I have found some helpful information for people that have issues joining the domain. The points to check when configuring the ReadyNAS to join the domain, and an additional option with logs to see why it is not able to join the domain.Basic configurations should be checked:Routes - Check to see if the server is able to access the ReadyNASDNS - Configure one of the DNS Settings to the Local domain server NTP - Configure to the NTP to the domain server or same NTP server as the domainDomain settings - Make sure the security mode settings are matching the domain that is being joinedThere is a log option that you can use when joining an ADS known as the “domain_join.log”.Logs downloaded from Frontview- /Status/Logs/ (top-right) 'Download All Logs'Bottom of this log shows addition information with the following circumstances:When you have a bad username or password:Failed to join domain: failed to lookup DC info for domain 'MY.DOMAIN.LOCAL' over rpc: Logon failureWhen you have a bad NetBIOS Name:Failed to join domain: Invalid configuration ("workgroup" set to 'YOUR', should be 'MY') and configuration modification was not requestedI have noticed that this is not always the name of the server, but can also be the sub-domain name for the server.When you have a bad Domain Name (FQDN):Failed to join domain: failed to find DC for domain MY.DOMAIN.LOCAL2Example Logs were based on the following (security mode) domain configuration:Domain Type: ADSNetBIOS Name: MYDomain Name (FQDN): MY.DOMAIN.LOCALNote on the log:I have seen in some scenarios were the domain_join.log not show up, but switching the domain to user mode and back to domain mode helps generate this log.

After fighting with this for the past two days, I finally have my answer.I have a ReadyNas316, yours may differ but I hope this works for you as well.1. Update your firmware. The new 6.0.7 version has to be downloaded and applied manually at the time of this writing. I'm not sure what units this will work on.2. Make sure your DNS and Time are configured correctly. Make sure Time has synced with the NTP server. You can't be more than a minute out of time with your domain controller. The DNS server you need to point to is your internal DNS server. Make sure DNS resolves both ways. You can ping the domain controller by it's FQDN. ping server.company.local where company.local is your domain. The domain controller can ping the NAS by it's FQDN. If this doesn't work, you won't be able to join the domain.3.The following settings were used to join to my domain.Netbios name- if your domain is company.local, your netbios name is company. FQDN- If your domain is company.local, you will enter company.localOrganicational Unit- Leave blank. After the join, the domain controller placed the NAS in the \Computers organizatinal unit, I then moved it to where I wanted itAdministrator name- I found this to be case sensitive. Administrator vs. administratorDirectory Server Address- This is the IP address of your main domain controller.I hope this helps. I was on the verge of sending my box back for a refund if I couldn't get this to work.

Hi, I thought I'd add some more (hopefully useful!) information to the thread. Particularly for Ross's benefit, if he's still around :-)"Unable to create user account" If you get this error it actually generally means that the account you were using to join the domain was unable to create a computer account for your device. As all computer objects are effectively extended user objects, Samba is being accurate in its response but not very clear in its actual meaning :-) Things to check here include;a) Does the joining account have limited access to the destination OU? - some people might have credentials with only "devolved" access to particular OU's. - some organisations actively remove the rights to add a machine to the default "computer" OU to promote neatness (which means you have to specify an OU target when joining the NAS to a domain). - if you have no rights to create an account with the joiningg credentials then you need to manually create a computer object with other credentials (or reset the password on an existing object).b) Have you specified the OU correctly? - The path you need to supply in the OU field shouldn't include the whole OU path. From undocumented struggles, it just needs the parts specifying the relative part of the OU path under the root domain. (This one catches me very often but it appears that 6.x's dialogs join the OU field with the OU path that can be obtained from the AD controller to make the absolute path - Need more details here!)c) It's important to have good DNS settings on many, many levels - If you're re-using a computer object, bear in mind that Windows relies heavily on DNS entries for locating devices. - If you're doing any work that involves joining or un-joining computer objects, it's worth noting that AD Dynamic DNS updates can get tied up with ACL issues because a computer object gets changed and the "new" computer object might not be able to register a DNS entry properly because it gets denied access. It takes time for the DNS entries to get "grave-stoned" (l'll add a new topic about this because I've just run into a quirk that looks worth mentioning on this front considering some previous board requests)I hope some of this helpful. It needs more explaining though so I'll try and keep in touch!Regards,Keith

I cant get these logs to create. no matter how many times I change from local to AD mode.Always get the same error error to join domain

Another problem I've had in the past was system time. If the time is off, even by a couple of minutes, the join will fail. What I've done is set the NAS to use the domain's NTP host and then I was able to join successfully.

Domain Join Issue - Information | NETGEAR Communities

19 Replies

Replies have been turned off for this discussion

guitman
Aspirant
Sep 26, 2014
Even with no OU specified, I receive the error with no message or code. I have checked everything, time is synced, DNS is correct.

I downloaded all logs, but domain_join.log is not present, does this have to be enabled?

Using 6.1.9
mdgm-ntgr
NETGEAR Employee Retired
Sep 26, 2014
guitman have you tried contacting support?
guitman
Aspirant
Sep 29, 2014
Not yet, thought I would try the forums first.
bobertin
Aspirant
Feb 20, 2015
Hey,
I can't find any solution to connect a readyNas 102 to AD.
I've no error code, no error message, just the "security settings failed to apply".
Is a windows server message, a ready nas message???
What I'm doing wrong?
Thank you for your tips and sorry formy bad english!
terryvella
Aspirant
Mar 27, 2015
Hi, firstly please excuse me if I'm posting incorrectly here. I have 2 x ReadyNas 2120 and 1 x 104 all of which are successfully authenticated on my domain. The problem I have though is with the 104; it fails the ADS accounts refresh and says "Import Error" Under Authentication. All the AD users are available but only one group is imported; "Domain users". The 2120's are not affected

All three boxes are running 6.2.2 and are configured the same as each other as far as I can see but whatever I do I can't complete the authentication process without the import error on the 104. The two 2120's authenticate correctly and all 3 synch their times with the same server.

Any pointers?

Thanks
mdgm-ntgr
NETGEAR Employee Retired
Mar 30, 2015
Have you tried backing up your data and doing a factory default (wipes all data, settings, everything) and then attempting to complete the authentication process?

mjwise

Aspirant

Apr 12, 2015

terryvella wrote:
Hi, firstly please excuse me if I'm posting incorrectly here. I have 2 x ReadyNas 2120 and 1 x 104 all of which are successfully authenticated on my domain. The problem I have though is with the 104; it fails the ADS accounts refresh and says "Import Error" Under Authentication. All the AD users are available but only one group is imported; "Domain users". The 2120's are not affected

All three boxes are running 6.2.2 and are configured the same as each other as far as I can see but whatever I do I can't complete the authentication process without the import error on the 104. The two 2120's authenticate correctly and all 3 synch their times with the same server.

Any pointers?

Thanks

terryvella wrote:
Hi, firstly please excuse me if I'm posting incorrectly here. I have 2 x ReadyNas 2120 and 1 x 104 all of which are successfully authenticated on my domain. The problem I have though is with the 104; it fails the ADS accounts refresh and says "Import Error" Under Authentication. All the AD users are available but only one group is imported; "Domain users". The 2120's are not affected All three boxes are running 6.2.2 and are configured the same as each other as far as I can see but whatever I do I can't complete the authentication process without the import error on the 104. The two 2120's authenticate correctly and all 3 synch their times with the same server. Any pointers? Thanks

For what it's worth, I get the same error with a 516 on 6.2.2 if you run the ADS refresh. "Domain Users" is the only group that shows up as imported. That's basically the only group we use, so it's not a big deal, but AD support seems half-baked at best under 6.2.2.

brianm
Aspirant
Apr 13, 2015
I used to have the same issue, however since upgrading to BETA 6.3.3-T149 all AD users and all AD groups are returned and displayed.
KevinB15
Aspirant
Apr 15, 2015
Have been having the same problem. Support found that "/etc/passwd" and "/etc/group" files were corrupted. They fixed it, but it only worked for a day or so, now I'm back to getting the same error message again.

Forum Discussion

Domain Join Issue - Information

19 Replies

Related Content

Armor Help and Information FAQ

Armor Help and Information FAQ

Circle Pass Code Help and Information

Nighthawk MK Series MESH System Compatibility Information

No Cable Connection Information

NETGEAR Academy

ProSupport for Business