Domain Join Issue - Information

I cant get these logs to create. no matter how many times I change from local to AD mode.

Always get the same error error to join domain

Thanks, OOM-9

Another problem I've had in the past was system time. If the time is off, even by a couple of minutes, the join will fail. What I've done is set the NAS to use the domain's NTP host and then I was able to join successfully.

Hi

I wonder if any of you will be able to help. I had problem joining the Duo V2 to my SBS2011 server. Check that the time is correct, FQDN and NetBIOS were setup correctly and so is the IP address and password. But still it just return with "Error in joining domain". There is no error code. Looking at the join_domain log file, it just say "fail to find DC for domain ..." but I am pretty sure I have type in the correct name, even with upper and lower case.

Where should I look now to fix the problem? I have tried with firmware 5.3.7 and now I am running the latest version of the firmware 5.3.8 which just came out May 23. Both have exactly the same problem. A Netgear tech support spent 3 hours looking at it and still could not figure out why and keeps asking me to reboot and reinstall the firmware :-(

Any guidance appreciated.

Regards
Peter

After fighting with this for the past two days, I finally have my answer.
I have a ReadyNas316, yours may differ but I hope this works for you as well.

1. Update your firmware. The new 6.0.7 version has to be downloaded and applied manually at the time of this writing. I'm not sure what units this will work on.
2. Make sure your DNS and Time are configured correctly. Make sure Time has synced with the NTP server. You can't be more than a minute out of time with your domain controller. The DNS server you need to point to is your internal DNS server. Make sure DNS resolves both ways. You can ping the domain controller by it's FQDN. ping server.company.local where company.local is your domain. The domain controller can ping the NAS by it's FQDN. If this doesn't work, you won't be able to join the domain.
3.The following settings were used to join to my domain.

Netbios name- if your domain is company.local, your netbios name is company.

FQDN- If your domain is company.local, you will enter company.local

Organicational Unit- Leave blank. After the join, the domain controller placed the NAS in the \Computers organizatinal unit, I then moved it to where I wanted it

Administrator name- I found this to be case sensitive. Administrator vs. administrator

Directory Server Address- This is the IP address of your main domain controller.

I hope this helps. I was on the verge of sending my box back for a refund if I couldn't get this to work.

I tried joining a domain (windows server 2012) with my Business Pro 6, with the lastest firmware.
No success.
When I look at the log file, it looks like it gets pretty close but is not able to create a user account for the device.

For now I gave up, and reset the ReadyNas to its usual security mode. I am just manually syncing folders between the two for now.

Ross

:( ..............

Create any other admin privileges user, with login name without capital letters and use it for joining to AD. It worked for me.

Hi,

I thought I'd add some more (hopefully useful!) information to the thread. Particularly for Ross's benefit, if he's still around :-)

"Unable to create user account"

If you get this error it actually generally means that the account you were using to join the domain was unable to create a computer account for your device. As all computer objects are effectively extended user objects, Samba is being accurate in its response but not very clear in its actual meaning :-)

Things to check here include;

a) Does the joining account have limited access to the destination OU?
- some people might have credentials with only "devolved" access to particular OU's.
- some organisations actively remove the rights to add a machine to the default "computer" OU to promote neatness (which means you have to specify an OU target when joining the NAS to a domain).
- if you have no rights to create an account with the joiningg credentials then you need to manually create a computer object with other credentials (or reset the password on an existing object).
b) Have you specified the OU correctly?
- The path you need to supply in the OU field shouldn't include the whole OU path. From undocumented struggles, it just needs the parts specifying the relative part of the OU path under the root domain.
(This one catches me very often but it appears that 6.x's dialogs join the OU field with the OU path that can be obtained from the AD controller to make the absolute path - Need more details here!)
c) It's important to have good DNS settings on many, many levels
- If you're re-using a computer object, bear in mind that Windows relies heavily on DNS entries for locating devices.
- If you're doing any work that involves joining or un-joining computer objects, it's worth noting that AD Dynamic DNS updates can get tied up with ACL issues because a computer object gets changed and
the "new" computer object might not be able to register a DNS entry properly because it gets denied access. It takes time for the DNS entries to get "grave-stoned"
(l'll add a new topic about this because I've just run into a quirk that looks worth mentioning on this front considering some previous board requests)

I hope some of this helpful. It needs more explaining though so I'll try and keep in touch!

Regards,

Keith

Can you offer an example of a proper OU string? I cannot get this to join as it keeps saying the OU does not exist.

If a typical LDAP string would be "ou=NAS,o=servers,ou=MyDepartment,dc=mydomain,dc=com" - what should I be putting this the OU string in ReadyNAS? I have tried the entire string, "ou=NAS,o=servers,ou=MyDepartment", "ou=MyDepartment,ou=servers,ou=NAS", "NAS,Servers,MyDepartment", nothing seems to work. Would be nice if this was documented in the user manual.