Author Topic: TeraStation Pro with Active Directory  (Read 6980 times)

ceejaymac

  • Calf
  • *
  • Posts: 1
TeraStation Pro with Active Directory
« on: May 20, 2009, 03:21:52 PM »
   

I'm trying to add a TeraStation Pro to our Active Directory. I seem to have it in AD, but cannot get it to recognize users or groups in AD. I've read horror stories here and in other support forums about buggy firmware upgrades and upgrades that don't even work. I'm at the point where I can no longer reccomend the Buffalo product as an AD aware device. There is very limited documentation and even the terminology does not seem correct.

 

Currently when I go to User Management under Domain User List it says "cannot obtain".

 

Can anyone point me to documentation to add a TeraStation Pro to an AD?


PCPiranha

  • Big Bull
  • *****
  • Posts: 2209
Re: TeraStation Pro with Active Directory
« Reply #1 on: May 20, 2009, 06:28:31 PM »

Here is a checklist of things to check:

Configuring Active Directory for the Buffalo

Before integrating the Buffalo NAS into Active Directory there is a check list that should be gone over.

1) Have you created a pre Windows 2000 computer account on the domain, that has the same name as the Buffalo's Hostname ?

2) Does your domain controller require Digitally Signed SMBPackets? On Windows 2003 Server these policies are enabled by default.They need to be set to 'Disable', not 'Enable', or 'Not Defined'.

3) Is the Time/Date/GMT on the Buffalo set within 5 minutes ofthe Time/Date/GMT on the Domain Controller? Windows Domain Controllersare set to reject packets if the timestamp is 5 minutes or more out ofsync. Buffalo recommends using the NTP function on the Buffalo for thisreason.

4) Do you have the DNS setting on the Buffalo pointing to the IP address of the Domain Controller?

5) Does you Domain Controller also run a DNS server?

6) Are you accessing it via IP address or host name? The Buffalocan only be access by IP address when it is integrated into ActiveDirectory.

7) Does the Domain have over 1,000 users? The Buffalo has alimitation of 1,000 users, there is a workaround if you have 1,000users or more.

 

 

And here is how you configure the buffalo:

 

Configuring a TeraStation for Active Directory:

  • A computer account with the name of the Terastation needs tobe created on the domain. It needs to be configured so that a pre-2000machine can use this account. Also, the Domain Controller needs"NetBIOS over TCP/IP" set to "enabled".
  • In "IP Address Properties" under "Network", the DNS server address needs to be set to the Domain Controller's address.
  • The clock on the TeraStation needs to be set to the sametimezone as the Domain Controller and the times need to be with in 5minutes of each other.
  • The "Workgroup/Domain" page under "Network" needs to be set tothe following settings - If ever a field is too short to enter the fullinformation (particularly the Domain Name and the Domain Controllerfields) they need to be filled in as much as possible:

Workgroup and Domain Properties:

  • Network Type: "Domain"
  • Workgroup Name: N/A (greyed out)
  • Domain Name: Name of the user's Domain
  • Domain Controller Name: Name of the server that controls the Domain
  • WINS Server IP Address: The IP of whatever is running theWINS server (If not running WINS, use the IP of the Domain Controller)
  • Active Directory: "Domain"
  • AD Full Domain: The full name of the Domain, typically "domainname.local"
  • AD Full Domain Controller: The Domain Controller "dot" thefull domain from the previous line so"domaincontroller.domainname.local"
  • AD Administrator Name & AD Administrator Password: Theuser name and password of an account with administration privileges sothe Tera can properly be added to the network. This information willnot be stored.

 

 

If you're still not having any luck or have too many users:

 

The unit has a limitation that it can download up to 1000 domain users.If you want to use domain user accounts, you will need to use theDelegate Authority to an external SMB Server option. To do this, selectWorkgroup and put a checkmark in the "Delegate Authority to ExternalSMB Server", "Use Windows Domain Controller as Authentication Server","Automatic User Registration", and "Authentication Shared Folder" andenter the required information. The "Authentication Shared Folder"option will create an open share. Have the domain users that are toaccess the unit login to that share. This will register those users onthe Terastation. Afterwards, you can set Access Restrictions on theshares using those users and remove the "Authentication Shared Folder".