NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Masetorq's avatar
Masetorq
Aspirant
Sep 21, 2018
Solved

Not all domain accounts being refreshed (ReadyNAS 312, firmware 6.9.1)

Hi Everyone,

 

My actual model is the RN312 but I couldn't find it on that stupid pull down list!

 

I know there have been previous posts about problems with AD refreshing before but they don't seem to be satisfactorily resolved.

 

As the subject says; when refreshing the domain users not all users are propagating the ReadyNAS user page. I recently added a user in AD and was trying to set up their account but the ReadNAS does not find the new AD account.

 

As far as I can tell all NETBIOS, DNS, Directory Server, admin, password and other settings are correct, I click the 'update' button, there are no errors and it tells me that all is successful but NO new users shown! You would think that by firmware 6.9.1 these sort of things would have been ironed out!!!

 

BTW my AD is Server 2012 and is pretty small and simple.

Other Discussions
  • Masetorq's avatar
    Masetorq
    Sep 26, 2018

    Thanks for your reply!

     

    I have two NAS's a ReadyNAS 312 and a 102. My live NAS is the 312 running 6.9.1 and the 102 on 6.9.4 and both NAS's do not import the full collection of AD accounts and no, no weird characters in any AD names.

     

    Another thing; on neither of NAS's does the 'refresh ADS accounts' work. It's greyed out.

     

    I trying this fix on my 102 at the moment:-

    • Set Authentication back to "local" not '"AD"
    • Reboot device
    • Once the device is restarted, SSH to it and  : 
      systemctl stop winbind
systemctl stop smb

net cache flush
rm -f /var/lib/samba/*.tdb
rm -rf /var/cache/samba/*

systemctl start smb
systemctl start winbind
    • Reboot the device
    • Once the device is restarted, in the Web Admin page, set Authentication to ADS again (with the standard options, i.e. "do not cache ADS accounts" NOT ticked
    • Restart the device

    Although I'm struggling with the smb and winbind commands as they do not work. Possilby slightly different flavour of Linux so I'm experimenting...

4 Replies

Replies have been turned off for this discussion
  • Masetorq's avatar
    Masetorq
    Aspirant
    Sep 25, 2018

    In case anybody wants to help this is an extract from my ADS ReadyNas log:-

     

    [18-09-25 05:10:52] 2268 rndb_account.c:2573 info: ******************ADS Import Starts*********************
    [18-09-25 05:10:52] 2268 rndb_account.c:2364 info: Clearing domain info from database excluding $home_folder, user_acl, and group_acl tables
    [18-09-25 06:00:07] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search \(\&\(objectClass=user\)\(\!\(sAMAccountType=805306369\)\)\(\!\(sAMAccountType=805306370\)\)\(sAMAccountName=*******\)\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
    [18-09-25 06:00:09] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search \(\&\(objectClass=user\)\(\!\(sAMAccountType=805306369\)\)\(\!\(sAMAccountType=805306370\)\)\(sAMAccountName=**********\)\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
    [18-09-25 06:00:10] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search \(\&\(objectClass=user\)\(\!\(sAMAccountType=805306369\)\)\(\!\(sAMAccountType=805306370\)\)\(sAMAccountName=********\)\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
    [18-09-25 06:00:11] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search \(\&\(objectClass=user\)\(\!\(sAMAccountType=805306369\)\)\(\!\(sAMAccountType=805306370\)\)\(sAMAccountName=******\)\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
    [18-09-25 06:00:12] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search \(\&\(objectClass=user\)\(\!\(sAMAccountType=805306369\)\)\(\!\(sAMAccountType=805306370\)\)\(sAMAccountName=****\)\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
    [18-09-25 06:00:13] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search \(\&\(objectClass=user\)\(\!\(sAMAccountType=805306369\)\)\(\!\(sAMAccountType=805306370\)\)\(sAMAccountName=****\)\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
    [18-09-25 06:00:14] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search \(\&\(objectClass=user\)\(\!\(sAMAccountType=805306369\)\)\(\!\(sAMAccountType=805306370\)\)\(sAMAccountName=******\)\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
    [18-09-25 06:00:15] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search \(\&\(objectClass=user\)\(\!\(sAMAccountType=805306369\)\)\(\!\(sAMAccountType=805306370\)\)\(sAMAccountName=******\)\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
    [18-09-25 06:00:16] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search \(\&\(objectClass=user\)\(\!\(sAMAccountType=805306369\)\)\(\!\(sAMAccountType=805306370\)\)\(sAMAccountName=*******\)\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn

     

    As you can see it claims to be importing the users (I've asterixed them out) but here are only 9 when there are actually about 25.

     

    Thanks

    • schumaku's avatar
      schumaku
      Guru - Experienced User
      Sep 26, 2018

      Lot of water went down the Niagara falls since the 6.9.1 release almost one year ago on 22-NOV-2017. While I'm not aware of any ADS related entris in the release notes since, there were a bunchof security issues addressed since. 

      Trouble is that a very small number of ReadyNAS (same for Q and S brand) are integrated with an AD as a standalone server - ways below the critical mass to discover all potential issues. Any special chars used in the AD user names for example?

      • Masetorq's avatar
        Masetorq
        Aspirant
        Sep 26, 2018

        Thanks for your reply!

         

        I have two NAS's a ReadyNAS 312 and a 102. My live NAS is the 312 running 6.9.1 and the 102 on 6.9.4 and both NAS's do not import the full collection of AD accounts and no, no weird characters in any AD names.

         

        Another thing; on neither of NAS's does the 'refresh ADS accounts' work. It's greyed out.

         

        I trying this fix on my 102 at the moment:-

        • Set Authentication back to "local" not '"AD"
        • Reboot device
        • Once the device is restarted, SSH to it and  : 
          systemctl stop winbind
systemctl stop smb

net cache flush
rm -f /var/lib/samba/*.tdb
rm -rf /var/cache/samba/*

systemctl start smb
systemctl start winbind
        • Reboot the device
        • Once the device is restarted, in the Web Admin page, set Authentication to ADS again (with the standard options, i.e. "do not cache ADS accounts" NOT ticked
        • Restart the device

        Although I'm struggling with the smb and winbind commands as they do not work. Possilby slightly different flavour of Linux so I'm experimenting...

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More