QNAP: Joining to a Windows Server 2012 Domain

Issue

I recently installed a Windows Server 2012 R2 domain controller and started to experience issues with accessing shares on the QNAP (TS-670, 4.0.5).

I attempted to re-join it to the domain where it failed. “Googling” SAMBA / 2012 didn’t yield anything promising, but it did point me in the right direction, along the lines of NTLM v2 which got me thinking of the old Windows 7 issue with “Network security: LAN Manager authentication level” GPO setting.

I found this MS Technet article that describes the default DC setting as “Send NTLMv2 response only”. The QNAP has a setting “Allow only NTLMv2 authentication” (Network Services > Win/Mac/NFS > Advanced Options) that I have enabled, along with “Enable SMB 2”. I am not sure if this is a bug in QTS 4.0.5 or I am misunderstanding these settings, however I would have thought the two settings were compatible.

When trying to join the QNAP to the domain, the /var/log/setup_smb.debug file reports:

Where:
  • mydc01 = WS2012R2 Domain Controller,
  • MYDOMAIN  = internal AD domain.
  • domainadmin = a domain admin user.

The fix

In Group Policy editor, I modified the Default Domain Controller Policy, changing:
Computer | Policies | Security Settings | Local Policies | Security Option | Network security: LAN Manager authentication level:

From: Send NTLMv2 responses only
To: Send LM & NTLM – use NTLM v2 session security if negotiated

I also tried the following (worked / failed):

  • Send LM & NTLM responses
  • Send LM & NTLM – use NTLM v2 session security if negotiated
  • Send NTLM responses only
  • Send NTLMv2 response only. Refuse LM
  • Send NTLMv2 response only. Refuse LM & NTLM

This is one of those computer policies that does require a reboot to apply. A PITA as it’s my only DC. Just as well it’s not a production network!

I’ve posted in the QNAP forum here to see what the community have to say.

For reference, a successful ADS join looks like:

2 thoughts on “QNAP: Joining to a Windows Server 2012 Domain

  1. Pingback: QNAP NAS will not join domain

  2. Lukas

    Hello,
    I’m facing the same problem, but nothing is working.

    I even tried to reinstall SMB-Feature on server, but the join alway fails with the same errors.

Please feel free to leave a comment...