AD Standalone Domain Controller

[gnalley]

Would not recommend buying the QNAP if you plan to use it as a standalone DNS server. The SAMBA service works, but two other required services are flawed that make it unusable as a standalone AD controller. It will work well as a member controller, just not as a primary standalone.

The problem are 1) you cannot set DNS forwarders in the AD DNS server and 2) you cannot set DHCP Options commands in the DHCP Server. As a result, your DHCP clients cannot be set to use the AD DNS Server...and if you configure them to use the AD DNS server, it will not forward to upstream DNS servers to resolve non-AD (i.e. the rest of the Internet) hosts.

Two MAJOR failures in what should be no brainer features in DNS and DHCP. Please correct this flaws.

Thanks
Gary

[schumaku]

1) you cannot set DNS forwarders in the AD DNS server ... As a result, your DHCP clients cannot be set to use the AD DNS Server...and if you configure them to use the AD DNS server, it will not forward to upstream DNS servers to resolve non-AD (i.e. the rest of the Internet) hosts.

Wrong. A) This does not require _any_ DHCP Options, and B) it can be set ...

http://forum.qnap.com/viewtopic.php?t=105462#p475064

What was the other service but DNS again?

Have already challenged NAP Customer Service or searched the forum before leaving negative comments?

[gnalley]

schumaku, respectfully disagree.
A) You need to set DHCP options to distribute the correct DNS server to your DHCP clients.
B) You also cannot set your DNS Forwarder in the SAMBA server. It will "correct" itself upon reboot.

I have been working with Support since Nov 2015 and have several tickets that have not been responded to since Dec 14, 2015. Other tickets have been worked, but the standalone AD controller issues (DHCP options and SAMBA DNS settings) are going nowhere. I have had MANY conversations with tech support via phone, many screen sharing sessions and they all agree this is a QTS code issue and these features do not work as a standard Linux DHCP and SAMBA server do. I am typically a *very* patient IT professional, but having no access to communicate with developers/product managers/support managers and tickets that go for weeks/months without a response is unacceptable.

There are several workarounds to this issue. The simple is to run a separate Windows AD server with DHCP and DNS on it. You can also run this as a virtual machine on the NAS itself. However, this defeats our goal of creating a simple backup/domain/file share environment on a single device. This would not be a big deal, but I have been looking for a very specific solution for a *very* large multi-site deployment. Something that QNAP is not getting (i.e. purchasing *lots* of devices). Right now we are rolling our own Linux appliances using custom configured hardware. Again, much more complicated than buying a standard NAS appliance, scripting a config file load on it and calling the FedEx truck.

What versions of hardware and QTS are you having success with as a standalone AD controller? I welcome any input and would very much welcome being wrong.

Thanks
Gary

[schumaku]

A) You need to set DHCP options to distribute the correct DNS server to your DHCP clients.

The DHCP does distribute the DNS server (option 15 if you desperately want) to the DHCP clients here as configured on the NAS.

B) You also cannot set your DNS Forwarder in the SAMBA server. It will "correct" itself upon reboot.

While there is no UI control for this, the

[global]
...
dns forwarder = [IP-address]
...

is configured to use the same name servers ... and the first name server configured does end in the dns forwarder. This works for me, because the DNS smart and does send DNS queries for the local domain to the local servers. (Sophos UTM, ZyXEL USG).

Granted, the automatism is borked ... somebody at QNAP want to be a smart-a** and has implemented this in /etc/init.d/smb.sh (around line 658):

_ad_resolv()
{
if [ ! -f /etc/resolv_bak ]; then
/bin/echo "backup resolv.conf"
/bin/cp /etc/resolv.conf /etc/resolv_bak > /dev/null 2>&1
fi
dns_forwarder=`grep nameserver /etc/resolv_bak | head -n 1`
if [ "x$dns_forwarder" != "x" ]; then
dns_t=`echo "$dns_forwarder" | cut -d ' ' -f 2`
/sbin/setcfg global "dns forwarder" $dns_t -f $CONFIG
fi

/bin/rm /tmp/smbp1 /tmp/smbp2 /tmp/resolv_t -f
DOMAIN_T=`/sbin/getcfg global realm -f $CONFIG`
/bin/echo "domain $DOMAIN_T" > /tmp/smbp1

When talking to QNAP customer service, it's very clear what is causing this.

The same DNS IP as configured on the NAS are also sent as Option 15 to the DHCP clients.

I can understand that this is not the full flexibility you might expect.

Regards,
-Kurt.

[resonant]

How did this turn out Gnalley?

Just got a TS453A for home and was planning on setting it up as a standalone DC - then I saw your thread and some other info. Is this still an issue? Did you ever set it up and have it work reliably?

Thanks,

Resonant

[ReedMikel]

Any update on this topic?

[storageman]

Seriously, NAS should not be for this. Something else for Qnap to screw up.

[opt_dt_user]

Workaround to enable DNS forwarding for domains unknown from QNAP DNS zone
Edit smb.conf and restart smb service

vim /etc/smb.conf
#dns forwarder = 192.168.0.32 (set to IP of QNAP to be replaced by:)
dns forwarder = 8.8.8.8


/etc/init.d/smb.sh restart

Hope this helps !

[opt_dt_user]

I asked QNAP support and was informed that the "DNS Forwarder" feature will come in Firmware 4.3.3 oficial.
Let's wait for it!

[bitminer]

Allow Forwarder Setting In QTS GUI for SAMBA when used as a Domain Controller. @QNAP Don't know what I am talking about see other posts on this forum and my helpdesks... you'll figure it out.

[schumaku]

@QNAP Don't know what I am talking about see other posts on this forum and my helpdesks... you'll figure it out.

QNAP does not systematically listen here. However, I was told that this UI control should become available with QTS 4.3.x - but was not able to find it either. Have a feature request hanging since the first days of the QNAP Domain Controller testing

[bitminer]

Agreed: DHCP server still broken. Advanced settings are not advanced enough. Also do not allow for pxe boot opts. I roll my own in Virtualization Station.
Agreed: QNAP as Primary AD also broken, but have been able to coax it into working. RSAT tools do not allow setting of SAMBA forwarder (from SAMBAs own doc and from futile trying anyway), but futzing with DNS Forwarders in IP Conf to trick resolve.conf can and has been done and cmd line trickery, but both are UNACCEPTABLE solutions both proposed by QNAP. If they would only expend the energy to fix it think of the decrease in help desk tickets, calls, and the like.

QNAP NAS is Network Attached Storage, but with out the Network part.

[bitminer]

There's a chance... just a chance... that after honey badgering QNAP and drawing pictures of the QNAP implementation (before not working) and after me coxing their implementation into working (after) they have escalated my HD ticket. Hopefully to the powers that be that can make forwarder equal to the Secondary DNS setting (less preferred) or adding a Forwarder configuration to UI (preferred), but I am not holding my breath in anticipation. Currently it is set to primary DNS or gets set to this either by grabbing first line in resolv.conf or "Domain Name Server 1" in smb.sh in init.d (which does not have a value on my machine.... not that it would be the right one anyway). Which if they would just change "Domain Name Server 1" to "Domain Name Server 2" at least I could configure the box so that all machines could reach internal and external DNS servers.

[chandlerbing]

Hello all - I am currently researching the possibility of using our QNAP as a replacement for out macOS server Open Directory environment. We don't have complex needs so I'm not TOO worried about the featureset, but I do know that we'll need the features being discussed here.

One of the recent 4.3 updates seemed to refresh the DHCP service on the NAS. Does this resolve the options needed to set the DNS server correctly for clients?