DSM-G600, DNS-3xx and NSA-220 Hack Forum

Yes using the 1.0.4 beta software which has samba 3.0.24. Note I needed to create the secrets.tdb file on another box because they did not supply "net" as part of the firmware.

Steps to get doamin authentication working:

1. edit the smb.default file (on the dns323)

mount -t minix /dev/mtdblock0 /sys/mtd1
mount -t minix /dev/mtdblock1 /sys/mtd2
#EDIT both copies of smb.default
vi /sys/mtd[12]/smb.default
Change the line "security = SHARE" to "security = DOMAIN"
#
sync
umount /sys/mtd1 /sys/mtd2
#

2. You will need a secrets.tdb file from another linux box that you have used to join the domain (on a test inux box)

a. shutdown samba on your test linux box.
b. move all the files from /etc/samba to a safe location
c. create a new smb.conf with the following entries
    [ global ]
    workgroup = MYNTorADDOMAIN
    netbios name = dns323
    security = DOMAIN
d. Join the domain
    net join
e. scp -p /etc/samba/secrets.tdb dns323:/mnt/HD_a2/fun_plug.d/etc/secretes.tdb
f. Move the good samba bits back in to place on your test samba box.

3. Setup the DNS323 to us the secrets.tdb file - create a new startup script:

cd /mnt/HD_a2/fun_plug.d/start
touch samba-1.0.4-domain.sh
chmod 755 samba-1.0.4-domain.sh
vi samba-1.0.4-domain.sh
#!/bin/sh

smbd_start() {
        cp -p ${ETCDIR}/samba/secrets.tdb /tmp/samba/secrets.tdb
        killall smbd
        /usr/bin/smbd -D
}

smbd_stop() {
    killall smbd
}

smbd_status() {
    echo
}

case "$1" in
    stop)
        smbd_stop
        ;;
    restart)
        smbd_stop
        sleep 1
        smbd_start
        ;;
    status)
        smbd_status
        ;;
    start|'')
        smbd_start
        ;;
    *)
        echo "Usage: $0 start|stop|restart|status"
        ;;
esac

4. reboot the dns323 from the webpage

5. note dont make any mistakes otherwise you may brick your unit.

Great explanation on AD.

darx wrote:

smbd_start() {
        cp -p ${ETCDIR}/samba/secrets.tdb /tmp/samba/secrets.tdb
        killall smbd
        /usr/bin/smbd -D
}

Why do you copy the new secrets.tdb file from ${ETCDIR} to /tmp ?  I thought the
secrets.tdb file was supposed to be located in the /etc directory.

Last edited by mig (2007-10-28 03:03:14)

OK, thanks.  This active directory support gives the DNS-323 a
much wider appeal beyond just the home network users.

See http://dns323.kood.org/howto:bettersamba

How to access shares after a successful domain join?

I followed your tutorial! Thx for that! Now my Conceptronic NAS is in the domain and also ask my samba domain server for logins (I can see this in the log files), but I never succeed to see any shares - the login dialog simply appears again and again!

So how do I set up shares for accessing them by domain members? Via the web admin interface or via the telnet connection only via smb.default?

Log on my domain server:

SAM Logon (Network). Domain:[DOMAIN].  User:[user@\\LAPTOP] Requested Domain:[DOMAIN]
Attempting validation level 2 for unmapped username user.
make_user_info_map: Mapping user [DOMAIN]\[user] from workstation [LAPTOP]
attempting to make a user_info for user (user)
making strings for user's user_info struct
making blobs for user's user_info struct
check_ntlm_password:Checking password for unmapped user [DOMAIN]\[user]@[LAPTOP] with the new password interface
check_ntlm_password:mapped user is: [DOMAIN]\[user]@[LAPTOP]
smbldap_search_ext: base => [dc=DOMAIN], filter => [(&(uid=user)(objectclass=sambaSamAccount))], scope => [2]
init_sam_from_ldap: Entry found for user: user
Finding user user
Trying _Get_Pwnam(), username as lowercase is user
Get_Pwnam_internals did find user [user]!
sam_account_ok: Checking SMB password for user user
logon_hours_ok: user user allowed to logon at this time (Fri Jun 27 18:56:08 2008
make_server_info_sam: made server info for user user -> user
check_ntlm_password: sam authentication for user [user] succeeded
check_ntlm_password:PAM Account for user [user] succeeded
check_ntlm_password:authentication for user [user] -> [user] -> [user] succeeded

</b>UPDATE:<b>
As soon as I add the user 'user' (the one i'm logged on my windows), I can access the share. password can be whatever...
doesn't make sense at all to me!

Where does samba store the sharing attributes for samba? Cause it still seems that samba respects these settings, instead of the domain.

Last edited by DiscoBoy (2008-06-27 23:49:07)

fordem wrote:

darx - perhaps you could explain more - I'd like to be able to use the DNS-323 in an AD environment, but lack the linux skills to integrate it.

Works with DNS-320L ? I´m use Samba of Add-on from :
http://dlink.vtverdohleb.org.ua
Developer: vtverdohleb
version:    3.6.25

Can help-me ? Thanks.

Last edited by slobato (2017-05-25 07:29:07)