Author Topic: Puttin' Linkstation on the Domain  (Read 1097 times)

Tiderfish

  • Calf
  • *
  • Posts: 9
Puttin' Linkstation on the Domain
« on: September 12, 2020, 09:55:00 PM »
Greetings!

I recently got my Linkstation LS-1000GL up and working (THANKS 1000001101000) after a hard drive failure/ replacement. Now that I am going through the settings a bit more, I would like to get Active Directory integration setup.

I have followed this KB article to a tee, and it will not connect completely.

Quote
https://www.buffalotech.com/knowledge-base/joining-a-buffalo-nas-to-an-active-directory-domain

Preparing a domain account for the Buffalo NAS

Connect to your domain controller, either at the console or via remote desktop.
Verify that the domain controller has a static IP address and that the primary DNS server is the domain controller.
The Buffalo NAS device must be on same network segment as AD domain controller and must use the domain controller as its primary DNS server.
Create an AD service account for the NAS. (Windows 2003, AD)  (Best practice is to not use special characters in the username). The password can only contain the following special characters: . - _ (Legacy Linux).
The account must be member of the Administrators Group
Create a DNS A record for the NAS. If the NAS has multiple IP addresses, create an A record for each IP address.
Create a computer account for the NAS (Windows 2003, AD).
The computer name must be the same as the name assigned to the NAS.
Select "Assign this computer account as a pre-Windows 2003 computer". Do not select "Assign this computer account as a backup domain controller".
After the computer account is created, examine the Delegation tab on the Properties page. Select "Trust this computer for delegation to any service" (Kerberos only).
SMBv1 MUST be enabled on the domain controller. (TS5010/TS3010 series do not have this restriction)
In some cases, if digital SMB Signing is disabled on the domain controller, you will need to enable it to join. You can find this under Local Security Policy on the DC. (Or change it under Domain defaults in group policy editor to have it updated on all DCs)
 
Setting the time and time zone

Note: The time and time zone must be set correctly on the NAS device in order to successfully join an Active Directory domain. If the difference in time between the NAS the domain controller is off by more than five minutes, the NAS will be unable to join the domain.

The only issues I had here are that I don't see this option-
"Assign this computer account as a pre-Windows 2003 computer"
I can only add "Pre-Windows 2000 Computer" etc

The first warning I get when I try to add the LinkStation to the domain is:

Quote
Successfully resolved the DNS name set, and the Active Directory Domain name, however the services necessary to join the active directory domain could not be found.
Please confirm that an appropriate DNS server address has been set.
Please check the DNS server address under Network - IP Address.
Do you wish to join the Active Directory Domain as is?
       OK     Cancel
I click OK, and get this:
Quote
Failed to resolve the Domain Controller Name set as the active directory domain controller name.
Please check the network status to allow the computer name ot be resolved. Do you with to continue to join the active directory domain as is?
      OK     Cancel
Click OK and get this:
Quote
Failed to join Active Directory Domain.
Please confirm the Active Directory Domain setting information, Administrator user name and password.

I have tried pointing to both my Domain Controllers, and i have triple checked the time, and even disabled the NTP service in the link station GUI.

Any thoughts or suggestions?

Thanks,
Matt

1000001101000

  • Debian Wizard
  • Big Bull
  • *****
  • Posts: 1128
  • There's no problem so bad you cannot make it worse
Re: Puttin' Linkstation on the Domain
« Reply #1 on: September 13, 2020, 08:02:00 AM »
I’ve never done anything with these devices on windows domains but would guess it’s a version compatibility issue.

That model only supports SMB1 which is disabled by default on modern versions of windows. I’m not sure about the other protocols involved but suspect it’s similar.