We recently started deploying Buffalo Network Attached Storage (NAS) devices on our campus to various departments that are looking for additional, non-critical storage in a relatively secure environment. Since we run Active Directory on Windows Server 2008, we chose the Buffalo drives for their ability to interface with AD. The AD bind works well for user management, but I ran into a small problem with the second drive I configured, so I thought I’d share my experience.
The AD configuration screen looks like this, and can be accessed on the drive’s web interface by clicking on Network->Workgroup/Domain:
As you can see, there are several fields that need to be populated, but Buffalo’s FAQs are not very specific about what exact info needs to go in them. Here’s what worked for me:
ActiveDirectory Domain Name (NetBIOS Name) – the actual old-school domain name without the .com/.net/.edu part
ActiveDirectory Domain Name (DNS/Realm Name) – the FQDN of the domain, i.e. the same thing as above but with the .com/.net/.edu part
ActiveDirectory Domain controller Name – the machine name of one of your primary domain controller, without the .domain.com part (just the machine name)
Admin user and pass – Domain admin credentials without anything like domain\username
WINS Server IP Address – the IP of your WINS server (usually your PDC)
After I had all this info together, I was still getting a message about authentication failure when joining the AD. I found an article on this problem here, which pointed me to the following troubleshooting steps:
- please check the internal Date/Time settings, especially the correct Time-Zone (by default +9 hours). The Timestamps of TS and PDC can only be 5 minutes different, otherwise the PDC will reject the Station. There is a good description of the problem caused by the “Time Difference / LDAP Error 82” located here: Troubleshooting Replication Errors, Microsoft TechNet
- The Primary DNS Server IP of the TeraStation network settings must be the IP address of the DNS Server running on the PDC.
- The IP address of the Gateway shall be the real gateway/router or the domain controller.In General 1) is the well known point why the Link- or TeraStation still cannot join even if above named things are done properly.
- If there is a WINS server given in the ADS-settings test the joining without the WINS IP.
- Check if there are some firewalls or Antivirus-Programs up and running that avoid a communication.
- If problems still exist please to a “Reset-to-Default” of the Tera/LinkStation by initiate the unit once.
Sure enough, it was the date/time problem for me. I solved this by going into Basic settings, then choosing an NTP server on my domain, then clicking Use Local Time (I think this was what fixed it). Once the time synced up (and it didn’t really look off before I clicked the Use Local Time button), the device joined the domain with no problem and I’m off and running with AD group authentication.