Author Topic: Terastation Pro 2.0T - auth to samba BDC?  (Read 5482 times)

simoriah

  • Calf
  • *
  • Posts: 1
Terastation Pro 2.0T - auth to samba BDC?
« on: October 02, 2008, 11:51:09 AM »
   

I have an old samba BDC sitting at a remote office. Their BDC is running out of storage so I got this NAS to fix that. I NEED to do authentication to the domain so I can get this up and running.


First... the only DNS server address on the NAS is 10.0.1.5 ... the BDC. If I nslookup bdc.comany.com against 10.0.1.5, I get the right IP. The NAS keeps griping about not being able to do the DNS resolution during the domain join.

 

Next... I've synced times. I've added the nas.company.com A and PTR records. I've created a Domain Admin account on the samba domain that doesn't have any "strange" characters in it. I've created the nas computer account in the domain. I still can't get this thing to join to the domain.

 

I've upgraded the firmware to the lastest version... 1.27-1.17.

 

I'm at a loss and ready to return this thing and get something that'll do NFS so it "just works." HELP!

 


Paul

  • Big Bull
  • *****
  • Posts: 1223
Re: Terastation Pro 2.0T - auth to samba BDC?
« Reply #1 on: October 03, 2008, 08:31:48 AM »

Try this method to authenticate

Delegate Authority Method

Sometimes, the above steps just don't work or have strange sideeffects(i.e. Download users from wrong subdomain). The usual cases arejoining a subdomain, joining a domain with a trust relationship toanother domain, and if there is a very large number of users on thedomain. The way to get around this is the "Delegate Authority to anExternal SMB Server" option.

Setup Steps

  1. Under Network->Workgroup/Domain, select Workgroup and put acheckmark in the "Delegate Authority to External SMB Server", "UseWindows Domain Controller as Authentication Server", "Automatic UserRegistration", and "Authentication Shared Folder" and enter therequired information.
  2. The "Authentication Shared Folder" option will create an openshare. Have the domain users that are to access the unit login to thatshare. This will register those users on the Terastation.
  3. Afterwards, you can set Access Restrictions on the sharesusing those users. The users will be the actual domain users, so if youchange the password in AD, it will change for the unit.

NOTE: When in this method, Terastations and Linkstations may (needsto be confirmed) only support LM (Lan Manager) Authentication Level,not NTLM or NTLMv2.

I had a cust in this situation where we could only make aconnection from 2k3 server when "accept NTLM responses only" waschanged to "accept LM and NTLM responses"