NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Newbie question regarding Active Directory & Samba
Hey all - I've got a new ReadyNAS 312 that I'm trying to integrate in to an existing network with a small non-profit I'm working with. They've got a CentOS (6.2) server running Samba (3.6), and are using that as the domain controller for their windows desktops. So I'd like to have the ReadyNAS use the same set of users/groups/passwords. I'm neither an expert Linux sysadmin nor a Windows expert, though reasonably functional at both, but cannot get it working. A few questions...
1) Is Samba 3.6 compatible with the ReadyNAS OS 6 Active Directory user authentication scheme, or do I need to update to Samba 4? My crude understanding is that in 3.6, it can act as an "old school" primary domain controller, while with 4.x it can act as an Active Directory Controller. I don't know how much difference there is between these two, in terms of what I want to accomplish. Can the ReadyNAS work with a regular PDC, or does it need to be an actual Active Directory controller (i.e. Samba 4)?
2) How important is it to run an internal DNS server with the internal hostnames on it? Like a lot of SMBs, I suspect, we don't really do much with internal hostnames. We point all our computers to our ISP's DNS server for internet DNS resolution, and get any local connectivity through NETBIOS (or whatever other windows technologies provide for this kind of thing). I'd rather not set up a whole separate DNS server, if possible. I can add entries to /etc/hosts files on the server and on the ReadyNAS if there are just a couple of entries that need to resolve. Will that be sufficient?
3) Let's say I've got a network where the local computers are named local-1.internal, local-2.internal, etc., and my PDC is server1.internal, with the /etc/smb.conf file containing both "NETBIOS NAME = SERVER1", and "WORKGROUP = FOO". What would I put in the Active Directory configuration options on the ReadyNAS? I presume that I'd put SERVER1 as the NETBIOS NAME. But for the DNS Realm Name (FQDN) - is it "server1.internal"? or just ".internal" (and should it include the leading dot or not)?
1) Is Samba 3.6 compatible with the ReadyNAS OS 6 Active Directory user authentication scheme, or do I need to update to Samba 4? My crude understanding is that in 3.6, it can act as an "old school" primary domain controller, while with 4.x it can act as an Active Directory Controller. I don't know how much difference there is between these two, in terms of what I want to accomplish. Can the ReadyNAS work with a regular PDC, or does it need to be an actual Active Directory controller (i.e. Samba 4)?
2) How important is it to run an internal DNS server with the internal hostnames on it? Like a lot of SMBs, I suspect, we don't really do much with internal hostnames. We point all our computers to our ISP's DNS server for internet DNS resolution, and get any local connectivity through NETBIOS (or whatever other windows technologies provide for this kind of thing). I'd rather not set up a whole separate DNS server, if possible. I can add entries to /etc/hosts files on the server and on the ReadyNAS if there are just a couple of entries that need to resolve. Will that be sufficient?
3) Let's say I've got a network where the local computers are named local-1.internal, local-2.internal, etc., and my PDC is server1.internal, with the /etc/smb.conf file containing both "NETBIOS NAME = SERVER1", and "WORKGROUP = FOO". What would I put in the Active Directory configuration options on the ReadyNAS? I presume that I'd put SERVER1 as the NETBIOS NAME. But for the DNS Realm Name (FQDN) - is it "server1.internal"? or just ".internal" (and should it include the leading dot or not)?
3 Replies
Replies have been turned off for this discussion
- Hi,
Not such a newbie question since I don't have all the answers.
Here is what I can tell you.
The readyNAS has two modes, one for active directory, the other for local+readycloud. There is no other LDAP mode. I believe LDAP is standard but that active directory uses some "aliases" in its config. I'm not sure smaaccountname exists on open ldap for example. So you may want to tweak your authentication provider for that.
I didn't know samba could be used as active directory, I've always seen it for file sharing et I also heard that you could push GPO-like strategies for linux with it, but for authentication I thought everyone relied on openldap to do the job, then passing parameters to samba.
A netbios name is just a name with a limited length, I don't see any reason why it should absolutely be the same as the DNS name, it's just more convenient. The DNS is something a little longer, it's tied to an infrastructure of server used for internet. To get the FQDN (fully qualified domain name) you provide the computer name and the domain name. People never add the final "." but this is DNS root, so "www.readynas.com" should be "www.readynas.com.", the root server then delegates to a "com server" and then to the server that has "readynas.com." and the IP is given for host "www". If you setup your machine as server1.internal (.internal being just the domain name), root servers won't find it and you will have to provide a DNS server that will (that's why active directory includes both DNS server and global catalog for the first server). You should be good with /etc/hosts since it's like a local DNS so with the good parameters you should have no problem.
Won't be able to help you further since I'm using active directory and don't link linux servers to it (just web applications), but Netgear has a support, I believe that helping to integrate the product is part of their role since they didn't provide an openLDAP authentication... It never hurts to ask. - So should I interpret this as saying that, no, the ReadyNAS "Active Directory" user authentication mode does not work with Samba 3.6, because Samba 3.6 cannot act as a proper Active Directory Domain Controller?
- I can't say that for sure.
What I'm saying is that, if you get samba/openLDAP to mimic active directory, it should work (if you can't tell the difference, then it's not different). Since LDAP is a norm, it should be possible.
If your configuration is different you MAY have problems depending on how Netgear chose to do this internally, and that I can't say, Netgear support will answer this.
So what I'm saying isn't that it's not possible, it's that there is no option to do so directly in the web interface (unless they used the term active directory for convenience instead of using the generic term which is LDAP). But it's a linux system (full Debian), as such I am pretty sure what you want to do is possible via SSH, but I'm not sure how much modification it would require and if this will have an impact on the web interface functionnalities. Once again, it's Netgear's job to answer this, I'm not qualified.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
