on the qnap?
one time and is a system update normally no problem?

Do system updates of the qnap give lot's of problems or is this just

Is there anything else i need to now installing the PDC?

Thanks in advance and i am going to give it another try.
Qnap TS-453D
Eraser-EMC2-
Been there, done that
Posts: 711
Joined: Sat Oct 13, 2007 5:26 pm
Location: Germany

Re: Domain Server

Post by Eraser-EMC2- »

Hi all,
i am deleted the QPKG, because i got now many problems with SAMBA, LDAP and the Rebooting of the NAS.
My NAS ist stucking in the Boot process.
I dont
bramschats wrote:Is the windows 7 samba tweak still needed or is samba updated to it's latest version on the qnap?
It is still the same as without LDAP
and SAMBA ist not the latest Version.
bramschats wrote:Thanks in advance and i am going to give it another try.
please do not install the QPKG before i found the issue.

I can not believe the QPKG is the reason.
_________________
Windows 7 32/64bit, German
TS-439 , 1x 512GB SSD/1x 512GB Samsung ; SAMBA as NT4 PDC, DHCP/DNS-Server
TS-431+, 1x 1TB WD green, 2x 3TB WD red , 1x 2TB Samsung
TS-220 , 2x 2TB Samsung, for Backup
bramschats
Easy as a breeze
Posts: 440
Joined: Thu Apr 23, 2009 1:51 am

Re: Domain Server

Post by bramschats »

Ik, thnx

When you found i Will try again...
Qnap TS-453D
bramschats
Easy as a breeze
Posts: 440
Joined: Thu Apr 23, 2009 1:51 am

Re: Domain Server

Post by bramschats »

Eraser-EMC2-,

Any further with problem solving?

I want to give the PDC another try.

thanks in advance and good luck.
Qnap TS-453D
Post Reply

Return to “Windows Domain & Active Directory”