Not all domain accounts being refreshed (ReadyNAS 312, firmware 6.9.1)

Masetorq · ‎2018-09-21

Hi Everyone,

My actual model is the RN312 but I couldn't find it on that stupid pull down list!

I know there have been previous posts about problems with AD refreshing before but they don't seem to be satisfactorily resolved.

As the subject says; when refreshing the domain users not all users are propagating the ReadyNAS user page. I recently added a user in AD and was trying to set up their account but the ReadNAS does not find the new AD account.

As far as I can tell all NETBIOS, DNS, Directory Server, admin, password and other settings are correct, I click the 'update' button, there are no errors and it tells me that all is successful but NO new users shown! You would think that by firmware 6.9.1 these sort of things would have been ironed out!!!

BTW my AD is Server 2012 and is pretty small and simple.

Masetorq · ‎2018-09-26

Thanks for your reply!

I have two NAS's a ReadyNAS 312 and a 102. My live NAS is the 312 running 6.9.1 and the 102 on 6.9.4 and both NAS's do not import the full collection of AD accounts and no, no weird characters in any AD names.

Another thing; on neither of NAS's does the 'refresh ADS accounts' work. It's greyed out.

I trying this fix on my 102 at the moment:-

Set Authentication back to "local" not '"AD"
Reboot device

Once the device is restarted, SSH to it and :

systemctl stop winbind
systemctl stop smb

net cache flush
rm -f /var/lib/samba/*.tdb
rm -rf /var/cache/samba/*

systemctl start smb
systemctl start winbind

Reboot the device
Once the device is restarted, in the Web Admin page, set Authentication to ADS again (with the standard options, i.e. "do not cache ADS accounts" NOT ticked
Restart the device

Although I'm struggling with the smb and winbind commands as they do not work. Possilby slightly different flavour of Linux so I'm experimenting...

View solution in original post

Masetorq · ‎2018-09-25

In case anybody wants to help this is an extract from my ADS ReadyNas log:-

[18-09-25 05:10:52] 2268 rndb_account.c:2573 info: ******************ADS Import Starts*********************
[18-09-25 05:10:52] 2268 rndb_account.c:2364 info: Clearing domain info from database excluding $home_folder, user_acl, and group_acl tables
[18-09-25 06:00:07] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search $\&\(objectClass=user$$\!\(sAMAccountType=805306369$\)$\!\(sAMAccountType=805306370$\)$sAMAccountName=*******$\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
[18-09-25 06:00:09] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search $\&\(objectClass=user$$\!\(sAMAccountType=805306369$\)$\!\(sAMAccountType=805306370$\)$sAMAccountName=**********$\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
[18-09-25 06:00:10] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search $\&\(objectClass=user$$\!\(sAMAccountType=805306369$\)$\!\(sAMAccountType=805306370$\)$sAMAccountName=********$\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
[18-09-25 06:00:11] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search $\&\(objectClass=user$$\!\(sAMAccountType=805306369$\)$\!\(sAMAccountType=805306370$\)$sAMAccountName=******$\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
[18-09-25 06:00:12] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search $\&\(objectClass=user$$\!\(sAMAccountType=805306369$\)$\!\(sAMAccountType=805306370$\)$sAMAccountName=****$\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
[18-09-25 06:00:13] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search $\&\(objectClass=user$$\!\(sAMAccountType=805306369$\)$\!\(sAMAccountType=805306370$\)$sAMAccountName=****$\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
[18-09-25 06:00:14] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search $\&\(objectClass=user$$\!\(sAMAccountType=805306369$\)$\!\(sAMAccountType=805306370$\)$sAMAccountName=******$\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
[18-09-25 06:00:15] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search $\&\(objectClass=user$$\!\(sAMAccountType=805306369$\)$\!\(sAMAccountType=805306370$\)$sAMAccountName=******$\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn
[18-09-25 06:00:16] 2268 rndb_ads_utils.c:176 info: ADS CMD::ldap search open: LANG=C net -P ads search $\&\(objectClass=user$$\!\(sAMAccountType=805306369$\)$\!\(sAMAccountType=805306370$\)$sAMAccountName=*******$\) sAMAccountName objectSid distinguishedName mail primaryGroupID memberOf cn

As you can see it claims to be importing the users (I've asterixed them out) but here are only 9 when there are actually about 25.

Thanks

schumaku · ‎2018-09-26

Lot of water went down the Niagara falls since the 6.9.1 release almost one year ago on 22-NOV-2017. While I'm not aware of any ADS related entris in the release notes since, there were a bunchof security issues addressed since.

Trouble is that a very small number of ReadyNAS (same for Q and S brand) are integrated with an AD as a standalone server - ways below the critical mass to discover all potential issues. Any special chars used in the AD user names for example?

Masetorq · ‎2018-09-26

Thanks for your reply!

I have two NAS's a ReadyNAS 312 and a 102. My live NAS is the 312 running 6.9.1 and the 102 on 6.9.4 and both NAS's do not import the full collection of AD accounts and no, no weird characters in any AD names.

Another thing; on neither of NAS's does the 'refresh ADS accounts' work. It's greyed out.

I trying this fix on my 102 at the moment:-

Set Authentication back to "local" not '"AD"
Reboot device

Once the device is restarted, SSH to it and :

systemctl stop winbind
systemctl stop smb

net cache flush
rm -f /var/lib/samba/*.tdb
rm -rf /var/cache/samba/*

systemctl start smb
systemctl start winbind

Reboot the device
Once the device is restarted, in the Web Admin page, set Authentication to ADS again (with the standard options, i.e. "do not cache ADS accounts" NOT ticked
Restart the device

Although I'm struggling with the smb and winbind commands as they do not work. Possilby slightly different flavour of Linux so I'm experimenting...

Masetorq · ‎2018-09-26

Ok, so ran the commands from the previous fix. (Commands were completely fine I just hadn't su'd into Root. Duh!)

And after refreshing a couple of times all looks good. ALL Active Directory user accounts now imported.

I've just got to strap on a pair and do it to my live server. I note however that since you have to change the authentication to 'Local' obviously you have to re-assign the AD accounts back onto the shares.

I hope that has helped anybody else with the same issue.

Not all domain accounts being refreshed (ReadyNAS 312, firmware 6.9.1)

Not all domain accounts being refreshed (ReadyNAS 312, firmware 6.9.1)

Re: Not all domain accounts being refreshed (ReadyNAS 312, firmware 6.9.1)

Re: Not all domain accounts being refreshed (ReadyNAS 312, firmware 6.9.1)

Re: Not all domain accounts being refreshed (ReadyNAS 312, firmware 6.9.1)

Re: Not all domain accounts being refreshed (ReadyNAS 312, firmware 6.9.1)

Re: Not all domain accounts being refreshed (ReadyNAS 312, firmware 6.9.1)