Windows ADS domain with trust relationship

All questions pertaining to Windows Active Directory Service can go here
Forum rules
This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu

Windows ADS domain with trust relationship

Postby elmer91 » Mon Feb 13, 2012 6:14 pm

Hello,

A new DS-712+ has successfully joined our old Windows 2000 domain.
When creating shares, I am able to set share permissions among all domain groups and users.

But the problem is that we have 2 (old) Windows 2000 domains: there is a bidirectional trust relationship between both.
On other Windows servers, we are able to set permissions from groups/users belonging to any of these domains.

On DS, only groups/users from the first domain are shown.

I can manually set permissions by editing smb.conf, adding rights like this:
valid users = @SECOND_AD\GROUP
It works fine.

But changes are lost as soon as we have to modify shares parameters.

Do you know another way to do this ?
Thanks for your help.
DS-207+: 2 HD501HJ
DS-710+: 2 HD203WI
elmer91
Trainee
Trainee
 
Posts: 18
Joined: Wed Mar 26, 2008 3:12 pm

Re: Windows ADS domain with trust relationship

Postby millsey45 » Mon Oct 22, 2012 12:33 pm

THANK YOU elmer91 for this post, I was having issues supporting multiple domains until you posted this.

Note also that in the config file, there is a line for the "valid users" and also a line for "write list" which I assume is the users who have write privilges.

I think it is important for Synology to support multiple domains for the future, there is likely lots of IT consultants or service companies who will need to support multiple domains. Maybe a simple "others" textbox to be included in the permissions when the smb.conf file is updated?

For the benefit of users reading this in the future, teh location of the smb.conf is : /usr/syno/etc/smb.conf

Regards
Millsey
millsey45
I'm New!
I'm New!
 
Posts: 2
Joined: Mon Oct 22, 2012 10:10 am

Re: Windows ADS domain with trust relationship

Postby millsey45 » Mon Oct 22, 2012 1:05 pm

THANK you for this post, I was stuck trying to allow multiple domains to access teh device until this.

For the record, the smb.conf is in /usr/syno/etc

Also note that you may also need to specify the groups who can write to the shared folder in the "write list" directive also.
millsey45
I'm New!
I'm New!
 
Posts: 2
Joined: Mon Oct 22, 2012 10:10 am

Re: Windows ADS domain with trust relationship

Postby JayB » Tue Jan 15, 2013 1:32 pm

Do you think that this solution would work for two Small Business Servers (they are located in two offices connected via VPN)?

Many thanks,

Jay
JayB
Trainee
Trainee
 
Posts: 12
Joined: Tue Jan 15, 2013 12:44 pm


Return to Windows AD Domain

Who is online

Users browsing this forum: No registered users and 0 guests