Text only | Text with Images

Buffalo Forums

Products => Storage => Topic started by: gwn on April 29, 2010, 04:49:31 AM

Title: LS-CH1.0DTL Delegate Authentication
Post by: gwn on April 29, 2010, 04:49:31 AM
   

Hello,

 

I bought one of the LS-CH1.0DTL NAS drives, set it up and can access the web interface fine. I'd like to use it in a domain environment and only want users with valid domain accounts to connect. I understand that I can't add it to the domain (which is fine) but I can delegate the authentication server.

 

I've gone to the network settings, clicked on Workgroup and filled in the Workgroup Name: (domain), chosen "Delegate Authority to External SMB Server" entered the server name, ticked the boxes and entered a authentication shared folder. Problem is, when I try to connect to the share with a valid account it doesn't give me access.

 

I've changed the SMB signing as I've seen on other articles but it still doesn't make a difference. Tried creating a computer account in the name of the NAS and that doesn't work either. In the event log on the server I can see the error I attached below. Seems to me that the NAS is using it's own name for the domain during authentication instead of the workgroup name I entered. Any way around this?

 

Thanks,

 

Andy

 

Logon Failure:
     Reason:        An error occurred during logon
     User Name:    GWN
     Domain:        FDNAS01 <---------- SHOULD BE WORKGROUP(Domain) NAME!!!
     Logon Type:    3
     Logon Process:    ˆ[
     Authentication Package:    NTLM
     Workstation Name:    \\192.168.x.100
     Status code:    0xC000006D
     Substatus code:    0x0
     Caller User Name:    -
     Caller Domain:    -
     Caller Logon ID:    -
     Caller Process ID:    -
     Transited Services:    -
     Source Network Address:    192.168.x.100
     Source Port:    0

Title: Re: LS-CH1.0DTL Delegate Authentication
Post by: davo on April 29, 2010, 06:42:23 AM
   

Are you talking about joining it to an AD domain to import users/groups?

Title: Re: LS-CH1.0DTL Delegate Authentication
Post by: gwn on May 04, 2010, 04:42:00 AM
   

 

davo wrote:

Are you talking about joining it to an AD domain to import users/groups?

Yes and no - as far as I can make out it is not possible to join these boxes to the domain, but it is possible for the NAS to authenticate against the domain as per the "Delegate Authentication" setting. I only want users with valid domain accounts to be able to access the NAS, but as you can see above the NAS box is trying to connect to the server using the wrong domain name.

 

 

davo wrote:

People should NEVER depend on one system to store all there data! ALWAYS backup your data to another device!

The NAS box will be backed up by the server each night onto USB drives that will be taken offsite in the morning. Backup is not the issue, I just want the authentication to work as it's supposed to.

Text only | Text with Images
Browser ID: smf (is_webkit)
Templates: 1: Printpage (default).
Sub templates: 4: init, print_above, main, print_below.
Language files: 1: index+Modifications.english (default).
Style sheets: 0: .
Hooks called: 59 (show)
Files included: 27 - 1055KB. (show)
Memory used: 720KB.
Tokens: post-login.
Queries used: 14.

[Show Queries]