Domain Server

[Eraser-EMC2-]

Yes , it should work with the actual Firmware 3.2.1 (SAMBA 3.3.9) and some registry changes:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LMCompatibilityLevel"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"CompatibleRUPSecurity"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] 
"RequireStrongKey"=dword:00000001
"RequireSignOrSeal"=dword:00000001
"signsecurechannel"=dword:00000000

It runs since 3 weeks with 2 Win7 Ultimates in my Network without Problems,
but i dont use the roaming user profiles, because it takes too much time to save the profile to the NAS.

[Telepath]

Thanks for these instructions, a friend asked me about central user management, and I thought that should somehow be possible to do with my qnap, and bingo, here it is
But the windows xp client is not able to find the domain.
I entered the nas as wins server in the dhcp configuration, but the client always says it cannot find the dns entry of the domain. Which is correct, because my router does dns, and it does not know of the domain.
But the client should find the domain through wins, so what may I be missing?

[Eraser-EMC2-]

Did you configure the NAS as PDC ?
You have to do manually in smb.conf, creating some groups and run some commands from the console.
Or try it with my script, but it is not perfect ... use it on your own risc.

[Telepath]

sure, I read the whole thread, I used the scripts and I think the config looks good.
The problem seems to be something between wins and dns, but I don't see how.

Maybe it is a problem with windows xp, that's always a possibility

EDIT: forget it, I found the mistake in the config

[Telepath]

One more question:

You can add the name of the worksation in the user management of your nas
( pcname + $ )

or to add it with ssh or telnet to the /etc/passwd with the command :

Code: Select all

adduser -h /tmp mypc$

What password should the account have, the winxp client doesn't seem to mind the password, but the win7 client always says things like "cannot rename" or "account already exists" when I try to join the domain (even after making your reg-changes).

[Eraser-EMC2-]

Oh, i find the last post of me and i have now to say it is not enough.

Code: Select all

adduser -h /tmp mypc$

This will create the linux machine account but samba need also a user account.
You can create this with

Code: Select all

/usr/local/samba/bin/smbpasswd -L -a -m -n mypc

Then you should add your PC to your Domain without error.

Stefan

[skaman]

hi to all,
i configured my qnap pro as pdc and it work great... my linux and windows boxes use all togheter remote autenthication.
I've only a problem. Under my linux client i want to use /home dir on an NFS share. So every user can log on a linux client and use his preferences and his documents. But when the linux client boot up it enumerate winbind users and groups locally and make a local cache. So every user on every linux client could have (probabilly have) a different uid and/or gid. In the past i used a combination with samba pdc+ldap to solve the problem (uid and gid are stored on ldap server) but in this situation i've only samba. There is a workaround to this problem? How i can have the sams uids/gids on my linux clients using only samba as pdc without ldap?

Thanks guys for this great tutorial

Sandro

[Mforcer]

Where's the GUI?

[Eraser-EMC2-]

i did not create a GUI, only command line.

[Mforcer]

I know and think you have done a great job putting this together for everyone. I had an attempt following your instructions but got scared as I only have a live server to work with and so removed all the changes I made.

Are you (or anyone) able to advise what changes are necessary to just have a centralised login? I am not currently interested in roaming profiles or other possible features... One step at a time.

Are you also able to confirm that the GUI to create new users and groups in the Web interface carry through to the centralised login or do these need to be added elsewhere?

I do think QNAP should include a GUI for this.

[marcblount]

Hi Everyone,

I own a TS-119 which is a fantastic bit of kit, however as a MS techie i wondered how i can get it to act as a DC... then through google i found this forum.

I have followed the instructions on this thread so far but i cannot seem to add any comuters. I have added a computer account and restarted the samba services from the NAS cli, but when i come to add an XP Pro laptop i get an error saying that username or password not valid. I know 'mydomain' is active because if i choose a random domain name then Windows fails and says domain not found. So i am stuck because i can't add my laptop to the domain. I have tried root, admin and even renamed admin to administrator in an attempt to trick the NAS into authenticating, but i just cannot get XP to join. I am starting to think that a ts-119 can't do this and i would need to upgrade to a pro in order to gain domain functions.

has anyone got a domain structure working on a TS-119?

Many thanks

[Eraser-EMC2-]

I know and think you have done a great job putting this together for everyone. I had an attempt following your instructions but got scared as I only have a live server to work with and so removed all the changes I made.

Are you (or anyone) able to advise what changes are necessary to just have a centralised login? I am not currently interested in roaming profiles or other possible features... One step at a time.

Are you also able to confirm that the GUI to create new users and groups in the Web interface carry through to the centralised login or do these need to be added elsewhere?

Hi Mforcer,

i think you can manage your user and groups without the script.
As i began to write the script was it not clear for me.
For the centralised login requires only the domain groups and machine accounts.
Then You have to manage the depends of the user to the domain groups on the QNAP WebGUI.
I will check it.

@marcblount,

Did you get some error messageson runtime of the script ?
The script works with all QNAP NAS but Win 7 require some changes in the registry ans a SAMBA version 3.3.9 (QNAP Firmware 3.2.x) .

Stefan

[Mforcer]

I got XP loging in fine. I couldn't get Vista to login but decided to hold off resolving this. In the end, I fell the hassle of maintaing this would outweigh the benefits.
If there was a simple to use GUI for this as part of the QNAP Admin web interface then I would certainly make full use of this. In the end, I have a business to run and it is just too difficult for my situation.

For the benefit of others (I am FAR from an expert and make no assurances that this is correct), the only changes I made to my standard smb.conf are:

Code: Select all

deadtime = 10
use sendfile = yes
case sensitive = auto
unix extensions = no
wins support = yes
domain logons = yes

logon path = \\%N\%u\Profile\%a
logon drive = X:
logon home = \\%N\%u
logon script = login.cmd

domain master = yes
local master = yes
preferred master = yes
os level = 65
[Netlogon]
path = /share/MD0_DATA/Netlogon
comment = Network Logon Service
browsable = no
read only = yes
write list = "admin"
[Profiles]
path = /share/MD0_DATA/%u/Profile/%a
comment = User Profiles
read only = no
create mask = 0600
directory mask = 0700
browsable = no
inherit owner = yes
profile acls = yes
[homes]
path = /share/MD0_DATA/%u
comment = Home Directories
read only = no
browseable = no

I also added all the domain PCs as users in the QNAP admin interface with "$" after their names. Real users were given their own directory with their user name.

The last change was to fix the "Linux User,,," name issue as noted here.

[Valnurat]

Could someone explaine what the nessesary steps are to use QNAP as PDC. How do I install Samba and what should I do just to use it to have a login and to map drives? I have seen in the thread there is a script, but I can't find it.

Please help. I'm not a linuxguy. n00b

TIA

[Mforcer]

Samba is already installed on your QNAP and is accessed through the standard Admin web interface, referred to as Microsoft Networking.

This topic is not about installing Samba but rather using the pre-installed Samba for functions not revealed through the standard Admin web interface.