Re: N5200 Active Directory Support
Quote:
Originally Posted by
zapache_mlmc
I'm currently rebuilding the array and will load the 2.00.01 firmware tomorrow as per your instructions.
regards
zapache_mlmc
Hi Yvon,
I've rebuilt the array and updated the firmware to 2.00.01 successfully.
While the interface is nice and there are some helpful additions on the Storage-Folder-ACL pages it doesn't help solve the difficulty of users logging into the N5200 with ADS securities and permissions.
My previous question was - "Also, can you confirm that the ADS Support is limited to User Authentication, and will not allow the inheriting of sharing and security permissions from the Domain Controllers?" which was not answered.
With due respect to Linux users, I think that the N5200, being a Linux box and maybe not a full implementation, is not fully ADS compatable.
It seems that some equate ADS Authentication with ADS Integration - the N5200 sharing and security permissions can not be set from ADS - "Acces Denied"
We have mange to set up VBS login scripts to map the N5200 and the users can "see" the mapped drive on the NAS in Windows Explorer, but when the try to access it they also get "Access Denied" message.
This is using the N5200s ADS authentication and ACLs to apply access permissions to the relevant directories for the relevant groups, not the Domain Controllers ADS properties.
We are disappointed that the N5200s only connects to ADS as a "computer" not as a "Domain Object"
regards
Zapache_mlmc
Re: N5200 Active Directory Support
Dear Zapache_mlmc,
If N5200 joined the ADS, we could assign the user authorization control from ACL setting, the folder'authorization is depend on ACL setting. If a user access to a been ACL folder on N5200, N5200 would pass this user's account & pass to ADS, and from the result of ADS let user login to not.
Yvon.
Re: N5200 Active Directory Support
I'm also unable to get either of my N5200 units to use AD authentication. With the latest firmware I can now join the AD domain (though only if I get the IP address of the ADS/NT Server as an IP address, rather than a name).
When I go to edit the ACL, I now have a combobox which allows me to select local/AD users/groups, but I can get it to do anything useful. If I select "AD users", put my own account name in and press Search - the box below (which had the local group "users" in it) empties. I've tried with and without the domain prefix and I've clicked the Sync AD Acccount button but without success.
We have an enormous AD system: there are many balanced servers - is it possible the response from the DNS lists too many IP's linked to a single name for the Thecus to parse?
Re: N5200 Active Directory Support
The DNS query will only return a single IP address to the THECUS as this is the way DNS round robin works.
I would check Active Directory Users and Computers to verify a computer account was created for the Thecus. The default name is n5200 if you did not change it. (make sure the name is different for both units). The fact that you are not seeing users and groups suggests you have not really joined the domain, or that the n5200 thinks you have but AD disagrees.
Also, it is not good to reference a domain controller with multiple IP addresses that resolve to the same name. You will confuse Active Directory and can have replication errors. Maybe I don't fully understand how you are load balancing, but there are much better ways of doing this using DFS or aliase names in DNS.
Mickey
Re: N5200 Active Directory Support
Hello Pat/Mickey/ANYONE!!
Would you guys be able to assist me with getting this darn this to populate users/groups from my AD servers please...had to leave this project for a while as it was talking too long (and i was losing too much hair) trying to figure out what/where/why
The N5200 successfully joins the domain but thats as far as i can get
Re: N5200 Active Directory Support
Quote:
Originally Posted by
TN5200
Hello Pat/Mickey/ANYONE!!
Would you guys be able to assist me with getting this darn this to populate users/groups from my AD servers please...had to leave this project for a while as it was talking too long (and i was losing too much hair) trying to figure out what/where/why
The N5200 successfully joins the domain but thats as far as i can get
I had to play with mine, but once I joined the box everything was fine.
Eventually I created a User account on my domain called Thecus, and gave it credentials to join machines to the domain, I then used this account to join the device. I also ensured that I removed all previous machine accounts from the domain before joining as this causes crazy issues with AD.
I found it very important to ensure you enter in the correct WINS Server IP address!
When it came down to it I used the IP address of the Global Catalog (depends if you have a large domain or not, just use the PDC) for the ADS Server Name; for the Realm I used the fully qualified domain name.
See how you go.
Re: N5200 Active Directory Support
Dear Yvon et al.
Since my last post regarding Active Directory Support on the N5200 Sept 2007, we have realised from your answer that you don't have a clue what I was asking about.
While not an MSCE, I have been setting up, working with, and administering med-large M/S Server networks for a number of years. I think I know the difference between Active Directory Support (ADS) and NT User Authentication.
If all you want to do with the N5200 is use it at home, or on a very small office network, or as a backup device for limited users you can make do/get by with NT User Authentication.
If you actually want to use it as a Storage Server on a AD Server Network, it is useless without being able to set security, sharing and access control through Active Directory Management.
The Thecus N5200's Access Control Lists (ACLs) are not linked or replicated with Active Directory; because the N5200 is not a Server on the AD Domain, it just connects as a computer; computers that don't connect as servers can't participate in AD, except to request user authentication.
We have now retired the N5200 to be used as an off-line backup device and built our own NAS using an Intel Desktop Series M/B, the Seagate 500GB Server HDDs from the N5200 and MS Server 2003.
And Guess What? It works!!!
Unlike the N5200, we now have full ADS compatibility (not just NT User Authentication), RAID 0 and Raid 1 (we weren't using Raid 5 anyway), 802.11N wireless networking, dual Gigabit Ethernet with proper teaming (N5200 can't do that), fully network accessable Remote Desktop Management (not just browser based management) and best of all - decent end user support for both hardware and software, not just a mickey-mouse forum.
Oh, in case you were about to say it doesn't have an iTunes Server built-in, it has a full MEDIA SERVER built-in, which handles not only iTunes, but also streaming Audio and Video.
The down side is that you have to have some IT knowledge to set up Windows Server 2003, but the hardware costs were about the same.
My suggestion for anyone who want a RAID NAS box that works on an Enterprise/Commercial Network - is buy a NAS that comes with Windows Storage Server if they don't have the expertise to setup Windows Server 2003/2008 on their own hardware.
We also have a number of N2100's which have the same problem, again unsolveable, again retired to lesser duties (now used at home) and they also have HDD temperature problems due to the miniscule fans Thecus fit.
Moral of the story? You can't believe what you read in brocures or on company websites!