Solved

Joining Buffalo LS-GL to Active Directory Domain

Posted on 2008-10-29
18
3,090 Views
Last Modified: 2013-12-02

I've been trying all morning to connect one of these 250GB Buffalo Linkstation devices to the Active Directory domain here. It is going to (eventually) be situated in a separate building over a wireless link for a backup of our servers. The NAS is running the latest firmware (1.15) which was updated earlier today.

Unfortuantely all my attempts to join it to the domain have been unsuccessful. As per the advice on the Internet, I've disabled SMB Signing, pre-created the Computer account in Active Directory and added records to DNS, but I get nowhere, and the NAS just errors saying the credentials I am using are incorrect.

Has anyone got one of these / similar, and how did you get it onto your network? I've checked many of the posts here on EE but unfortunately they didn't help.

Thanks in advance.
0
Comment
Question by:tigermatt
  • 7
  • 7
  • 2
  • +2
18 Comments
 
LVL 7

Expert Comment

by:manu4u
ID: 22831828
Connect the device direclty to the LAN,  ( not wireless ) and try ...
Do a FACTORY RESET and  Read the documentation well , and try one more time ..
0
 
LVL 58

Author Comment

by:tigermatt
ID: 22832914

The NAS does not have a Wireless Facility. I have tried numerous times to connect; the screen to enter information to seems to ask for simple information and I've looked over the documentation several times.

I was really after someone who has done this before and can tell me what they had to do to achieve this feat?
0
 
LVL 2

Expert Comment

by:m3tech
ID: 22863625
Do you need the device to show up in AD, or do you simply need your servers to see it for backup purposes? I know it's not a direct answer to your question, but leaving the unit off the domain and granting the server backup service access to the network drive may save you the headache.

Can you communicate with the domain controller using a laptop plugged into the network in using the same cabling/swith ports and the NAS?

Can you communicate with the NAS device from the server? These devices often publish web sites for configuration as well as ftp ports to local devices and they provide a good way to test that your dc and nas are properly networked.
0
 
LVL 2

Expert Comment

by:m3tech
ID: 22863633
Sorry, I totally failed at typing above. Corrected:

"Can you communicate with the domain controller using a laptop plugged into the same cabling / switch ports as the NAS". (e.g. unplug cable from nas, plug same cable into laptop).
0
 
LVL 58

Author Comment

by:tigermatt
ID: 22863671

>>Do you need the device to show up in AD, or do you simply need your servers to see it for backup purposes? I know it's not a direct answer to your question, but leaving the unit off the domain and granting the server backup service access to the network drive may save you the headache.

Merely for backup purposes. I wanted to put it on the domain so I can use the Active Directory groups to authorise access to the NAS shares. It's off the domain at the moment with the server logging in with a backup user username and password and looking at things that might be where it will have to stay.

>> Can you communicate with the domain controller using a laptop plugged into the network in using the same cabling/swith ports and the NAS?

Yes - connectivity isn't an issue as I can access the web interface, it's just the actual step of getting it on the domain which is failing.

-tm
0
 
LVL 2

Expert Comment

by:m3tech
ID: 22863735
Sorry, I have no familairity with this NAS drive and i'ts AD support. Other than standard troubleshooting for domain authentication issues (dns, user credentials, etc set on the NAS) I cant' offer any more insight.

Are there any firewalls between the two devices that might be blocking ports used during the domain join? I believe netbios ports need to be able to pass through, I would have to research the rest.

Have you flashed/updated the firmware on the NAS device?
0
 
LVL 2

Expert Comment

by:m3tech
ID: 22863748
From another post (not sure if you have the ability to adjust the time on your NAS)

"Also check that the
computers that you are trying to join to the domain are in synch with the
time on the domain controller. Kerberos only allows for a five minute skew.
When checking time, check day/date/month/year/time zone/AM&PM also"
0
 
LVL 58

Author Comment

by:tigermatt
ID: 22868140

I know all the domain infrastructure is in place. Kerberos is definitely not the problem, neither is any firewall interfering with the traffic. The Active Directory infrastructure is not the issue either (brand new domain built literally a few days ago). I'm pretty sure it's just a simple issue with this particular NAS, even though it is running the latest firmware there are so many people who are having the same problem as me.

I will probably just leave it in its own workgroup with the present security setup, which, while not brilliant, will be good enough. As I'm sure you're aware people start asking questions when you've spent days working on something so small :)

Let me know if you have any other ideas, but it looks like I'll just have to accept there is some issue here which just can't be resolved.

-Matt
0
 
LVL 2

Expert Comment

by:m3tech
ID: 22873768
Oh yeah, 'small'. You finished it yesterday and have been wasting time all day today, right??

I'm as stumped as you are. I just checked the linkstation I have access to and it doesn't seem to have the option to add it to a domain.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 58

Author Comment

by:tigermatt
ID: 22878937

Well, I've actually been working on this for a few hours for about 6 days now (since the network was rebuilt) and still no further forward.

I've snapped a screenshot for you so you can see the Active Directory domain feature on this particular Linkstation. It would have been a brilliant feature but I think Buffalo have messed up someone with the integration with Microsoft systems!

-Matt
linkstation.JPG
0
 
LVL 2

Expert Comment

by:m3tech
ID: 22879921
If you feel like fighting this anymore, here's what I would do:

Go ahead and set the netBIOS name, DNS/Realm name, and domain controller name. You will also need a domain admin username/password (I'm assuming you blanked this out for the screenshot on purpose)

Make sure all WINS and DNS (this is important) entries for the linkstation (either set statically or from a dhcp server) are pointing to DNS running on the domain controller. Ensure there is no secondary or primary dns entries pointing to an ISP dns server or any other ip. I know this can cause some issues joining domains if not configured properly for firmware-type devices.

And, as you suggested, it may just be a problem with the device.
0
 
LVL 58

Author Comment

by:tigermatt
ID: 22879939

WINS could actually be the issue thinking about it; give me a few days and I'll work it back into the schedule.
0
 
LVL 2

Expert Comment

by:m3tech
ID: 22879946
You also might try the NT domain option if the domain controller compatibility level hasn't been bumped up.
0
 
LVL 58

Author Comment

by:tigermatt
ID: 22942338

Tried that... no dice. It still refuses to join, and I can't see what other options I have open to me. At the moment I have it in a workgroup with similar account names for the users who will be accessing it, not ideal, but does the job. I'll just have to accept defeat on this one! Any objections to me Deleting this?
0
 

Expert Comment

by:dpmarles
ID: 22961207
Had thge same problem with 1TB Linkstation Pro Duo.  Everything looked right in the boxes but would not authenticate.  Eventually worked when I changed the Default Domain Controller Policy - Windows settings -> Security Settings -> Local policies -> Security options; in right-pane Domain member: Digitally encrypt...(always) set to Disabled.
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 0 total points
ID: 22961466

Thanks for the idea. I gave it another go and that seemed to make the join procedure go a little further, but then it failed again. However, I did stumble across http://forums.buffalotech.com/buffalo/board/message?board.id=0101&thread.id=342&view=by_date_ascending&page=1, which describes my exact problem. As it looks like it isn't 2008 compatible yet (and the European software will be a while in the making), I have got it authenticating to a 2003 DC across the VPN for now. It's not ideal, and the initial permissions lookup on browsing the shares is a little slow, but it works and has given me the ability to lock down the shares.

Cheers,

-Matt
0
 

Expert Comment

by:dpmarles
ID: 22974131
Sorry, should have mentioned we're using Server 2003.  But you're right, not supported for Server 2008(!?), otherwise seems a decent buy for those on a budget.
0
 

Expert Comment

by:Omer Maor
ID: 37989042
I found an answer!!!!

After spending literally hours and hours on this, trying dozens of different suggestions from a variety of online suggestions and resources, it came down to this:

SPECIAL CHARACTERS in the NT Password account!!!  We were using the dollar sign instead of the letter "S" and that messed it up!

If you have any characters outside of the alpha-numeric set, it will NOT work!

I tried everything else:
- Confirming NTP and time settings
- Adding the NAS as a pre-Windows 2000 machine
- Verifying forward and reverse DNS lookup entries
- Setting up WINS on the DC
- Verifying and triple-checking every IP and domain setting
- Verifying the DNS/Realm name
- Changing the Default Domain Policy setting in Group Policy Management (ie "Default Domain Policy/Computer Configuration/Windows Settings/Security Settings/Security Options/Network Security: LAN manager Authentication Level/Send LM & NTLM - use NTLMv2 session security if negotiated")
- Sacrificing small animals under a full moon  (kidding on that last one)

And it all came down to that the password for the administrator account used for this NAS used dollar signs ("$") in place of the letter "s" for complexity.

So evidently, even though all of the documentation from Buffalo saids they support special character, they DON'T!!!!

So for anyone who finds this in the future, you may have to do all of those other things I listed, but for goodness sakes, start with an alpha-num password first!!!
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Hello, As I have seen there a lot of requests regarding monitoring and reporting for exchange 2007 / 2010 / 2013 I have decided to post some thoughts together and link to articles that have helped me. Of course a lot of information you can get…
The Samsung SSD 840 EVO and 840 EVO mSATA have a well-known problem with a drop in read performance. I first learned about this in an interesting thread here at Experts Exchange: http://www.experts-exchange.com/Hardware/Storage/Hard_Drives/Q_2852…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now