D-Link Forums
The Graveyard - Products No Longer Supported => D-Link Storage => DNS-343 => Topic started by: hilaireg on October 11, 2008, 02:56:13 PM
-
Hi All,
Anyone succeed in getting 'Active Directory' functionality to work with F/W 1.02? I've managed to accomplish some connectivity (authentication) by configuring the Device Settings with:
Username : DNSAdmin <A/D Account /w Domain priviledge>
Password : ******** <made it a combo of upper/lower/numbers - no specials such as: !,#,etc.>
DNS1 : Provided via DHCP <A/D Integrated>
Host Name: DNS343
Realm : corp.terraflora.com <internal A/D domain, NetBIOS is terraflora>
AD Server: DC1terraflora
OBSERVATIONS:
~~~~~~~~~~
1) The above settings allow the DNS343 to join the domain, the computer object appears in A/D as expected - displays a 'success' message.
2) A new "MS Windows Network" appears which is entitled: CORP
- The DNS343 appears in the CORP network place - did not expect this.
- The DNS343 appears in the TERRAFLORA network place - what I expected.
3) Behaviors when attempting to connect using DC1TERRAFLORA (Domain Controller):
- Supplying the DNS-343 'admin' account name and password will allow me to view the DNS-343 contents
- Can view the DNS-343 contents using IP Address
4) Behaviors when attempting to connect using a workstation (Domain Workstation):
- Prompted for [DNS343\Guest] password when attempting to view the DNS-343 contents using: \\DNS343
- Can view the DNS-343 contents using IP Address
- Can view the DNS-343 contents if I map the resource using a command prompt:
NET USE \\DNS343\Volume_1 /USER:admin *
Did I miss something or is this an issue with F/W 1.02?
Cheers,
HilaireG
-
I'm going to assume by the lack of response that no one has had any success (including D-Link) in getting the DNS-343 to allow access to volumes via NetBIOS names.
If more details are required, please let me know ... I'm willing to help 'debug' the issues if there is interest.
Cheers,
-
Just did a test and you are right.
The 'Network Access' permissions in the official released v1.02 firmware is not functional in Active Directory mode.
I had a beta v1.02 firmware prior to the official release which I tested to be working fine. But that firmware has many functions not enabled, eg. FTP Server.
-
Hi chaicka,
Appreciate the response; hopefully the next firmware release will address the issue.
Cheers,
-
Anyone from D-Link?
Any new beta firmware that we can test with? I need the NAS to operate in AD mode with ACL working. Else, it's just sitting there eating electricity coz I can't migrate my 4TB of data.
-
Just make sure not to put any confidential info on that NAS :D ... have a look at the DNS-323 thread ;)
ECF, any news you can share on both of these?
Cheers,
-
The DNS-321, 323, and 343 do not support Active Directory.
-
The DNS-321, 323, and 343 do not support Active Directory.
DNS-343 does as of 1.02 :0
-
Is there any updates on the issue?
So far, the only really fully functional firmware for active directory mode is 1.02b10.
-
I have the same exact issue. Enabling Active Directory mode on the NAS with valid domain admin credentials reports success. The NAS shows up in Active Directory in the computers ou. This is all I need to do, correct?
However, no domain users can authenticate into the NAS. Am I missing a step or is this a known issue?
Update: I can authenticate using domain credentials when I browse to the device using IP address. When I browse using NetBIOS name, it fails. Hmm....
I called D-Link tech support today and finally got through to Level 3 support. They have no fix and are getting in touch with the project manager of the DNS-343. If I get any answers I will post them here.
-
I have the same exact issue. Enabling Active Directory mode on the NAS with valid domain admin credentials reports success. The NAS shows up in Active Directory in the computers ou. This is all I need to do, correct?
However, no domain users can authenticate into the NAS. Am I missing a step or is this a known issue?
Update: I can authenticate using domain credentials when I browse to the device using IP address. When I browse using NetBIOS name, it fails. Hmm....
I called D-Link tech support today and finally got through to Level 3 support. They have no fix and are getting in touch with the project manager of the DNS-343. If I get any answers I will post them here.
The last I heard is that D-Link L3 Support & the vendor who supplies them this DNS-343 is finally able to re-produce the problem I am facing with Active Directory mode unable to add any domain users/groups to the network access. But there is no fix for it right now...
-
Confirmed ... still no fix.
My DNS-343's remain in 'WORKGROUP' with no users/groups configured in the DNS. Data is accessible as DNS is configured with a 'WORKGROUP' name that matches the domain - data is publicly accessible by any domain workstation on the LAN via Network Browsing and publicly available by *any* workstation via IP.
It's a *workable* solution providing no private data is copied to the DNS.
Cheers,
-
Workable ... yes. Acceptable .. no. We need Active Directory authentication to work properly. In my environment we are planning on storing our redirected Windows domain user profiles on the DNS-343, so without this feature, there is a huge security compromise. :-\
Any word on whether this fix will be in the upcoming firmware?
-
No f/w release timeline as of yet ... but I would expect it to be shortly after the next release of the DNS-323 f/w release.
Redirecting User Profiles and/or user My Document to a non-Windows filesystem is risky. Make sure to take some time to review the Folder Redirection documentation so as to ensure that you're not tripped up by the folder Share Permission and Security Permissions typically required. Additionally, there may be an impact at the GPO level.
I assume you'll probably look to initially test a few "heavy weight" user profiles. Let us know how you make out ... be interested in the results.
Cheers,
-
Some good points, hilaireg. Using the DNS-343 to hold user profiles is an unconventional use, I agree, but in this small business, this is about all we can afford to spend on network storage.
I am using a DFS share for permissioning purposes. This way, I don't need to worry about the non-windows filesystem of the DNS-343. However, I still need the active directory authentication to work, so I can prevent users from connecting to the DNS-343 by IP address and browing the root of the Volumes.
I'll be sure to update when heavy testing begins.
-
I wonder ....... Are the active directory access and authentication issues being, at least partially, caused by the samba.conf file maintaining a security level of security=share instead of security=ADS? I believe it might be possible for the device to "look" like it's joined the directory by making all of the other Samba ADS items, but not changing its security level to ADS.
Also, is winbind running on the NAS? Has winbind been added to /etc/nsswitch.conf? Obviously, we can't answer these questions ourselves because of limited access to the NAS. But the questions are still valid.
Link to getting Samba to talk to active directory:
http://wiki.samba.org/index.php/Samba_&_Active_Directory
-
A few posts on the forum elude to ADS-related fixes in f/w 1.03 ... hasn't released as of yet; I suspect it will probably be release in the early part of 2009.
Cheers,
-
Few months with a DNS-343 that cannot function with the Active Directory forest in my environment. Still awaits for FW 1.03 to be release, which seems to be taking quite a long time.
Shouldn't the focus be on fixing current issues instead of looking at adding new features at this point of time?
Sales of DNS-343 ain't going well too..... Most SMEs are awaiting for the AD issue to be fixed, else quite a headache to manage user accounts & access separately.
-
Agreed,
Once the HDD & RAID subsystems are debugged, it would be nice to see some work effort done on the A/D integration ... of course I'm being selfish here ;)
I have the DNS-343 configured to WORKGROUP for the time being and NO user account management. Folks have been made aware that it's a PUBLIC device and that files stored there are accessible to all ... and most importantly, that a backup of one's files should still be performed.
Several folks have found some very creative ways of dealing with authentication using folder permissions; unfortunately, with everything on my 'plate' these days, I can't see myself getting dragged into a daily folder management.
Cheers,
-
If an earlier beta firmware of DNS-343 works perfectly for Active Directory, what's so difficult to fix it in firmware versions later than that beta firmware.
Without proper Active Directory support, there is a limitation to the number of user accounts supported/functional in DNS-343. The only way to overcome is to use in Active Directory mode.
-
Is there any updates to a fix for this issue?
-
I'm also still awaiting an update. Frankly, the patch time is completely unacceptable.
I understand the need to prioritize patches, but a little information about when an AD fix is expected would go a long way.
-
I have already given up... advising SMEs customers to not buy this NAS as it doesn't work with Active Directory.
-
Just so you guys do not think we are completely ignoring this thread...
I have personally tested and replicated your situations here. The Bug has already been found and WILL be fixed on final release of 1.03.
-
Any idea when that will be released? It's getting pretty urgent.
-
Just so you guys do not think we are completely ignoring this thread...
I have personally tested and replicated your situations here. The Bug has already been found and WILL be fixed on final release of 1.03.
Appreciate the update; patiently waiting ;)
-
Looks like it's time to revisit the DNS-343 with Active Directory. The new 1.03b66 firmware change log seems to indicate it's been fixed.
With more than 6 months gone, our DNS-343 is now only left with a handful of months warranty. Pray hard it doesn't break anything...
-
Chalk up another vote for fixing AD support.
I've had to tell my customers they have two choices: Netgear's higher-end line of NAS boxes or Windows-based fileservers.
What I don't understand is why this is taking so long (I've been trolling here for months, finally joined today just to throw my $0.02 in). D-Link is a networking company. 99% of corporate networks use domains. The DNS-343 is a network hard drive, yet it doesn't work with said corporate networks. What's wrong with this picture?
-
Bad news... even with the beta firmware 1.03b66, the network access to shares on DNS343 isn't working as designed despite able to configure access rights delegation.
-
I've gotten a bit further with AD connectivity. User level permissions seem to work fine, although group level still doesn't work for me. Below is what I did to get it working....
DNS-343 Setup:
Firmware 1.02
Network Type = Active Directory
Host Name = aninas
Realm Name = ANI.LOCAL
AD Server Name = anisvr
I can browse/map to the device without issue by IP address (ex. \\192.168.100.200\Volume_1)
When I try to browse by name it continuously asks for username/password (ex. \\aninas\Volume_1)
Since I could not ping aninas I thought maybe there was a problem with name resolution so I manually added an A Record for aninas on my DNS server pointing to it's IP address. This still did not allow me to connect by name.
One thing I noticed is that when I use the D-Link Easy Search Utility to map a drive is shows the drive mapped as "Volume_1 on 'DNS-343 (aninas)' (X:)". To me this looks like it's mounting the share on a device called dns-343, not aninas. So just as a test I tried to browse to \\dns-343\Volume_1, which did not work. Since I also could not ping dns-343 by name I created another DNS record for dns-343 to point to 192.168.100.200. Now when I browse to \\dns-343\Volume_1 it works properly.
If I look at the status page of the DNS-343 it shows a name of "aninas" and a description of "dns-343". My first thought was that there is a bug in the unit that make it think it's name was it's description. So I tried changing the description to aninas to see if that would change things, it did not. So what I think is that the device thinks it's name is dns-343 regardless of what you put for a name.
So if you are experiancing this problem try creating a dns record for "dns-343" to point to it's IP address and see if that helps.
This isn't a complete workaround since I can only make user level authentication work and not group level. But this is much better setup for me then leaving it in workgroup mode. I hope this will help some other with the same issue as well as D-Link to fix things for us.
-
Nice workaround ... still too much work to manage it a user level.
Reading chaicka response, it's not looking like it Active Directory related issues are high on the fix list.
Cheers,
-
Nice workaround ... still too much work to manage it a user level.
Reading chaicka response, it's not looking like it Active Directory related issues are high on the fix list.
Cheers,
Ya... a great disappointment for SMEs and SOHOs consumers.
-
Beta updated along with ADS package.
-
Is this a beta we can download somewhere? The download page shows a beta from 1/09.
Thanks
-
Top of the forums look for a Beta Code! section.