cannot join NT4 domain on DSM3.2

All questions pertaining to Windows Active Directory Service can go here
Forum rules
We've moved! Head over to Synology Community (community.synology.com) to meet up with our team and other Synology enthusiasts!
gsbarry
I'm New!
I'm New!
Posts: 3
Joined: Tue Jan 17, 2012 9:08 am

cannot join NT4 domain on DSM3.2

Unread post by gsbarry » Tue Jan 17, 2012 9:59 am

I have a DS111, using DSM 3.2

In yhe network setting, I have entered the correct WINS server IP.
In the Win/MAC/NFS > Domain/Workgroup Tab, I have enter the name of the NT4 domain.
However, after save, it told me that
"Failed to connect to the domain controller(DC) via TCP port 445. Please check the network and firewall setting of the DC"

I guess that it is going to connect as Active Directory Domain. However, I want to join a NT4 domain.

In the "Domain/Workgroup" of the HELP guide, it said that it supports NT4 domain. Furthermore, it has an option "Domain server type" for user to select NT4 or Active Directory. However, in my interface, the "Domain server type" in only a text, nothing option to select.

How can I join the NT4 domain?

rparry
I'm New!
I'm New!
Posts: 2
Joined: Thu Feb 02, 2012 6:33 pm

Re: cannot join NT4 domain on DSM3.2

Unread post by rparry » Thu Feb 02, 2012 7:01 pm

Took me a bit of trial and error, but I got it. Using model DS1511+, DM 3.2.

First I got it to join the domain:

* use web GUI to stop the windows file service (System Information / Services). Probably could do that from command line (/usr/syno/etc/rc.d/S80samba.sh stop)
* ssh into Synology box, use admin credentials
* edit /usr/syno/etc/smb.conf with domain info:

Code: Select all

        security = domain
        local master = no
        realm= 
        wins server = w.x.y.z
        password server = *
        workgroup = DOMAIN_NAME
* join the domain - use correct domain and admin user account. You will be prompted for password:

Code: Select all

net join -W DOMAIN_NAME -U admin_user
* use web GUI to start the windows file service

That was successful, but I could not access any shares. Finally figured out that I needed to use winbind to pull and use domain accounts like local accounts. Also made some changes to use better password security:
* Again, stop windows file service first
* use correct /etc/nsswitch.conf:

Code: Select all

cd /etc
cp /etc/nsswitch.conf.domain nsswitch.conf
* more additions to smb.conf:

Code: Select all

        lanman auth = No
        ntlm auth = Yes
        client NTLMv2 auth = Yes
        client lanman auth = No
        client plaintext auth = No
        winnbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = yes
* start windows file service

Accounts in domain will now work

All parameters for smb.conf are explained at http://www.samba.org/samba/docs/man/man ... onf.5.html
Info on winbind found at http://justlinux.com/forum/archive/inde ... 18512.html

No charge to Synology for getting this to work.

hlutz
I'm New!
I'm New!
Posts: 2
Joined: Tue Feb 07, 2012 10:16 pm

Re: cannot join NT4 domain on DSM3.2

Unread post by hlutz » Tue Feb 07, 2012 10:23 pm

rparry, you are BRILLIANT!

Hard to believe, but there still are old NT4 Domains out there in the world and this fixed worked flawlessly.

A few notes for others who need this great fix:
1. "winnbind uid = 10000-20000" is misspelled. Winbind is with one "n"
2. Make backups of the files before edit. Example: CP oldfile.xyz oldfiel.xyz.bkp
3. When you login via SSH (I used PuTTY) the username to use is "root", with password same as administrator.

Thanks again!
Herman

Mik
I'm New!
I'm New!
Posts: 5
Joined: Sat Jan 22, 2011 11:53 am

Re: cannot join NT4 domain on DSM3.2

Unread post by Mik » Fri Mar 09, 2012 2:55 pm

Excuse me I have the same problem (error code) with an AD 2003 Domain.
Do the solution may be the same?

TIA

Mik

eholdsworth
I'm New!
I'm New!
Posts: 2
Joined: Thu Mar 15, 2012 7:10 pm

Re: cannot join NT4 domain on DSM3.2

Unread post by eholdsworth » Thu Mar 15, 2012 7:18 pm

Thanks for posting this, very useful!

I've done the same on DSM4.0 but run into problems. It joins the domain ok, and pulls in the users into the Domain Users on the WEB GUI, I can set access rights for shares etc.

wbinfo -u gives a correct list of users as well.

I can see the shares in windows but when accessing them it says 'Network Access Denied'. The Web GUI log shows that I've accessed the share.

Struggling to debug this further, can't seem to get smbd, winbind etc to create any log output.

Any suggestions?

eholdsworth
I'm New!
I'm New!
Posts: 2
Joined: Thu Mar 15, 2012 7:10 pm

Re: cannot join NT4 domain on DSM3.2

Unread post by eholdsworth » Mon Mar 19, 2012 5:53 pm

ok, schoolboy error!

The linux permissions were not set correctly in Volume1 (I'd rsync'd the files from another server), had to chmod everything and then it sprang to life.

Mik
I'm New!
I'm New!
Posts: 5
Joined: Sat Jan 22, 2011 11:53 am

Re: cannot join NT4 domain on DSM3.2

Unread post by Mik » Wed Apr 25, 2012 10:48 am

Set "hotkey_local_machine\system\CurrentControlSet\Services\NetBT\Parameters\SMBDeviceEnabled to 1" Reboot the server and join the diskstation to the domain. Users and Groups synced up no problem.

Try!!!!!

hlutz
I'm New!
I'm New!
Posts: 2
Joined: Tue Feb 07, 2012 10:16 pm

Re: cannot join NT4 domain on DSM3.2

Unread post by hlutz » Thu May 31, 2012 7:27 pm

rperry, any chance you can do your magic and get this to work with DSM4 ?

rparry
I'm New!
I'm New!
Posts: 2
Joined: Thu Feb 02, 2012 6:33 pm

Re: cannot join NT4 domain on DSM3.2

Unread post by rparry » Tue Dec 04, 2012 4:48 pm

We just got a new Synology and it is running DSM 4. I think the steps are the same.

rozzer
I'm New!
I'm New!
Posts: 1
Joined: Mon Jan 07, 2013 12:04 pm

Re: cannot join NT4 domain on DSM3.2

Unread post by rozzer » Mon Jan 07, 2013 12:13 pm

rparry wrote:Took me a bit of trial and error, but I got it. Using model DS1511+, DM 3.2.

First I got it to join the domain:

* use web GUI to stop the windows file service (System Information / Services). Probably could do that from command line (/usr/syno/etc/rc.d/S80samba.sh stop)
* ssh into Synology box, use admin credentials
* edit /usr/syno/etc/smb.conf with domain info:

Code: Select all

        security = domain
        local master = no
        realm= 
        wins server = w.x.y.z
        password server = *
        workgroup = DOMAIN_NAME
* join the domain - use correct domain and admin user account. You will be prompted for password:

Code: Select all

net join -W DOMAIN_NAME -U admin_user
* use web GUI to start the windows file service

That was successful, but I could not access any shares. Finally figured out that I needed to use winbind to pull and use domain accounts like local accounts. Also made some changes to use better password security:
* Again, stop windows file service first
* use correct /etc/nsswitch.conf:

Code: Select all

cd /etc
cp /etc/nsswitch.conf.domain nsswitch.conf
* more additions to smb.conf:

Code: Select all

        lanman auth = No
        ntlm auth = Yes
        client NTLMv2 auth = Yes
        client lanman auth = No
        client plaintext auth = No
        winnbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = yes
* start windows file service

Accounts in domain will now work

All parameters for smb.conf are explained at http://www.samba.org/samba/docs/man/man ... onf.5.html
Info on winbind found at http://justlinux.com/forum/archive/inde ... 18512.html

No charge to Synology for getting this to work.
Hey i have facing the same problem before some days with DSM4.0 .so tell me also the solution for my problem because i found this thread after long struggle . so please give also me a solution for my issue .

Locked

Return to “Windows AD Domain”