limetech Posted March 13, 2009 Share Posted March 13, 2009 Note: all testing has been with a small network consisting of one Windows 2003 Server machine, an unRAID server, a Windows 2000 machine and Windows XP machine. The Active Directory security model permits an unRAID server to be integrated into an Active Directory domain. Active Directory share security model is set up on the 'Settings' page. The array must be stopped to set this up. Review the following sections of the Settings page: Identification: * Share security should be set to 'Active Directory'. When this is selected in the drop-down box, the Workgroup and Local master settings will be grey-out, and the AD Domain setting will be accessible. * AD Domain - enter here the fully qualified domain name (FQDN) of your AD domain. This should be in lower case, for example, "test.lime-technology.com" * Click Apply to save settings. Network settings: * Obtain DNS Server Address Automatically - Depending on how your server obtains it's IP address, you may want to set this to 'No'. This is because the IP address of your AD DNS server should be listed first (as DNS Server 1). * DNS Server 1 - You need to have the IP address of your AD DNS server listed here. Date and time: * AD very much depends on accurate time keeping. Therefore you should set up and use an NTP server in your AD domain. Google search will find many pages of instructions for enabling NTP in Windows 2003 Server. After setting up Active Directory share security model for the first time, under the Identification page the "AD join status" will indicate 'Not joined'; the AD account login and password will be blank. To join to the AD domain, you must enter an AD account user name and password that has sufficient privilege to permit machines to join domains. Click the 'Join' button to join the domain. Once joined, your server should show up in the list of computers under "Active Directory Users and Computers" on Windows 200x Server. When AD security model is selected, and additional set of configuration fields appear on the Shares page under 'Export settings': * AD initial owner - this will be the user who will own the root of any new user share created. * AD initial group - this will be the group who will own the root of any new user share created. Open issues: * The domain password is kept in plain-text and shows up in the system log - not good. This was just to aide development and will be removed soon. Quote Link to comment
stormshaker Posted April 1, 2010 Share Posted April 1, 2010 At the end we had to reboot the server to enable access to the shares by users. Without the reboot, the net ads testjoin was coming back successful but wbinfo couldn't authenticate users. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.