TeraStation III (TS-XL/R5 - 2.0TB) - Cannot Obtain Domain Users from AD

[algernon24]

   

Firmware Version: 1.10

 

My company just bought 2 TeraStation III (TS-XL/R5 - 2.0TB). Everything is fine except that the TS cannot obtain the Domain Users from the AD. It can obtain only the Domain Groups from the AD.

 

Details:

DNS Server : Domain Controller

Authentication Method: Active Directory

NTP: Domain Controller

Set to Disable on DC: Digitally Signed SMB Packets

 

Any suggestions on how to resolve this.

 

I have an old TeraStation (TX-HGL/R5 - 1.0TB) and it's the current fileserver. The two new TSs will replace this one.

[JoshC]

Make sure that you GMT is set correctly.  Go here to dble check. ( If that unit isnt within 5min of the domian controller you will have a whole world or problems trying to pull the users and groups.  If the GMT is set correctly then run through these steps to make sure.

 

 

 

 

Does your domain controller require Digitally Signed SMB Packets? On Windows 2003 Server these policies are enabled by default.  They need to be set to 'Disable', not 'Enable', or 'Not Defined'.  If not I would initialize the unit and set it back up.  Make sure the settings are correct:

 

 

Configuring the Buffalo Nas for Active Directory:

• A computer account with the name of the Buffalo NAS needs to be created on the domain. It needs to be configured so that a pre-2000 machine can use this account.

• In "IP Address Properties"    under "Network", the DNS server address needs to be set to    the Domain Controller's address.

• The clock on the Buffalo needs to be set to the same timezone as the Domain Controller and the times need to be with in 5 minutes of each other.

• The "Workgroup/Domain" page under "Network" needs to be set to the following settings - If ever a field is too short to enter the full information (particularly the Domain Name and the Domain Controller fields) they need to be filled in as much as possible:

Workgroup and Domain Properties:

• Network Type: "Active Directory"

• Active Directory Domain Name (NetBIOS Name): NETBIOS Legacy    Domain name, ex. "DOMAIN"

• Active Directory Domain Name (DNS/Realm Name): Full Domain    name, ex. "domain.com"

• Active Directory Domain controller Name: Domain Controller    name, ex. "server"

• AD Administrator Name & AD Administrator Password: The user name and password of an account with administration privileges so the Buffalo can properly be added to the network. This information will not be stored.

• WINS Server IP Address: IP    address of the WINS server (if not using WINS, enter domain    controller's IP addres

[algernon24]

   

JoshC,

 

I have followed your guide and still the TSs cannot obtain the Domain Users but it can obtain the Domain Groups from the AD.

 

 

[PCPiranha]

Al,

 

How many users are there?  Do you have any special security settings in AD?  PM me with the state you have your server in and the GMT that you have it set to (reiterate: it has to be within 5 min of the domain controller).

[algernon24]

   

Hi,

 

There are around 164 users and there are no special security settings in AD. Server is set to +8 GMT and so are the 2 TeraStations (they are within seconds of the DC).

 

The TSs can retrieve only the Domain Groups from the AD. I have tested the Access Restrictions on the TSs and it's working fine except that I can't retrieve Domain Users.

 

I have a solution but it involves creating a Security Group per domain user account in the AD. So at around 164 users, I'll be creating 164 security group just to enable individual folder sharing.

 

Any advice. Thanks.

[PCPiranha]

What version of server?

[algernon24]

   

Windows Server 2003 Standard Edition (Service Pack 2)

[PCPiranha]

Hmmm, see if the delegate authority workaround works:

 

select Workgroup and put a checkmark in the "Delegate Authority to External SMB Server", "Use Windows Domain Controller as Authentication Server", "Automatic User Registration", and "Authentication Shared Folder" and enter the required information. The "Authentication Shared Folder" option will create an open share. Have the domain users that are to access the unit login to that share. This will register those users on the Terastation. Afterwards, you can set Access Restrictions on the shares using those users and remove the "Authentication Shared Folder".

[partnersgroup]

   

Any update on this problem?  I'm having the same issue and using group-level access won't work for me either as there are too many different security permissions on shares...

 

Does this function work properly with older rev's of the firmware?  Buffalo wants to RMA my unit but I'm pretty sure that's not really the issue.

[ppait]

   

Quick thought: I had a similar problem obtaining users and groups from AD.  For some reason LAN1 has to be the one plugged into your AD network.  It doesn't work with LAN2.  It's somewhere in the documentation.