DSM-G600, DNS-3xx and NSA-220 Hack Forum

vthinsel · 2008-01-07 13:01:36

Hello,

Once upon a time, I had a dedicated general-purpose box for mail/http server/domain controller/etc etc.... this box diseapperaed as it needed maintenance, and was time consuming (as family grows, I have less time). It was an openbrick, first generation.

Now I would really like to turn my dns-323 as a full domain controller. This requires LDAP support, together with some nifty application to manage the domain. GOsa (https://oss.gonicus.de/labs/gosa/wiki) is one of my favourite.

I know christmas is over, but would someone be kind enough to provide binaries for those :LDAP, smbldap-tools, PERL. (I'm not willing to install a complete debian on the dns)

As a starting point, having swat would be great so the smb.conf file could be edited simply to fulfill some needs found on the forum (share names, user in several groups.....) . Anyone to make it available ?

Regards, and happy new year !

Vincent.

fordem · 2008-01-07 16:41:14

Just out of curosity - why would you want or need a full domain controller? This is supposed to be a consumer/SOHO device - workgroup access is typically considered good enough in this category.

Something else that puzzles me - again this is supposed to be a consumer/SOHO device, specifically a NAS device - why do people who need the whole kitchen sink buy this and then want to add the "missing" features, why don't they buy something that meets their needs.

By the way - price is not the answer to that last question - the year before I bought my DNS-323 (for around $220 plus $160 for 80GB of disk for a grand total of $380) I got myself a new IBM xSeries server for the handsome sum of $459, including 80GB of SATA drive, the same make & model as in the DNS-323 - the xSeries can also do RAID0 & RAID1 and has the power and expandability to be your DHCP/DNS/AD DC, HTTP, SMTP, etc., etc., etc.

vthinsel · 2008-01-07 17:02:41

I have a couple of mini-ITX boards in drawers (EPIA CL1000) actually, but I don't want to bring them back to life as they are like a black hole: they eat my free time. I can live without firewall/IPS (I have dedicated router/firewall for this purpose), without HTTP (everything is at my ISP now), without mail server (everything at googleapps now). In fact all servers are now externalised. The only internal facility that I'm missing now is the Domain I used to have. I appreciated domain logins, scripts, among severals.

As I mentionned, one nice step would be to get swat to work. This would make user/group sharing more easy, and possibly make domain a reality (unless feature has been removed by dlink at compile time). Right now, the smb.conf I use is hand-modified. swat would be a big plus, even just for workgroup usage. Then comes LDAP server and the rest....

Cheers,
V.

fordem · 2008-01-07 19:31:37

It's got to be your choice of hardware - I'm running MS Windows Server 2003 on the xSeries box that I mentioned earlier - as a standalone file & print server that also does DHCP & DNS, but I have a second one at a client site, that does DHCP, DNS, AD DC, IAS & general file & print duties and they just sit there and run - the only regular human intervention is to change the backup (there's that B word again ) tape every day - the backups themselves are automated but the tape has to be changed manually.

ChrisOwens · 2008-01-07 19:41:04

fordem wrote:
why do people who need the whole kitchen sink buy this and then want to add the "missing" features, why don't they buy something that meets their needs.

You could claim I'm nuts: I have put thousands of dollars worth of my time into making the DNS323 do things like Kerberos, LDAP, and the like.... Obviously if my goal was simply to have a functioning server I would have been better off buying a server and hiring a sysadmin.

But for me personally, there's a larger issue at play: I make sort of a point of convincing low-end consumer-grade stuff to perform tasks that were recently considered to be the domain of special-purpose high-end stuff. On the networking side, for example, my partners and I got a huge kick out of of setting up industrial-strength VPNs using US$300 boxes -- pretty recently this took US$40,000 worth of gear.

I think this kind of tinkering tends to accelerate the diffusion of advanced technology into the mainstream, which is, on the whole, a good thing. The experience also contributes to my value as a consultant -- I think it's important that we remain grounded: along with all of our fancy theoretical knowledge it's important to also have a few soldering iron burns on our fingers....

mig · 2008-01-07 20:51:14

Vincent,

I'm not sure what your objections to a Debian install on the DNS-3232 are; however,
I believe there are quite a lot of binaries missing from the D-Link firmware (v1.03) which
would need to be compiled for you to achieve your goals.

IMHO, the quickest path to a solution on the DNS-323 would be a native or chroot Debian install.
Especially given that (and I'm assuming this from your first post) you don't have the capability
to compile the native firmware compatible binaries yourself.

The embedded design of the DNS-323 (where config files [smb.conf] are restored from flash
memory on boot) makes installing utilities like SWAT problematic. You either have to modify
SWAT to save changes to flash memory, or keep the changes in a separate (chrooted) directories.

If you don't have your heart set on using the DNS-323 as your domain controller , there are other
NAS devices which are more open to user development. The Buffalo Tech KuroBox Pro is one,
and there is an active user community for development support. www.kurobox.com/forums

Good luck

vthinsel · 2008-01-08 10:29:22

Hello Mig,

Thanks for your answer. I'm not willing to set-up a full debian on the DNS, as I would fallback to the scenario where I spend nights and days updating/fixing/playing/ .... that's why I would like an "almost out of the box" solution
On the files stored in flash, you are right. That's why I have a kind of chrooted environment: upon start, thanks to fun-plug, I restart samba using my own smb.conf. The idea would be then to have a minimal chrooted environment, with a decent smbd nmbd and swat. Maybe I'll set-up a cross-compile environment somedays, but if someone has one up-and-running maybe he could provide full binaries ?
Right now, I'm more busy wiring the new house (including painting and so on) than playing with the DNS......

Cheers,
Vincent.

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#1 2008-01-07 13:01:36

My dream: DNS-323 as a domain controller

#2 2008-01-07 16:41:14

Re: My dream: DNS-323 as a domain controller

#3 2008-01-07 17:02:41

Re: My dream: DNS-323 as a domain controller

#4 2008-01-07 19:31:37

Re: My dream: DNS-323 as a domain controller

#5 2008-01-07 19:41:04

Re: My dream: DNS-323 as a domain controller

fordem wrote:

#6 2008-01-07 20:51:14

Re: My dream: DNS-323 as a domain controller

#7 2008-01-08 10:29:22

Re: My dream: DNS-323 as a domain controller

Board footer