Configure a Buffalo LinkStation for Active Directory

We recently started deploying Buffalo Network Attached Storage (NAS) devices on our campus to various departments that are looking for additional, non-critical storage in a relatively secure environment. Since we run Active Directory on Windows Server 2008, we chose the Buffalo drives for their ability to interface with AD. The AD bind works well for user management, but I ran into a small problem with the second drive I configured, so I thought I’d share my experience.

The AD configuration screen looks like this, and can be accessed on the drive’s web interface by clicking on Network->Workgroup/Domain:

LinkStation AD

As you can see, there are several fields that need to be populated, but Buffalo’s FAQs are not very specific about what exact info needs to go in them. Here’s what worked for me:

ActiveDirectory Domain Name (NetBIOS Name) – the actual old-school domain name without the .com/.net/.edu part

ActiveDirectory Domain Name (DNS/Realm Name) – the FQDN of the domain, i.e. the same thing as above but with the .com/.net/.edu part

ActiveDirectory Domain controller Name – the machine name of one of your primary domain controller, without the .domain.com part (just the machine name)

Admin user and pass – Domain admin credentials without anything like domain\username

WINS Server IP Address – the IP of your WINS server (usually your PDC)

After I had all this info together, I was still getting a message about authentication failure when joining the AD. I found an article on this problem here, which pointed me to the following troubleshooting steps:

  1. please check the internal Date/Time settings, especially the correct Time-Zone (by default +9 hours). The Timestamps of TS and PDC can only be 5 minutes different, otherwise the PDC will reject the Station. There is a good description of the problem caused by the “Time Difference / LDAP Error 82” located here: Troubleshooting Replication Errors, Microsoft TechNet
  2. The Primary DNS Server IP of the TeraStation network settings must be the IP address of the DNS Server running on the PDC.
  3. The IP address of the Gateway shall be the real gateway/router or the domain controller.In General 1) is the well known point why the Link- or TeraStation still cannot join even if above named things are done properly.
  4. If there is a WINS server given in the ADS-settings test the joining without the WINS IP.
  5. Check if there are some firewalls or Antivirus-Programs up and running that avoid a communication.
  6. If problems still exist please to a “Reset-to-Default” of the Tera/LinkStation by initiate the unit once.

Sure enough, it was the date/time problem for me. I solved this by going into Basic settings, then choosing an NTP server on my domain, then clicking Use Local Time (I think this was what fixed it). Once the time synced up (and it didn’t really look off before I clicked the Use Local Time button), the device joined the domain with no problem and I’m off and running with AD group authentication.

10 comments

  1. I have got my linkstation to authenticate with the active directory, but when trying to access it from my PC by a UNC path, it asks for a username and password, but nothing I enter works, not even specifying the domain in the format domainuser. Have you encountered this problem?

    • Vasken says:

      Ugh, I've seen so many different whacky errors configuring these things I can't even begin to complain about them…:)

      One thing I've noticed is the devices tend to be pretty picky about access settings on the individual file shares. Since you're getting connected to the device itself, I'd recommend double-checking the permissions on each file share on the Buffalo. Also, you can check the device as a whole by just going to devicename (don't specify a share). If you see a list of folders, but can't go into any of them, it's probably a share permission issue. Adding the users themselves is kind of weird in the web interface–I recommend reloading each page to double-check that your settings 'stuck.' Also, if you're using AD groups to assign permissions and they're not working, try with just a username and move up from there.

  2. Quang Huy says:

    Thanks very much. This is very useful for me. I also have the same problem. After I joint domain, I can't access the share folder. I used admin (local account) or domain admin account. If you have any solution, please help me. My email: quanghuy@vnp.edu.vn.

  3. ICT_Ben says:

    Hi,

    Thanks for posting this – I can’t beleive I didn’t check the time setting!
    As soon as I updated with the correct NTP settings it worked.

    Regards
    Ben.

  4. suresh says:

    The username and password should be simple only alphanumeric and no special character and it should have privileged to join the Domain.

    If there is special character then it will not join.

  5. Kari Lombard says:

    Thanks so much for this, their wording and manual were not very clear at all! Was trying to troubleshoot this for about an hour before I ended up on your blog.

  6. Mark says:

    I have tried the above and still unable to get the unit to join the domain. That being said it is an SBS2011 Standard server.

  7. Nitin Patil says:

    thanks a lot met. very helpful information. i was struggling for 2 weeks with joining to active directory. after reading above info i could connect it in just few seconds. For sure Buffalo should improve their documentation.

  8. Kyle says:

    I had an issue from it not liking my NetBIOS name. Make sure NetBios matches your first dns prefix or the domain join will fail.

Leave a Reply

Your email address will not be published. Required fields are marked *