Authentication problems

Questions about using Windows AD service.
brandonsmith.rm
New here
Posts: 3
Joined: Fri Jul 30, 2010 6:32 am

Re: Authentication problems

Post by brandonsmith.rm » Fri Jul 30, 2010 6:46 am

Im still having this problem. By the ip, it has access, but by FQDN it fails. I have tried:
    /etc/init.d/winbind restart
    /etc/init.d/smb.sh restart
    mount -o remount,acl /share/MD0_DAT
All with no success. I have also verified that the time is correct. Both client, server, and NAS. My environment is a Windows 2008 Server R2 Domain controller (AD & DNS), Clients are Windows XP, Nas is 410U with 3.3.1 Build 0720T. The client profiles are setup to use the NAS as the home directory (\\nas01\<domain>\<username>).

stune
First post
Posts: 1
Joined: Fri Jul 30, 2010 9:56 pm

Re: Authentication problems

Post by stune » Fri Jul 30, 2010 10:01 pm

ok so here i go - 1st post, 1 of my servers would not browse to \\nas1 but it would with the IP and FQDN - and it would show all the hidden shares! hmmm!?
I got an error about time sync, did a NET TIME %loginserver% /set /y and it worked - go figure that one of my server is not sync (time wise) to the DC - weird!

wittmann
Starting out
Posts: 21
Joined: Thu Mar 24, 2011 4:21 pm

Re: Authentication problems

Post by wittmann » Thu Mar 24, 2011 4:33 pm

Same problem here.

I tried to contact QNAP Support - they told me to update Firmware. Hmm.

Here complete Story:

QNAP TS-459-RP+
Installed with latest Firmware.
Windows 2003 AD

If I connect all my Users via DNS-Entry "Internal-NAS" -> sometimes Users get disconnected and are forced to enter Username and Password -> It doesn't matter what, but they won't get connected again althought everything was entered correctly. I connected to QNAP via Putty - > and I found same error in smb-log

Test1: Maybe known by someone here:
"Windows-Problem": You cannot connect to the same Servername with different Username (like as a Admin -> your "Personal" is connected with "Vanessa" -> you cannot connect with "admin").
So I tried to reconnect to Internal-NAS with different DNS-Name: Internal2-NAS (defined in DNS- of AD-Server):
And this worked!

Test2: I changed every connection to IP-Address: No connection errors any more.
=> Now the unusual:
Vanessa has allready used IP-Adress of my NAS \\192.168.1.250\sharename .
But she also had a local "short cut" to \\Internal-NAS\sharename
She told me she was allready connected to this share this morning - and now she got this error with username and password -> ONLY on this shortcut with DNS-Name!!!!

Test3: I noticed that in my LAN-config i had two DNS-Entries:
First: AD-Server with DNS
Second: Firewall (which can also resolve DNS)

=> Maybe this is a problem? I changed second one to copy first one (I cannot leave it blank).

*EDIT*:
Test4: I also noticed, that QNAP got his Time from ptb.ptbtime1.de -> I changed this to my Domain Server.
Maybe this also will help.

Conclusion: Problem still exists, but as my Users are connection their "Documents" Folder as Z - I need a working system - I still use IP-Address.


Any suggestions?
I will test changing to Name again and post result here.
Last edited by wittmann on Tue Mar 29, 2011 1:35 pm, edited 1 time in total.

snickered
New here
Posts: 5
Joined: Thu Oct 21, 2010 4:15 am

Re: Authentication problems

Post by snickered » Mon Mar 28, 2011 10:22 pm

Same problem here. I have to use \\192.168.xx.xx\share to access. Using \\qnapname\share doesn't work.

I have the latest firmware of 3.4.1 Build 0315T on a 419U+. I have restarted my qnap and it didn't help.

What's the deal with this? This thread has been going for a LONG time. I think qnap needs to fix this once and for all.

Crusnik01
Starting out
Posts: 24
Joined: Fri Mar 19, 2010 9:35 pm

Re: Authentication problems

Post by Crusnik01 » Tue Mar 29, 2011 3:34 am

EDIT: Sorry, my bad... I forgot to adjust the NTP sync to auto update once a day, so my clock on the NAS was one hour behind. Thus kerberos tickets got invalidated...

Same problem here. :/

I can browse by IP (\\xxx.xxx.xxx.xxx), but now with the hostname (\\nas01) or the FQDN (\\nas01.domain.com).

I've tried all sorts of username combinations:

DOMAIN\username
username@domain.com
username
DOMAIN+username

Still nothing :/

wittmann
Starting out
Posts: 21
Joined: Thu Mar 24, 2011 4:21 pm

Re: Authentication problems

Post by wittmann » Thu Apr 21, 2011 2:00 pm

No new reply?
We had since last change again two times a disconnect -> much less than before but problem still exists.

QNAPJauss
QNAP Staff
Posts: 499
Joined: Fri Oct 02, 2009 12:18 pm
Location: Taipei, TAIWAN

Re: Authentication problems

Post by QNAPJauss » Tue Apr 26, 2011 2:27 pm

Dear wittmann,

I will try to reply your test:
You cannot connect to the same Servername with different Username

This is a Windows limitation. You can use only 1 username to connect to 1 network share folder.

Regarding the name resolution, you should be able use:
NAS IP : \\IP\sharename
NAS netbios name : \\nasname\sharename
NAS dns name : \\nas.dns.name\sharename

If the IP doesn't work, the nas is maybe not joined correctly in the domain
If the nasname doesn't work, you may have a netbios name resolution problem. usually it is due to windows cache, master browser on the network need time to be updated.
If the dns name doesn't work, it could be a dns name resolution. make sure the nas dns entry exist in your active directory dns server.

authentication problem can also be causes by time difference :
- some minute of difference
- sometimes, same time but with 1 day difference
- sometime 1 hour of difference caused by the DST.

Please also verify that there is no old password saved in the windows credential manager.

You can also try to authenticate with the full domain\username format:
NASNAME\username for local users
DOMAIN\username for domain users

I suggest you a remote connection to have a look to that issue. Please contact our technical support.

BR,
Jauss

Chrille
First post
Posts: 1
Joined: Fri Apr 29, 2011 3:06 pm

Re: Authentication problems

Post by Chrille » Fri Apr 29, 2011 3:36 pm

I can confirm that taking the Qnap out of AD into just standard Workgroup, then changing the name of the Qnap, adding it back into the AD did it for me.
It's now working as expected and as advertised. :evil:

The only thing I thing I did different this time was to wait at the end of the "Add to Active Directory Wizard" for the "Please wait while QNAP does something weird that takes time" to finish and say completed, instead of just clicking on the Finish button (which I can do though it's not finished :? ).
I was also forced to restart QNAP since it turned off the Samba service for some inexplicable reason.
Bit buggy this software. :?

cbaksa
New here
Posts: 7
Joined: Tue Mar 30, 2010 7:18 pm

Re: Authentication problems

Post by cbaksa » Fri Apr 29, 2011 11:33 pm

I have a similar problem which has locked out all my AD users.
I have 10 TB of data that is not accessible by anything but the local QNAP user anymore.
I have been in contact with US tech support which has been no help what so ever. I need assistance... PLEASE

I run a full AD with is almost 100% Virtual.
About 3 weeks ago I did a migration from a 2008 32 bit DC to a 2008 R2 64 Bit DC. It went perfect.
DHCP, DNS... all 100% functional. Forrest and domain at 2008 Level. Happy time!
I have one more DC to migrate but its a backup and is off most of the time.

My QNAP 659 was bound to the old DC which no longer exists. I totally forgot that the NAS is dependent on AD by its DC by name (this is so wrong)
I put the qnap back to workgroup mode, rebooted, removed the entry from AD and then re-added it to my domain. it joined and I proceeded to re-permission with my Domain groups.
After about 20 minutes I finished and all worked. again... Happy Time.
The next day I upgraded to the latest Firmware.

Within a week... ALL my domain permissions stopped working. all by itself. No changes were made at all.
I attempted to re-permission. No luck.
I called for support and the Tech enabled Advanced Folder Permissioning which took almost 8 hours to complete.
Still nothing. I have applied the permissions using every check box that exists. Still no luck.

I have since check the time as suggested in these threads. Its all good. 100% synchronized.
Noting in the credential manager. Its empty.

I'm at my whits end. I need advanced assistance to troubleshoot and get this fixed.
Loosing this data is NOT an option. PLEASE HELP!

Chris

QNAPJauss
QNAP Staff
Posts: 499
Joined: Fri Oct 02, 2009 12:18 pm
Location: Taipei, TAIWAN

Re: Authentication problems

Post by QNAPJauss » Sat Apr 30, 2011 4:28 pm

Hi Chris,

Thank you for your all the information.
First, For those who wants to re-join the domain, please do not switch back to standalone. If you switch back to standalone, you will loose your permission settings.
It is enough to simply fill up the administrator login and password and apply to join again. and you keep your existing permission.

BR,
Jauss

wittmann
Starting out
Posts: 21
Joined: Thu Mar 24, 2011 4:21 pm

Re: Authentication problems

Post by wittmann » Wed May 18, 2011 12:20 am

QNAPJauss wrote:Dear wittmann,

I will try to reply your test:
You cannot connect to the same Servername with different Username

This is a Windows limitation. You can use only 1 username to connect to 1 network share folder.

Regarding the name resolution, you should be able use:
NAS IP : \\IP\sharename
NAS netbios name : \\nasname\sharename
NAS dns name : \\nas.dns.name\sharename


You missunderstood me.
Yes I know this limitation - and as Workarround you can use as many DNS-Names as you want!
So I can access my NAS via
NAS
NAS2
NAS3 - everytime its the same IP with different Users!

Back to the Problem - as our Problem still exists we switched back to only IP-Address.
But thanks for the Information about NetBios-Name -> I will check this Information -> mabye i should use full DNS-Name instead...

wittmann
Starting out
Posts: 21
Joined: Thu Mar 24, 2011 4:21 pm

Re: Authentication problems

Post by wittmann » Fri May 27, 2011 1:34 pm

Maybe a addition to my own post:
wittmann wrote:Test1: Maybe known by someone here:
"Windows-Problem": You cannot connect to the same Servername with different Username (like as a Admin -> your "Personal" is connected with "Vanessa" -> you cannot connect with "admin").
So I tried to reconnect to Internal-NAS with different DNS-Name: Internal2-NAS (defined in DNS- of AD-Server):
And this worked!


With this statement I wanted to show that It is not a problem of the computer itself - as it is possible to reconnect to QNAP-NAS with different IP and User. It is also possible to reconnect with different IP and same User.

Any suggestions?

QNAPJauss
QNAP Staff
Posts: 499
Joined: Fri Oct 02, 2009 12:18 pm
Location: Taipei, TAIWAN

Re: Authentication problems

Post by QNAPJauss » Mon May 30, 2011 10:53 am

Hi,
With this statement I wanted to show that It is not a problem of the computer itself

As I explaining, this is a windows limitation and it is a limitation from the computer itself.
You can use only 1 username to connect to 1 network share folder.
In my previous answer, i should have precised: You can use only 1 username to connect to 1 network share folder using the same IP. If you connect a second time using the hostname it should work.
Please find information and workarround at :
http://support.microsoft.com/kb/938120

BR,
Jauss

wittmann
Starting out
Posts: 21
Joined: Thu Mar 24, 2011 4:21 pm

Re: Authentication problems

Post by wittmann » Mon May 30, 2011 2:52 pm

QNAPJauss wrote:Hi,
With this statement I wanted to show that It is not a problem of the computer itself

As I explaining, this is a windows limitation and it is a limitation from the computer itself.
You can use only 1 username to connect to 1 network share folder.
In my previous answer, i should have precised: You can use only 1 username to connect to 1 network share folder using the same IP. If you connect a second time using the hostname it should work.
Please find information and workarround at :
http://support.microsoft.com/kb/938120

BR,
Jauss


You are still talking from different stuff.
Yes, Yes, Yes, all you (and I) said is correct.

But the problem is:
User *is* connected via DNS-Name NAS and User Vanessa.
Suddenly -> Windows tells Vanessa : Enter your Username and Password.
When She tries to do so (her pw and user she uses on Windows) -> it tells me it is not possible.
This still happens to all know windows-User which are allowed on the share.

If she changes and won't use the NAS-DNS name like NAS2 (as I have configured in my DNS-Server) -> she can use her PW and User as she would do normaly!

This Problem wont happen If I won't use DNS name -> instead I then use IP only.

QNAPJauss
QNAP Staff
Posts: 499
Joined: Fri Oct 02, 2009 12:18 pm
Location: Taipei, TAIWAN

Re: Authentication problems

Post by QNAPJauss » Mon May 30, 2011 5:15 pm

Hi,

Ok.

Can you try to update to firmware 3.4.3 build 0520, and let me know if this still happen?
It include some bug fixes regarding windows networking.

Does vanessa is using "Windows Offline files" ?
I saw some case where Windows Offline files was enabled, and using a different username.
Does User is connected by UNC (\\xxxx\share) or the network share is mapped to a drive letter ?
Does her user name in NAS (Vanessa) is the same in Windows (Vanessa too) ?
Does your DNS name is the same as the netbios name (the hostname of the NAS ?)
Do you use active directory ? or simple nas local users.

Thank you.

Post Reply

Return to “Windows Domain & Active Directory”