AD Users and Groups not listed

Questions about using Windows AD service.
Post Reply
envygeomatics
Starting out
Posts: 16
Joined: Tue Jan 15, 2013 5:18 am

AD Users and Groups not listed

Post by envygeomatics » Tue Jan 15, 2013 5:59 am

Hello,

We've added our new QNAP TS-879U-RU, firmware version: 3.8.1 Build 20121205, to the Active Directory domain but are unable to set permissions using AD users or groups.

From the web admin UI, "Home >> Access Right Management >> Domain":

Code: Select all

Domain NETBIOS Name: OURDOMAIN
AD Server Name: OURLOCALADS
Domain: Our.Domain.name.ca
Organization Unit: {currently empty but will eventually restrict to our OU}


"Home >> Access Right Management >> Users":

- selecting "Domain Users" shows zero results. Ditto for groups.

Questions:

Q1) How do we specify an "Active Directory lookup user"? The NAS UI only asks for Administrator, which is fine for joining the domain but after that is not needed, and actually contraindicated by company policy. We use a read-only AD account for things like reading user names, group memberships and permission levels. If QNAP only allows domain admin account to be used we may be forced to return the unit we just purchased.

Q2) How does one change or test Organization Unit settings without forcing a "join-to-domain" cycle? (which is what the [apply] button in the Domain Security panel does).

Q3) What syntax does the "Organization Unit" field want? The docs are silent on this point (.../help/help_privilege.html#LDAP; http://docs.qnap.com/nas/en/index.html? ... ows_ad.htm)

Q4) What is the average initial response time for a support request? I've submitted a request via the online web form and called the phone number and left a voicemail and have yet to receive either email notification or a call back (2 hours and 1 hour respectively). Considering the money spent I'm not favourably impressed thus far.

thanks.

assapar
First post
Posts: 1
Joined: Fri Nov 16, 2012 10:08 pm

Re: AD Users and Groups not listed

Post by assapar » Fri Jan 25, 2013 8:17 am

Hello.
I have the same problem. Please HELP!!!!!!!

jon.mtl
First post
Posts: 1
Joined: Thu Feb 07, 2013 6:02 am

Re: AD Users and Groups not listed

Post by jon.mtl » Thu Feb 07, 2013 6:07 am

Hello,
Today I had the same problem and I was able to solve it with Wireshark install on my domain controller...
So the problem is that my DC was requiring a signed Lightweight Directory Access Protocol. I've disabled those setting and it's now working.

This is the article how to configure the signed LDAP, so I just did the reverse...
http://technet.microsoft.com/en-us/library/dd941856(v=ws.10).aspx

I hope this help!

Jonathan

User avatar
pwilson
Guru
Posts: 22581
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: AD Users and Groups not listed

Post by pwilson » Thu Feb 07, 2013 9:49 am

jon.mtl wrote:Hello,
Today I had the same problem and I was able to solve it with Wireshark install on my domain controller...
So the problem is that my DC was requiring a signed Lightweight Directory Access Protocol. I've disabled those setting and it's now working.

This is the article how to configure the signed LDAP, so I just did the reverse...
http://technet.microsoft.com/en-us/library/dd941856(v=ws.10).aspx


I hope this help!

Jonathan


Or simply follow QNAP Tutorial: How to Join QNAP NAS to Microsoft Active Directory (AD)?

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.

vg8open
New here
Posts: 3
Joined: Fri Dec 23, 2011 9:31 am

Re: AD Users and Groups not listed

Post by vg8open » Sun Feb 10, 2013 3:38 pm

You either need to disable the "LDAP server signing requirements" on the domain controller or for a more secure configuration do the following:

on the NAS, edit the following file: /etc/config/smb.conf
Under [global] add:
client ldap sasl wrapping = sign

restart the NAS, and you should be able to list the domain users

waninae39
Know my way around
Posts: 153
Joined: Mon Jun 09, 2008 11:32 am

Re: AD Users and Groups not listed

Post by waninae39 » Sun Mar 31, 2013 6:04 am

hello:

i followed all the steps and i still get a greyed out list for just the AD users, local users are fine
ad domain users.png

this is on both a Ts669 and a ts469 running the latest code

both qnap server are able to join the domain. the ad server shows the two qnap servers listed as joined computers

i aslo followed these steps to selectively enable signing only or turning all off
http://technet.microsoft.com/en-us/libr ... 36(v=WS.10).aspx
You do not have the required permissions to view the files attached to this post.
Current firmware version:
TS-670pro 4.3.3 6 x 3TB WB RED
TS-669pro 4.3.3 6 x 6TB WB RED
All are running etx4, and running Raid6.
The 669 has 6x 3tb WD red HD, the 439 has 4x 2TB WD black HD,

commercial hardware firewall and commercial router
VOIP hard and soft client with SIP digital and analog telco trunk
NAS & all clients: 1Gbit/s with dual trunk ports

User avatar
doktornotor
Ask me anything
Posts: 7521
Joined: Tue Apr 24, 2012 5:44 am

Re: AD Users and Groups not listed

Post by doktornotor » Sun Mar 31, 2013 6:11 am

waninae39 wrote:hello:


Hello. May I suggest to read the fine manual? Of course they are greyed out, you are NOT supposed to delete AD users via QNAP GUI!!! Once again, you are spamming yet another thread with absolutely unrelated non-issue.
I'm gone from this forum till QNAP stop wasting volunteers' time. Get help from QNAP helpdesk instead.
Warning: offensive signature and materials damaging QNAP reputation follow:
QNAP's FW security issues
QNAP's hardware compatibility list madness
QNAP's new logo competition
Dear QNAP, kindly fire your clueless incompetent forum "admin" And while at it, don't forget the webmaster!

waninae39
Know my way around
Posts: 153
Joined: Mon Jun 09, 2008 11:32 am

Re: AD Users and Groups not listed

Post by waninae39 » Sun Mar 31, 2013 7:14 am

can you please be civil, IMHO these comments are unprofessional
i did read all document before posting.

BTW, they are NOT supposed to be greyed out!. i am NOT trying to deleted them!
i am TRYING to enable these users to have access to the qnap

so if you did read above, you can see that i cant becasure they are greyed out and thus cannot give them rights.

please add usefull commet if you can help this situation
Current firmware version:
TS-670pro 4.3.3 6 x 3TB WB RED
TS-669pro 4.3.3 6 x 6TB WB RED
All are running etx4, and running Raid6.
The 669 has 6x 3tb WD red HD, the 439 has 4x 2TB WD black HD,

commercial hardware firewall and commercial router
VOIP hard and soft client with SIP digital and analog telco trunk
NAS & all clients: 1Gbit/s with dual trunk ports

User avatar
doktornotor
Ask me anything
Posts: 7521
Joined: Tue Apr 24, 2012 5:44 am

Re: AD Users and Groups not listed

Post by doktornotor » Sun Mar 31, 2013 7:45 am

waninae39 wrote:i did read all document before posting.


You failed, try again.

waninae39 wrote:i am TRYING to enable these users to have access to the qnap


They are NOT disabled in any way. You are doing things in completely wrong place! Go to Access Rights Management - Shared Folders and assign permissions there to whatever you need them to access.
I'm gone from this forum till QNAP stop wasting volunteers' time. Get help from QNAP helpdesk instead.
Warning: offensive signature and materials damaging QNAP reputation follow:
QNAP's FW security issues
QNAP's hardware compatibility list madness
QNAP's new logo competition
Dear QNAP, kindly fire your clueless incompetent forum "admin" And while at it, don't forget the webmaster!

saulysw
New here
Posts: 4
Joined: Wed Mar 01, 2017 8:33 am

Re: AD Users and Groups not listed

Post by saulysw » Fri Jun 28, 2019 6:33 am

Try manually entering in the IP addresses for your DNS servers, rather than use DHCP. In Control Panel : Privelidge : Domain Security : Edit Redundant Domain Controller. You should be able to see the domain controllers there - if you can't, then that will be your issue.

I know this is a necro-post but it still might help someone, as it is still an issue.

yaniv
New here
Posts: 3
Joined: Thu Jun 27, 2019 7:01 pm

Re: AD Users and Groups not listed

Post by yaniv » Fri Jun 28, 2019 8:55 pm

I have a similar problem.
But i can see a list off my domain users ,
I cant see the list off my Domain group ...
I did not find a solution yet..

Yaniv

Post Reply

Return to “Windows Domain & Active Directory”