Domain Server

Questions about using Windows AD service.
Post Reply
User avatar
Tiss
Starting out
Posts: 27
Joined: Fri Aug 27, 2010 5:36 am
Location: Amsterdam

Re: Domain Server

Post by Tiss »

svn, thank you so much for that walkthrough! I too will try it out and let you know how it works out.
bramschats
Easy as a breeze
Posts: 440
Joined: Thu Apr 23, 2009 1:51 am

Re: Domain Server

Post by bramschats »

svn,

I followed your step by step howto but it is not working for now, hope you can help me further....

I enabled the samba on windows 7 by doing it in this manner:
http://wiki.samba.org/index.php/Windows7

everything goes well except when i try to logon to the domain, then i get the following error message.
error.jpg
i don't know what i have done wrong, maybe someone can help me on this one?
You do not have the required permissions to view the files attached to this post.
Qnap TS-453D
svn
Getting the hang of things
Posts: 63
Joined: Mon Oct 20, 2008 3:24 am

Re: Domain Server

Post by svn »

did you call your domain "MYNASSERVER"?? In my example the domain is "MYDOMAIN"

Edit:
your error message sais two things
- is your domain spelled correctly
- if your domain name is spelled correctly, then this might be a netbios name... which it probably is unless you use DNS. Now I don't now exactly but from windows 7 it could be possible that netbios names are not resolved automatically... so I'm not sure if this is going to work unless you are going to use a DNS server....
bramschats
Easy as a breeze
Posts: 440
Joined: Thu Apr 23, 2009 1:51 am

Re: Domain Server

Post by bramschats »

svn,

thnx for the reply,

I did the install on a (in use) TS459pro+ so i have set all settings back to default to continue working with it.
svn wrote:did you call your domain "MYNASSERVER"?? In my example the domain is "MYDOMAIN"
yes i did.
svn wrote: Edit:
your error message sais two things
- is your domain spelled correctly
- if your domain name is spelled correctly, then this might be a netbios name... which it probably is unless you use DNS. Now I don't now exactly but from windows 7 it could be possible that netbios names are not resolved automatically... so I'm not sure if this is going to work unless you are going to use a DNS server....
The name is spelled correctly the netbios I'm going to check this out when i have another night off.

I let you know.
Qnap TS-453D
svn
Getting the hang of things
Posts: 63
Joined: Mon Oct 20, 2008 3:24 am

Re: Domain Server

Post by svn »

Some other stuff just pops up in my head

- is your domain name the same as your server name? in case yes, that could be a problem with netbios names
- try to connect with domainname.servername
- is your samba version correct according to the wiki you posted?
- Try from a reset to factory defaults
- if nothing helps, you probably need dns to resolve names on your internal network

best regards, sven
svn
Getting the hang of things
Posts: 63
Joined: Mon Oct 20, 2008 3:24 am

Re: Domain Server

Post by svn »

Hi!

I found something that might help you on an other forum. It looks like the domain join in win7 is pretty different compared to winXP or earlier.

problem on the forum might be a bit like yours:
When trying to add a new Windows 7 machine to a network I get the following error message..."An attempt to resolve the DNS name of a DC in the domain being joined has failed. Please verify this client is configured to reach a DNS server that can resolve DNS names in the target domain." I don't have any problems adding XP machines to the domain and not sure why I can't add a Windows 7 machine. I am able to get on the internet on the Windows 7 PC but can't add it to the domain.

solution
We finally got the computer to join the domain by doing the following: in the network adapter IP 4 properties, set the DNS ip address to that of the domain controller, NOT the DNS. Then went back to the computer properties to add the computer to the domain, it was added succesfully. After rebooting the machine and logging into the domain account, go back to the IP 4 properties and reset the DNS to automatically get the ip address.

this looks to me like a workaround when no DNS is available, the nicest solution should be off course the use of DNS. Try this workaround and let us know the outcome!

Best regards, Sven
User avatar
Tiss
Starting out
Posts: 27
Joined: Fri Aug 27, 2010 5:36 am
Location: Amsterdam

Re: Domain Server

Post by Tiss »

Question: If you have the QNAP configured as domain server (as described in this thread), is it possible for users to change their password in Windows by using the Ctrl-Alt-Del method?
User avatar
Tiss
Starting out
Posts: 27
Joined: Fri Aug 27, 2010 5:36 am
Location: Amsterdam

Re: Domain Server

Post by Tiss »

svn wrote:the following steps are there so the windows machine and NAS do "understand" eachother. Enter the following commands in your SSH or Telnet session (yes this is a LOT of typing, I didn't script it yet)

Code: Select all

# addgroup -g 512 ntdomadmins
# addgroup -g 513 ntdomusers
# addgroup -g 514 ntdomguests
# addgroup -g 544 ntadmins
# addgroup -g 545 ntusers
# addgroup -g 546 ntguests
# addgroup -g 547 ntpowerusers
# addgroup -g 548 ntaccount
# addgroup -g 549 ntsystem
# addgroup -g 550 ntprint
# addgroup -g 551 ntbackup
# addgroup -g 552 ntreplicator
# addgroup -g 553 ntdomcomputer

# /usr/local/samba/bin/net groupmap add rid=512 type=domain unixgroup=ntdomadmins ntgroup="Domain Admins"
# /usr/local/samba/bin/net groupmap add rid=513 type=domain unixgroup=ntdomusers ntgroup="Domain Users"
# /usr/local/samba/bin/net groupmap add rid=514 type=domain unixgroup=ntdomguests ntgroup="Domain Guests"
# /usr/local/samba/bin/net groupmap add rid=548 type=builtin unixgroup=ntaccount ntgroup="Account Operators"
# /usr/local/samba/bin/net groupmap add rid=549 type=builtin unixgroup=ntsystem ntgroup="System Operators"
# /usr/local/samba/bin/net groupmap add rid=550 type=builtin unixgroup=ntprint ntgroup="Print Operators"
# /usr/local/samba/bin/net groupmap add rid=551 type=builtin unixgroup=ntbackup ntgroup="Backup Operators"
# /usr/local/samba/bin/net groupmap add rid=552 type=builtin unixgroup=ntreplicator ntgroup="Replicators"
# /usr/local/samba/bin/net groupmap add rid=553 type=builtin unixgroup=ntdomcomputer ntgroup="Domain Computers"

# /usr/local/samba/bin/net sam createbuiltingroup "Administrators"
# /usr/local/samba/bin/net sam createbuiltingroup "Power Users"
# /usr/local/samba/bin/net sam createbuiltingroup "Users"
# /usr/local/samba/bin/net sam createbuiltingroup "Guests"
# /usr/local/samba/bin/net sam createbuiltingroup "Account Operators"
# /usr/local/samba/bin/net sam createbuiltingroup "System Operators"
# /usr/local/samba/bin/net sam createbuiltingroup "Print Operators"
# /usr/local/samba/bin/net sam createbuiltingroup "Backup Operators"
# /usr/local/samba/bin/net sam createbuiltingroup "Replicators"

# /usr/local/samba/bin/net rpc rights grant "Domain Admins" SeMachineAccountPrivilege \
   SePrintOperatorPrivilege SeAddUsersPrivilege \
   SeDiskOperatorPrivilege SeRemoteShutDownPrivilege
# /usr/local/samba/bin/net rpc rights grant "Administrators" SeMachineAccountPrivilege
I think I followed all instructions correctly, but I received an error when trying to create two of the builtin groups: System Operators and Replicators:

Command '/usr/local/samba/bin/net sam createbuiltingroup "System Operators"'
failed with return code 255 and error message
System Operators is not a BUILTIN group.


I received a similar error for "Replicators". The rest of the builtin groups were created without any problems.

Any clues as to what is causing this?
Eraser-EMC2-
Been there, done that
Posts: 711
Joined: Sat Oct 13, 2007 5:26 pm
Location: Germany

Re: Domain Server

Post by Eraser-EMC2- »

As i see, it is a copy of one of my first post /viewtopic.php?p=8085#p8085 to this thread and
there is an issue.
It should be

Code: Select all

/usr/local/samba/bin/net groupmap add rid=549 type=builtin unixgroup=ntserver ntgroup="Server Operators" comment=ntserver
/usr/local/samba/bin/net groupmap add rid=552 type=builtin unixgroup=ntreplicator ntgroup="Replicator" comment=ntreplicator
but these groups are not necessary for a PDC.

Stefan
_________________
Windows 7 32/64bit, German
TS-439 , 1x 512GB SSD/1x 512GB Samsung ; SAMBA as NT4 PDC, DHCP/DNS-Server
TS-431+, 1x 1TB WD green, 2x 3TB WD red , 1x 2TB Samsung
TS-220 , 2x 2TB Samsung, for Backup
User avatar
Tiss
Starting out
Posts: 27
Joined: Fri Aug 27, 2010 5:36 am
Location: Amsterdam

Re: Domain Server

Post by Tiss »

Thanks Stefan!
svn
Getting the hang of things
Posts: 63
Joined: Mon Oct 20, 2008 3:24 am

Re: Domain Server

Post by svn »

Hi guys,

sorry for my late response..

First question of tiss, YES, users have to use ctrl-alt-delete to log on and can change their password :P The only thing it can't do is, as I told, user right administration.

2nd question, I did get the errors too but forgot to take out the lines. As said, they are not mandatory

Bramschats, did you get any further with the DNS workaround for win7?


Best regards, Sven
bramschats
Easy as a breeze
Posts: 440
Joined: Thu Apr 23, 2009 1:51 am

Re: Domain Server

Post by bramschats »

svn,

Getting a little further:

why does some guys getting this done without probs....arghhh?

But now i am getting this message when trying to logon the domain and filling my credentials, looks like my pc is not registered on the domain or something, i have tried the dns solution but it gave me the same error.

Any ideas how to double check all the settings, could this be a win7 x64 prob?
Nieuwe afbeelding.jpg
i have used all my sets of credentials, always the same error....

ps. In the past i had installed clearOS (RedHat linux dist) on a client pc and i could connect to the domain controller on the clearOS system without any problems on my win7 x64 system, so it should not be a problem connecting to the domain controller with a windows 7 machine.

It would be great getting this running.....

thanks in advance.
You do not have the required permissions to view the files attached to this post.
Qnap TS-453D
bramschats
Easy as a breeze
Posts: 440
Joined: Thu Apr 23, 2009 1:51 am

Re: Domain Server

Post by bramschats »

Has Anyone an idea?

thnx.
Qnap TS-453D
bramschats
Easy as a breeze
Posts: 440
Joined: Thu Apr 23, 2009 1:51 am

Re: Domain Server

Post by bramschats »

I have tried following the exact how to again but i am still getting the same error message again.

I tried adding another computer name but that also did not work.

I need some help here, thnx.
Qnap TS-453D
Eraser-EMC2-
Been there, done that
Posts: 711
Joined: Sat Oct 13, 2007 5:26 pm
Location: Germany

Re: Domain Server

Post by Eraser-EMC2- »

Try to recreate the machine account on the NAS (passwd and smbpasswd).

Please check also these regitry entries on your Win 7 x64:
http://forum.qnap.com/viewtopic.php?f=2 ... 60#p106106
_________________
Windows 7 32/64bit, German
TS-439 , 1x 512GB SSD/1x 512GB Samsung ; SAMBA as NT4 PDC, DHCP/DNS-Server
TS-431+, 1x 1TB WD green, 2x 3TB WD red , 1x 2TB Samsung
TS-220 , 2x 2TB Samsung, for Backup
Post Reply

Return to “Windows Domain & Active Directory”