Knowledge Base


Search by either entering keywords or by selecting a product.

Joining a Buffalo NAS to an Active Directory Domain


 

Preparing a domain account for the Buffalo NAS

  1. Connect to your domain controller, either at the console or via remote desktop.
  2. Verify that the domain controller has a static IP address and that the primary DNS server is the domain controller.
  3. The Buffalo NAS device must be on same network segment as AD domain controller and must use the domain controller as its primary DNS server.
  4. Create an AD service account for the NAS. (Windows 2003, AD)  (Best practice is to not use special characters in the username). The password can only contain the following special characters: . - _ (Legacy Linux).
  5. The account must be member of the Administrators Group
  6. Create a DNS A record for the NAS. If the NAS has multiple IP addresses, create an A record for each IP address.
  7. Create a computer account for the NAS (Windows 2003, AD).
  8. The computer name must be the same as the name assigned to the NAS.
  9. Select "Assign this computer account as a pre-Windows 2003 computer". Do not select "Assign this computer account as a backup domain controller".
  10. After the computer account is created, examine the Delegation tab on the Properties page. Select "Trust this computer for delegation to any service" (Kerberos only).
  11. In some cases, if digital SMB signing is disabled on the domain controller, you will need to enable it to join. You can find this under Local Security Policy on the DC. (Or change it under Domain defaults in group policy editor to have it updated on all DCs)

 

Setting the time and time zone

Note: The time and time zone must be set correctly on the NAS device in order to successfully join an Active Directory domain. If the difference in time between the NAS the domain controller is off by more than five minutes, the NAS will be unable to join the domain.

  1. Log in to Settings for the TeraStation. You can access Settings by either entering the TeraStation's IP address into a web browser window or by using NAS Navigator.
  2. Click the Management tab on the left and click on the widget to the right of "Name/Time/Language".
    TS_AD_01.jpg
  3. Click the Time tab, then click the Edit button.
    TS_AD_02.jpg
  4. The default NTP server should work if the NAS can access the Internet. If the NAS cannot access the Internet and no local NTP server is available, set the time manually. Click the dropdown at the bottom to set the time zone.
    TS_AD_03.jpg
  5. You must scroll all the way to the bottom of the list in order to access North American time zones.
    TS_AD_04.jpg

Joining the NAS to the domain

First, find the NETBIOS name and the FQDN (Fully Qualified Domain Name) for the domain to be joined. Usually these will be the same, but in the case of parent/child domains they may be different.

  1. Open a command prompt and type the following commands:   

    The nslookup command will give us the FQDN, BT.COM in the example below. The nbtstat –n command will give us the NETBIOS name, BT-Child in the example below.
    TS_AD_05.jpg

  2. Log in to Settings for the TeraStation. You can access Settings by either entering the TeraStation's IP address into a web browser window or by using NAS Navigator.
  3. Click the Network tab on the left and click on the widget to the right of "Workgroup/Domain".
    TS_AD_06.jpg
  4. On the Workgroup Settings dialog box, click Edit.
    TS_AD_07.jpg
  5. Select the "Active Directory" radio button and click Next.
    TS_AD_08.jpg
  6. Click Yes on the pop-up.
    TS_AD_09.jpg
  7. All information in the "Active Directory Domain Settings" dialog box except for the "WINS Server IP Address" is required.

Note: The NetBIOS name and the DNS name are the values obtained earlier in step 1 above. The DNS name is the FQDN. The Administrator Name and Password must be a DOMAIN Administrator!
TS_AD_10.jpg

If the NAS fails to join the domain, verify that all information is correct and that the time on the NAS matches that of the domain controller.

X