Author Topic: AD connector  (Read 13057 times)

WEBARUBA

  • Calf
  • *
  • Posts: 10
AD connector
« on: October 24, 2008, 07:53:06 AM »
   

We bought a 4TB Terastation PRO and joined it to our Active Directory network. We can share folders without any problem. What we can not do is to set the security settings for the Active Directory users and groups. Every time we do that we got the error message that the Terastation is not joined to the AD.

We got information from Buffalo technician that and some guidelines, but still get the same error and now also an error "Unable to display the user dialog box".

 

We are using only the administrator of the AD to work on the systems.

 

Hope to get a solution for this

 

 

Terrastation Model TS-H0-0TGL/R5

FIRMWARE : 1.26

SIZE 4 TB


Paul

  • Big Bull
  • *****
  • Posts: 1223
Re: AD connector
« Reply #1 on: October 24, 2008, 12:04:57 PM »

I would set it back to factory defaults with in the web interface, then reconfigure it for AD.

 

Configuring the LS Pro/Terastation Pro II for Active Directory

Login to the LS Pro  
Enlarge
Login to the LS Pro
1) Change the hostname of the LS Pro.  This will be needed later2) The Time, Date and GMT are VERY important.  If they differ more than 5 minutes with the Domain Controller, it will not authenticate users.  
Enlarge
1) Change the hostname of the LS Pro.  This will be needed later
2) The Time, Date and GMT are VERY important.  If they differ more than 5 minutes with the Domain Controller, it will not authenticate users.
1) Disable DHCP, and assign a static IP address. 2) Set the DNS server to a DNS server on the Domain.  It is recommended to have the DNS server be the same as the Domain Controller.  
Enlarge
1) Disable DHCP, and assign a static IP address.
2)Set the DNS server to a DNS server on the Domain. It is recommended tohave the DNS server be the same as the Domain Controller.
1) Set Network Type to Active Directory2) Set the NetBIOS Name to NetBIOS Name of the Domain.  Example: google.com would be just google3) Set the DNS/Realm Name to the Full Qualified Domain Name.  Example: google.com would be google.com4) Set the Domain Controller Name to the Domain Controllers name.  This is NOT a Fully Qualified Domain Name.5) Enter the Domain Administrator's Name6) Enter Domain Administrator's Password7) Even if they are NOT using WINS they should enter the IP address of the Domain Controller8) Click Apply  
Enlarge
1) Set Network Type to Active Directory
2) Set the NetBIOS Name to NetBIOS Name of the Domain.  Example: google.com would be just google
3) Set the DNS/Realm Name to the Full Qualified Domain Name.  Example: google.com would be google.com
4) Set the Domain Controller Name to the Domain Controllers name.  This is NOT a Fully Qualified Domain Name.
5) Enter the Domain Administrator's Name
6) Enter Domain Administrator's Password
7) Even if they are NOT using WINS they should enter the IP address of the Domain Controller
8) Click Apply
Click on User Management to verify that it pulled the user list.  This may take 5 minutes to pull the entire list, depending on how many Users they have on the Domain  
Enlarge
Clickon User Management to verify that it pulled the user list. This maytake 5 minutes to pull the entire list, depending on how many Usersthey have on the Domain
Click on Group Management to verify that if pulled Groups  
Enlarge
Click on Group Management to verify that if pulled Groups
Start->Run \\IP Address of the LS Pro  They have to use the IP address of the Linkstation to access the share, when it is in Domain Mode  
Enlarge
Start->Run \\IP Address of the LS Pro  They have to use the IP address of the Linkstation to access the share, when it is in Domain Mode
 
Enlarge
 
Enlarge

Configuring Active Directory for the LS Pro/Terastation Pro II

  • DNS for the network and needs to have NETBIOS OVER TCP/IP setup. It is recommended to have the Domain Comtroller supply DNS for the Domain.
  • The clock on the Buffalo NAS needs to be set to the sametimezone as the Domain Controller and the times need to be with in 5minutes of each other.
  • The HELP page of the Terastation Pro says that theguest account on 2003 Domains needs to be enabled.  It has been test by Telamon on 2000 Server, with the guest disabled.
A computer account needs to be setup on the Domain with the name of the Buffalo NAS and set to pre-Win2000 machine.
(note: on a 2003 Domain the TS needs to be set as a client machine and not a server)

 

Start->Run->DSA.msc  
Enlarge
Start->Run->DSA.msc
Right-Click and select New, and then select Computer  
Enlarge
Right-Click and select New, and then select Computer
1) Computer Name needs to be the hostname of the Buffalo NAS2) User or Group needs to be left at the default of Domain Admins3) Allow pre-Windows2000 Computers to use this account needs to be checked  
Enlarge
1) Computer Name needs to be the hostname of the Buffalo NAS
2) User or Group needs to be left at the default of Domain Admins
3) Allow pre-Windows2000 Computers to use this account needs to be checked

 


WEBARUBA

  • Calf
  • *
  • Posts: 10
Re: AD connector
« Reply #2 on: October 27, 2008, 02:43:01 PM »
   

Hi PAUL,

   I have done what you have send and prior to that I have upgrade the Firmware from 1.26 to 1.27.

With that I can now see the active directory groups. But still I cannot use the Active Directory groups for the security. I can select the AD group, but when I click on apply, it will disappear. SO I still can not use the AD security.

 

The step I follow was, create a computer in the domain with the same name as the Terastation, than joined the computer to the Domain and than create the shares. But get the error mention above.

 

Hope you can help me for a solution for this one.

 

Best Regards

 

Erwin


Paul

  • Big Bull
  • *****
  • Posts: 1223
Re: AD connector
« Reply #3 on: October 27, 2008, 03:16:58 PM »
Im not 100% sure I understand the error you get.  If the TS is on the AD, then you create the share with in the root directory and apply access restrictions to the folder, via group or user.  What page are you getting the error on?

WEBARUBA

  • Calf
  • *
  • Posts: 10
Re: AD connector
« Reply #4 on: October 27, 2008, 03:35:47 PM »
   

This error I get when I'm on the share folder in AD. I think that the problem is that I don't know which users has full access and has the rights to add groups.

 

Regards

 

Erwin


Paul

  • Big Bull
  • *****
  • Posts: 1223
Re: AD connector
« Reply #5 on: October 27, 2008, 03:41:21 PM »
All premissions on the Buffalo NAS have to be set in the web GUI of the Buffalo NAS this can not be done from the AD

WEBARUBA

  • Calf
  • *
  • Posts: 10
Re: AD connector
« Reply #6 on: October 27, 2008, 03:43:22 PM »
   

And how can I access the AD users group or users in the Buffalo GUI?

 

Regards

 

Erwin


Paul

  • Big Bull
  • *****
  • Posts: 1223
Re: AD connector
« Reply #7 on: October 27, 2008, 03:49:57 PM »

Login to the web interface,

Click on Share folder set up 

Click on the share folder name

Enable access restrictions 

you will see 3 categories read/write read and no access

 

Move the user or group into the right "Box" and hit apply at the bottom 


WEBARUBA

  • Calf
  • *
  • Posts: 10
Re: AD connector
« Reply #8 on: October 27, 2008, 04:12:29 PM »
   

That's mine problem, I have done that, but can only see the local users and not the AD users and groups. The only group that the system see from AD is the Administrators Domain Group. It work fine with the local users, have test it already and it works. We would like to have also the AD groups and users. Reason for this is that we have several Linux and Windows servers and all authenticate with the AD through a login script file.

 

Is there a settings that I might be missing?

 

Erwin

 

 


WEBARUBA

  • Calf
  • *
  • Posts: 10
Re: AD connector
« Reply #9 on: October 28, 2008, 06:53:30 AM »
   

After that I have joined to the domain, I will get, selecting the user management, "Cannot obtain" under the Domain User List. Are there some settings in the AD that I have to take into account.

 

Regards


WEBARUBA

  • Calf
  • *
  • Posts: 10
Re: AD connector
« Reply #10 on: October 28, 2008, 08:04:25 AM »
   

I have reset the system to the default settings and make all the changes accoording your recommendation and still get this information in the group management:

Domain Group List

 

Group Name
Group Description
Acquisition failure.
Regards
Erwin

Paul

  • Big Bull
  • *****
  • Posts: 1223
Re: AD connector
« Reply #11 on: October 28, 2008, 10:18:47 AM »
Try rebooting both the Buffalo server and the AD server

WEBARUBA

  • Calf
  • *
  • Posts: 10
Re: AD connector
« Reply #12 on: October 28, 2008, 03:22:04 PM »
   

Hi Paul,

   I have take a look to one of mine clients and they have an older firmware version 1.10. That one work perfect and without any problem. The one we just got have a newer firmware but doesnot work. One of the difference I saw with the old one, is that they use the same password for ADMIN and ADMINISTRATOR. I tried to do that here also, but can not do it becuase the system has a complex password and the terastation does not accept it. I still get the same error that it can not obtain the user list.

 

Any suggestion ????


WEBARUBA

  • Calf
  • *
  • Posts: 10
Re: AD connector
« Reply #13 on: October 29, 2008, 06:44:25 AM »
   

I tried to download the older firmware from the site , but get this error:

 

Fatal error: Allowed memory size of 20971520 bytes exhausted (tried to allocate 9576 bytes) in /home/sites/site13/web/support_getdownloadsfile.php on line 32

 

And it seems to be on buffalo site.

 

Regards

 


WEBARUBA

  • Calf
  • *
  • Posts: 10
Re: AD connector
« Reply #14 on: October 29, 2008, 09:11:44 AM »
   

HI Paul,

  I have made a lot of test and get to see the group and user account for a while, but still cannot use them. First I have make an admin user with the same password as the Terastation Pro and rejoined the terastation. IT works fine until I make a share and add mine username. I tried to map it on mine computer and it ask me for a username and password. So when i get back in the terastation I noticed that I don't have access anymore to the Domain users and groups and understand the reason asking for a password. What I noticed also is that the time is not correct and is one hour ahead compared to our local time. I tried to use the NTP settings but there is a 1 hour time difference and I think this is due to the light savings time.  I have tried to use the local time, but that gave also the difference of one hour and even if I change it, it will reset back with the 1 hour difference.

 

Any idea what might be the problem to gather the domain user and groups?

 

regards

 

Erwin Ras