• March 28, 2024, 04:27:57 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2 3

Author Topic: Active Directory & Authentication  (Read 32151 times)

hilaireg

  • Level 3 Member
  • ***
  • Posts: 348
Active Directory & Authentication
« on: October 11, 2008, 02:56:13 PM »

Hi All,

Anyone succeed in getting 'Active Directory' functionality to work with F/W 1.02?  I've managed to accomplish some connectivity (authentication) by configuring the Device Settings with:

Username : DNSAdmin  <A/D Account /w Domain priviledge>
Password : ******** <made it a combo of upper/lower/numbers - no specials such as: !,#,etc.>
DNS1     : Provided via DHCP <A/D Integrated>
Host Name: DNS343
Realm    : corp.terraflora.com   <internal A/D domain, NetBIOS is terraflora>
AD Server: DC1terraflora


OBSERVATIONS:
~~~~~~~~~~
1) The above settings allow the DNS343 to join the domain, the computer object appears in A/D as expected - displays a 'success' message.

2) A new "MS Windows Network" appears which is entitled: CORP
    - The DNS343 appears in the CORP network place           - did not expect this.
    - The DNS343 appears in the TERRAFLORA network place - what I expected.

3) Behaviors when attempting to connect using DC1TERRAFLORA (Domain Controller):
   - Supplying the DNS-343 'admin' account name and password will allow me to view the DNS-343 contents
   - Can view the DNS-343 contents using IP Address

4) Behaviors when attempting to connect using a workstation (Domain Workstation):
   - Prompted for [DNS343\Guest] password when attempting to view the DNS-343 contents using: \\DNS343
   - Can view the DNS-343 contents using IP Address
   - Can view the DNS-343 contents if I map the resource using a command prompt:

     NET USE \\DNS343\Volume_1 /USER:admin *


Did I miss something or is this an issue with F/W 1.02?

Cheers,

HilaireG 

Logged

hilaireg

  • Level 3 Member
  • ***
  • Posts: 348
Re: Active Directory & Authentication
« Reply #1 on: October 15, 2008, 03:50:00 PM »

I'm going to assume by the lack of response that no one has had any success (including D-Link) in getting the DNS-343 to allow access to volumes via NetBIOS names.

If more details are required, please let me know ... I'm willing to help 'debug' the issues if there is interest.

Cheers,



Logged

chaicka

  • Level 2 Member
  • **
  • Posts: 87
Re: Active Directory & Authentication
« Reply #2 on: October 19, 2008, 02:02:28 AM »

Just did a test and you are right.

The 'Network Access' permissions in the official released v1.02 firmware is not functional in Active Directory mode.

I had a beta v1.02 firmware prior to the official release which I tested to be working fine. But that firmware has many functions not enabled, eg. FTP Server.
Logged

hilaireg

  • Level 3 Member
  • ***
  • Posts: 348
Re: Active Directory & Authentication
« Reply #3 on: October 19, 2008, 07:13:04 PM »

Hi chaicka,

Appreciate the response; hopefully the next firmware release will address the issue.

Cheers,

Logged

chaicka

  • Level 2 Member
  • **
  • Posts: 87
Re: Active Directory & Authentication
« Reply #4 on: October 23, 2008, 04:59:20 AM »

Anyone from D-Link?
Any new beta firmware that we can test with? I need the NAS to operate in AD mode with ACL working. Else, it's just sitting there eating electricity coz I can't migrate my 4TB of data.
Logged

hilaireg

  • Level 3 Member
  • ***
  • Posts: 348
Re: Active Directory & Authentication
« Reply #5 on: October 23, 2008, 05:06:26 AM »

Just make sure not to put any confidential info on that NAS  :D  ... have a look at the DNS-323 thread  ;)

ECF, any news you can share on both of these?

Cheers,

Logged

ECF

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2692
Re: Active Directory & Authentication
« Reply #6 on: October 23, 2008, 12:07:56 PM »

The DNS-321, 323, and 343 do not support Active Directory.
Logged
Never forget that only dead fish swim with the stream

D-Link Multimedia

  • Level 7 Member
  • **
  • Posts: 1066
    • D-link Systems, Inc.
Re: Active Directory & Authentication
« Reply #7 on: October 23, 2008, 01:45:32 PM »

The DNS-321, 323, and 343 do not support Active Directory.

DNS-343 does as of 1.02 :0
Logged

chaicka

  • Level 2 Member
  • **
  • Posts: 87
Re: Active Directory & Authentication
« Reply #8 on: November 07, 2008, 09:02:17 AM »

Is there any updates on the issue?

So far, the only really fully functional firmware for active directory mode is 1.02b10.
Logged

siegecraft4

  • Level 1 Member
  • *
  • Posts: 4
Re: Active Directory & Authentication
« Reply #9 on: December 11, 2008, 09:45:57 AM »

I have the same exact issue. Enabling Active Directory mode on the NAS with valid domain admin credentials reports success. The NAS shows up in Active Directory in the computers ou. This is all I need to do, correct?

However, no domain users can authenticate into the NAS. Am I missing a step or is this a known issue?

Update: I can authenticate using domain credentials when I browse to the device using IP address. When I browse using NetBIOS name, it fails. Hmm....

I called D-Link tech support today and finally got through to Level 3 support. They have no fix and are getting in touch with the project manager of the DNS-343. If I get any answers I will post them here.


« Last Edit: December 11, 2008, 09:56:25 AM by siegecraft4 »
Logged

chaicka

  • Level 2 Member
  • **
  • Posts: 87
Re: Active Directory & Authentication
« Reply #10 on: December 15, 2008, 03:10:51 AM »

I have the same exact issue. Enabling Active Directory mode on the NAS with valid domain admin credentials reports success. The NAS shows up in Active Directory in the computers ou. This is all I need to do, correct?

However, no domain users can authenticate into the NAS. Am I missing a step or is this a known issue?

Update: I can authenticate using domain credentials when I browse to the device using IP address. When I browse using NetBIOS name, it fails. Hmm....

I called D-Link tech support today and finally got through to Level 3 support. They have no fix and are getting in touch with the project manager of the DNS-343. If I get any answers I will post them here.


The last I heard is that D-Link L3 Support & the vendor who supplies them this DNS-343 is finally able to re-produce the problem I am facing with Active Directory mode unable to add any domain users/groups to the network access. But there is no fix for it right now...
Logged

hilaireg

  • Level 3 Member
  • ***
  • Posts: 348
Re: Active Directory & Authentication
« Reply #11 on: December 16, 2008, 01:55:05 PM »

Confirmed ... still no fix.

My DNS-343's remain in 'WORKGROUP' with no users/groups configured in the DNS.  Data is accessible as DNS is configured with a 'WORKGROUP' name that matches the domain - data is publicly accessible by any domain workstation on the LAN via Network Browsing and publicly available by *any* workstation via IP.

It's a *workable* solution providing no private data is copied to the DNS.

Cheers,
Logged

siegecraft4

  • Level 1 Member
  • *
  • Posts: 4
Re: Active Directory & Authentication
« Reply #12 on: December 17, 2008, 10:02:20 AM »

Workable ... yes. Acceptable .. no. We need Active Directory authentication to work properly. In my environment we are planning on storing our redirected Windows domain user profiles on the DNS-343, so without this feature, there is a huge security compromise.  :-\

Any word on whether this fix will be in the upcoming firmware?
Logged

hilaireg

  • Level 3 Member
  • ***
  • Posts: 348
Re: Active Directory & Authentication
« Reply #13 on: December 17, 2008, 11:51:35 AM »

No f/w release timeline as of yet ... but I would expect it to be shortly after the next release of the DNS-323 f/w release.

Redirecting User Profiles and/or user My Document to a non-Windows filesystem is risky.  Make sure to take some time to review the Folder Redirection documentation so as to ensure that you're not tripped up by the folder Share Permission and Security Permissions typically required.  Additionally, there may be an impact at the GPO level.

I assume you'll probably look to initially test a few "heavy weight" user profiles.  Let us know how you make out ... be interested in the results.

Cheers,
Logged

siegecraft4

  • Level 1 Member
  • *
  • Posts: 4
Re: Active Directory & Authentication
« Reply #14 on: December 17, 2008, 02:53:15 PM »

Some good points, hilaireg. Using the DNS-343 to hold user profiles is an unconventional use, I agree, but in this small business, this is about all we can afford to spend on network storage.

I am using a DFS share for permissioning purposes. This way, I don't need to worry about the non-windows filesystem of the DNS-343. However, I still need the active directory authentication to work, so I can prevent users from connecting to the DNS-343 by IP address and browing the root of the Volumes.

I'll be sure to update when heavy testing begins.
Logged
Pages: [1] 2 3