NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RN 2120 Active Directory "Import Error"
I have two office locations, each of which has a ReadyNAS 2120 set up for storing location-based backups as well as serving up home folders for users. Both devices have been live for over a year and connected to our domain. For the sake of this discussion, Location A is where the primary DC (Server 2003) is located and Location B houses the secondary DC (Server 2008). Since Day 1, both NAS devices have pointed to the primary DC at Location A for the Directory Server Address. Time server and DNS settings were pointed to their respective DCs.
First-thing Monday morning, employees at Location B were unable to connect to their individual home folders. I reviewed the Accounts > Authentication page and it shows "Import error" under the "Authentication" heading. For the past two days, I have been trying to troubleshoot and resolve this issue, but to no avail.
Beyond what I know from working with these in the past, I've done quite a bit of searching online for answers to this problem and have tried all of the suggestions that I found, but nothing has gotten this issue fixed. Here is a list of things that I have tried:
- Location A's RN is working fine. So, I mimicked its DNS, time, and authentication settings.
- I removed the RN from the domain and then re-added it. It successfully joins the domain, but it fails while importing users and groups (i.e., "Import error")
- Instead of using information from the primary DC at Location A (i.e., original settings), I decided to use the secondary DC at Location B. So, DNS, time, and authentication settings all pointed to the secondary DC
- Everything in-between the three troubleshooting steps above
I also downloaded and reviewed the logs. I specifically focused on the ADS.log file. I believe the lines below are indicative of the problem, but I do not know where to go from here...
[16-05-24 11:48:12] 1918 rndb_account.c:963 info: 278 domain user found
[16-05-24 11:48:15] 1918 rndb_account.c:989 info: 100/278 users imported so far
[16-05-24 11:48:17] 1918 rndb_account.c:989 info: 200/278 users imported so far
[16-05-24 11:48:19] 1918 rndb_account.c:1204 info: 278/278 users imported in 9104ms.
[16-05-24 11:48:19] 1918 rndb_account.c:2262 error: Error. Fail to insert $home_folder/$user/$group/$group_has_user
[16-05-24 11:48:19] 1918 rndb_account.c:2405 error: rndb_ads_account_import() ==> 3 (12360ms)
[16-05-24 11:48:19] 1918 rndb_api.c:956 error: rndb_import_nolock() ==> 3 (12362ms)
At this point, I'm left scratching my head. I'm not sure what else to try other than backing up the data and doing a factory reset. Before I go that route, though, does anyone have any insight regarding additional troubleshooting steps I can take?
I appreciate any and all assistance. Thank you in advance and take care.
- Chris
71 Replies
Replies have been turned off for this discussion
I've got exactly the same issue - my ReadyNAS 316 has been nothing more than an expensive decorative brick since this started.
Please Netgear, if you're able to fix this by an engineer remote accessing, then you must be able to automate the same fix with a firmware patch, or at least provide some instructions so that we can implement it ourselves.
Silence on this is simply not acceptable, we need information asap please.
Thanks
I totally agree...
After that, i have got problem with my save.
I am going to reset the nas and start from the begining has i could not make any save and no solution happen. :/After the engineers remotely connected to my RN and got it working again, I asked what they did to fix it. Here is the answer that I was given:
"He changed the idmap backend back to what it was before. He also had to clear the $home_folder table in management service database due to some conflicting IDs."
I am now having a similar issue with my other RN2120, but I have no idea how to change the "idmap backend back to what it was before" nor do I know how to clear the $home_folder table. I can SSH into the device and browse the various folders without any problem, but actually applying the fixes is where I can't continue any further.
- Chris
Think I've managed to fix this on my readyNAS. Granted it was a bit of a belt and braces approach based on google searches I did. Also I installed a vm edition of readynas os 6.5 and confirmed the file I delete is not on the base install after adding to AD domain.
so
1. cd /var/lib/samba
2. mkdir backup
3. cp -p *.tdb backup
4. confirm files in backup : ls -l backup
5. rm winbindd_idmap.tdb
6. reboot
After the reboot I used the GUI to redo my Accounts and they imported fine. I then rebooted and it still worked.
However I think my permissions on /home/<DOMAIN>/users are a little screwed as the idmaps have changed. so it's just a matter of running...
cd /home/<DOMAIN>
chown <user> <user>
cd <user>
find . -exec chown <user> {} \;
perhaps also need to do the same for chgrp too. Fixing file perms is easy peasy compared to the import issue.
Fixing permissions using SSH is not something we would support end users doing and if you encounter problems with that support may be unable to help. You can obviously compare with another NAS (if you have one configured and in a working condition) and if it works for you then good for you.
If you contact support and if required purchase support (if your unit is out of entitlement) then support can probably fix this in a way that the ownership is what it was before the problem (obviously this is not possible if you try doing your SSH changes you mentioned above).Finally support "kinda" got it working.
Not entirely sure what was done but I'm able to use AD..
Caveat:
- Can't see any of the users & groups through the device's ui
- Can't set permissions through the device's ui (which was the case before). All permissions must be set on the network share.
This gets me going for now BUT don't like it.
After applying SSH changes, I was able to sync with AD. However, when trying to connect to share, I am prompted for the password even after it is entered which I know is accurate.
Just started receiving this error on one of our RN312 devices running 6.5.0, with exact same error as originally posted. At first we had WAN issues preventing the device syncing with our AD, but subsiquently failed to reconnect with AD. Unfortunately we have already tried removing and re-adding the device from AD before seeing this thread.
And continue to get Import Failed error message. We are part way through upgrading our 14 readyNAS devices to the latest firmware, and have now had to hold off - praying our others that have been updated don't start getting the error.
I've logged a support ticket, and will not go down the route of resolving ourselves via SSH. Please resolve this asap!
Andrew
I am travelling. As a result unusually I am rarely looking at the community at the moment.
Setting permissions using Windows has always been the recommended way as far as I can recall.
We've been investigating some AD import issues and we have a few fixes coming in the next firmware release 6.5.1. We are working on preparing a beta firmware to share with the community soon.
If you send in your logs we should be able to determine from those whether you've run into an issue that is likely to be fixed by the beta release. Our fixes obviously do not allow for any changes you may have made using SSH.
I'm also having the same problem with my ReadyNAS 316 after upgrading to 6.5.0. I posted more details and the end of my ads.log in the Active Directory issues after 6.5 upgrade discussion.
Are any of you willing to try the 6.5.1 RC build with the Active Directotry workaround I posted?
I'll be installing this on my other ReadyNAS 2120, which is currently suffering from permissions issues (i.e., not import issues).
Hi Kohdee
I'll install the update on my 316 today, and will report back.
Thanks
Better, but still not working.
I upgraded my 316 from 6.5.0 to 6.5.1
Straight away the AD account refresh worked, and I could see the list of users and groups.
I was then able to set up network access permissions under the settings for each share. (File Access is set to Everyone read/write)
However no users were able to access any shares. It kept asking for domain credentials, and not accepting them.
So I removed the device from AD, then added it back on again.
Exactly the same problem.
So from the NAS Admin interface it all looks fine now. But I'm unable to actually access any shares over the LAN (from multiple machines on the AD).
I've also tried granting everyone permissions (and even anonymous), but exactly the same.
It's like the NAS can't validate the users credentials against AD, even though it has a list of the users locally.
Any ideas on what else I can try?
- Hi Chris
If only I could... I can't even see the root / list of shares without providing the authorisation.
So we can't even see the shares/folders in order to set up Windows permissions.I have avoided using domain credentials for managing permissions via Windows. Instead, I connect with the local RN admin account (i.e., <RN Name>\admin + password). See if that at least allows you to view the shares and associated permissions. If it does, you should be able to make changes at that point.
- Chris
Hello:
Did you try to reboot the Nas, and or test from an other computer?
Some time the password is store on windows, and it will not leave it until you reboot the computer...In fact, i have test to reset the nas:
From start even the local account could not work on network storage... (with the admin account).
After a lot of test, i have change an other time the admin password on the nas, and then it work...
It seems that if you set the admin password during the "sync" RAID opperation (when you reset the nas and that it create the RAID Grappe) it does not work...But well, i know able to use Active Directory import...
So on the 6.5 it seems that there is two problem:
1) AD that is the subject of this topic
2) local account, if we configure the password during the "sync" process...
Yes I always connect to the NAS using the local Admin account, not AD credentials.
Using this I'm able to view/set permissions on shares, but I'm still unable to access them from the LAN.
I've tried rebooting, rebooting again, deleting shares/permissions and re-adding, I've tried talking nicely to the NAS and even asking it in Swahili. Quite frankly I'm running out of ideas, apart from just using it as a decorative door stop, or maybe an overly expensive paperweight?
Any other ideas welcome though!
Hi,
I just updated to 6.5.1 and my shares are not starting.
from SSH ihave the following errors:
readynasd.service - ReadyNAS System Daemon
Loaded: loaded (/lib/systemd/system/readynasd.service; enabled)
Active: active (running) since Wed, 29 Jun 2016 16:40:43 +0300; 2h 46min ago
Main PID: 2853 (readynasd)
Status: "Start Main process"
CGroup: name=systemd:/system/readynasd.service
â 316 sh -c wbinfo --gid-info=32773
â 317 wbinfo --gid-info=32773
â 2853 /usr/sbin/readynasd -v 3 -t
Jun 29 19:26:57 NAS1 readynasd[2853]: Fail 'wbinfo --uid-info 32768'
Jun 29 19:26:58 NAS1 readynasd[2853]: failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND
Jun 29 19:26:58 NAS1 readynasd[2853]: Could not get info for uid 32768
Jun 29 19:26:58 NAS1 readynasd[2853]: Fail 'wbinfo --uid-info 32768'
Jun 29 19:26:58 NAS1 readynasd[2853]: failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND
Jun 29 19:26:58 NAS1 readynasd[2853]: Could not get info for uid 32768
Jun 29 19:26:58 NAS1 readynasd[2853]: Fail 'wbinfo --uid-info 32768'
Jun 29 19:26:59 NAS1 readynasd[2853]: failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND
Jun 29 19:26:59 NAS1 readynasd[2853]: Could not get info for uid 32768
Jun 29 19:26:59 NAS1 readynasd[2853]: Fail 'wbinfo --uid-info 32768'Admin page is not accessible also.
Could you please help me on this
Thanks
Alaa
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
