Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[hilaireg]

Hi All,

After some research, I've succeeded in getting 'Active Directory' functionality to work with F/W 1.03 & ADS Package 1.0.   I've managed to accomplish some connectivity (authentication) by configuring the Device Settings with:


Username  : DNSAdmin              <A/D Account /w Domain priviledges>
Password  : DNS343b4605a!
DNS1      : Provided via DHCP     <A/D Integrated>
DNS2      : Provided via DHCP     <A/D Integrated>
Host Name : DNSTORNAS01
Workgroup : TERRAFLORA
Realm Name: CORP.TERRAFLORA.COM   <internal A/D domain, NetBIOS is terraflora>
AD Server : DC1terraflora01



Note that the DNS-343 and test workstation were restarted between tests.


TESTS:

1) Behavior when selecting Active Directory as the Network Type so as to allow the DNS-343 to join the domain:

   RESULT:

• The computer object appears in A/D as expected - displays a 'success' message.
• Moving the object to an OU still allows access to the object from 'Microsoft Windows Network'

  'Microsoft Windows Network'

• The DNS-343 object (DNSTORNAS01) appears as expected in TERRAFLORA.

2) Behavior when attempting to connect using DC1TERRAFLORA (Domain Controller, LMCompatibilityLevel=2):

   RESULT:

• Double-clicking the DNSTORNAS01 object from 'Microsoft Windows Network' displays the username/password prompt.
• Using the IP Address (\\###.###.###.###) displays the shared object contents.

   EXPECTED BEHAVIOR:

• Shared object contents should have been displayed when double-clicking the DNSTORNAS01 object from 'Microsoft Windows Network'
• Selecting an object displayed inside DNSTORNAS01 should prompt for credentials if required.

3) Behavior when attempting to connect using a domain workstation (LMCompatibilityLevel=0, LMCompatibilityLevel=2, and/or LMCompatibilityLevel=3):

   RESULT:

• Double-clicking the DNSTORNAS01 object from 'Microsoft Windows Network' displays the username/password prompt.
• Using the IP Address (\\###.###.###.###) displays the shared object contents.

   EXPECTED BEHAVIOR:

• Shared object contents should have been displayed when double-clicking the DNSTORNAS01 object from 'Microsoft Windows Network'
• Selecting an object displayed inside DNSTORNAS01 should prompt for credentials if required.

4) Behavior when attempting to connect by mapping the resource using a command prompt:

   NET USE X: \\DNSTORNAS01\Volume_1 /USER:<username> *
   NET USE X: \\###.###.###.###\Volume_1 /USER:<username> *


   RESULT:

• The drive letter is successfully mapped.

5) Account Name/Password supplied at prompts throughout the tests:

   RESULT:

• Account name and password supplied had to be:

     Username: <REALM>\<username>    (ex: CORP\Administrator)
     Password: <password>            (ex: DNS343b4605a!)


   EXPECTED BEHAVIOR:

• Should have had to supply the following:

     Username: <WORKGROUP>\<username>   (ex: TERRAFLORA\Administrator)
     Password: <password>               (ex: DNS343b4605a!)



In summary, there continues to be an issue with prompting for username/password when initially double-clicking the DNS-343 object from 'Microsoft Windows Network'.  Additionally, there appears to be and issue with the credentials that need to be passed for authentication; in my tests, I should have had to supply TERRAFLORA\<username> and not CORP\<username>.


Cheers,

[Jacques Amar]

I am using Windows 7 x64 (MSDN RTM version) / Win2K8 ADS

DNS-343 gets the full user/group info correctly from server. However, I connot get authenticated for any usage. Neither from xmd prompt (NET USE) or Explorer (Map drive).

Error on cmd:
"Type the password for \\dlink-343\Volume_1:
System error 1326 has occurred.

Logon failure: unknown user name or bad password."

Explorer gives:
"... No process is on the other end of the pipe"

I'm using FW 1.03 with ADS 1.0

Any suggestion as to what I'm doing wrong? Or is this still a known bug?

[hilaireg]

What user name are you trying to pass?

If you are trying to use the NetBIOS (ex: TERRAFLORA\<username>) it will not authenticate.  Try using the first portion of the Realm Name.  For example, if the Realm Name is CORP.TERRAFLORA.COM, try using CORP\<username>.

If it's still fails, verify your DNS forward/reverse entries.

I assume the DNS is PING'able.

HTH,

[D-Link Multimedia]

I am using Windows 7 x64 (MSDN RTM version) / Win2K8 ADS

Unfortunately we don't support 2008 yet. We are working on it =\.

[Jacques Amar]

...
If you are trying to use the NetBIOS (ex: TERRAFLORA\<username>) it will not authenticate.  Try using the first portion of the Realm Name.  For example, if the Real Name is CORP.TERRAFLORA.COM, try using CORP\<username>.
....

Yes, I saw that subtle distinction and tried it. No love. I guess I need to wait for ADS module to work with Win2K8 ADS

[chaicka]

Unfortunately we don't support 2008 yet. We are working on it =\.

No wonder I am still facing problem with authentication. My AD forest is now on Native Win2008 mode.

[synopsys]

have you any idea when the support of AD2008 and AD2008R2 are ok? I need it!!!

[njoylif]

Yea, I can connect with my win2k8 server to the DNS when logged into that machine through AD (logged in via domain user).
when I try my win7, I'm logged in locally and can't connect via any attempt/combo of the above.
can't wait until 7 is supported with AD.

[njoylif]

is there a way to log in using local users while still allowing AD authentication?  That would at least allow a temporary work-around...

[slackeruh]

I believe this is the solution to the problem.  Windows 7 and the DNS-343 are not using the same authentication level.

Open up the local security policy by running secpol.msc

Navigate to Local Policies -> Security Policies

Change Network Security: LAN Manager authentication level to: Send LM & NTLM - Use NTLMv2 session security if negotiated.

I found the information here...
http://www.mostlyoperational.com/?p=86

[hilaireg]

@slackeruh:

Relaxing the LAN Manager Authentication Level addresses the immediate connectivity issues discovered for Windows 7 and exposes an additional problem, above the ones I noted, with the ADS 1.0 package.


@D-Link Engineering:

Have you had an opportunity to make any progress on an updated version of the ADS package?


Regards,

[ITF1]

@slackeruh:

Relaxing the LAN Manager Authentication Level addresses the immediate connectivity issues discovered for Windows 7 and exposes an additional problem, above the ones I noted, with the ADS 1.0 package.


@D-Link Engineering:

Have you had an opportunity to make any progress on an updated version of the ADS package?


Regards,

Hello,
any progress on this one? Server 2008 is not really a new product and it is hard to understand why it is not supported by a device which obviously aiming at the SOHO / SMB Market.
Regards
Anthony

[hilaireg]

There hasn't been much response from D-Link Engineering on this one.  I'm not certain if the silence should be taken as "will not fix", "we're so busy on projects it isn't funny any more", or "we're working on it ... but we're so busy on projects it isn't funny any more"

 


In any case, a quick response from their side would be most appreciated.

Cheers,