Synology share access via IP address

[ddrueding]

Upgraded a site from a desktop 8-bay unit with an Atom CPU to a 10-bay rackmount unit with a 3.1Ghz i3 (much faster performance of course).

Same IP, same server name, joined to the domain in the same way.

With the previous unit, I could access a share with either the IP address (//192.168.0.3) or machine name (//server_name).

With the new unit, //server_name works but //192.168.0.3 doesn't. When I try to access by IP it prompts for credentials, but no credentials I have work. The permissions on the share are (I believe) correct, and work correctly when I use //server_name.

Our copiers use the SMB mode to scan to folders, and don't support server names (IP only), so this is an issue.

Thanks in advance!

 

[Howell]

I would reset the AD machine account and rejoin the device to the domain.

 

[P5-133XL]

That is peculiar. //server_name just uses an additional step to resolve the name to an ip address so if any problems exist they typically are with the //server_name. Does //server_name resolve to a different IP address? Did you have a DHCP address reservation that is no longer valid forcing the network IP addresses to move so that //server_name is now a different IP address and some other machine is now responding to 192.168.0.3. IP address conflict?

 

[ddrueding]

I've rejoined to the domain without luck. Pinging server_name returns the correct IP. The DHCP reservation was updated with the new machines MAC, and the new machine picked up the IP automatically, so that is working correctly. Peculiar indeed.

Thanks for the assistance! Glad to know it wasn't resolved by the first comment 30 seconds after posting. Perhaps I haven't lost my touch entirely.

Keep 'em coming please!

 

[Howell]

What errors show in the logs of the device and domain controller at the time you are trying to login?

 

[P5-133XL]

Does the same problem exist accessing from a different machine?

 

[Mercutio]

Did you enable CIFS support?

 

[Chewy509]

Have you tried adding the domain name to the user name? eg DOMAIN\username as it's often done when you want to access objects that are not part of the current domain.

Maybe the CIFS server only uses the domain name if accessed via the computer name (the pc name is part of the SMB/CIFS protocol), and assumes non domain if using IP address in those fields.

 

[Mercutio]

IIRC, CIFS has to be specifically enabled in the management utility. I think it hides under the LDAP options someplace. It's just a checkbox, so it would be really easy to miss.

 

[ddrueding]

What errors show in the logs of the device and domain controller at the time you are trying to login?

No errors on either. It prompts for a password, doesn't accept any, and I close the window. Not sure what errors I should be expecting.

Does the same problem exist accessing from a different machine?

The problem exists from any source on the network.

Did you enable CIFS support?

I don't think any sharing would work without CIFS enabled?

Have you tried adding the domain name to the user name? eg DOMAIN\username as it's often done when you want to access objects that are not part of the current domain.

Maybe the CIFS server only uses the domain name if accessed via the computer name (the pc name is part of the SMB/CIFS protocol), and assumes non domain if using IP address in those fields.

I have tried domain/username and username@domain without luck. I've also tried using the local admin account to the unit in case it was referring to the local user accounts without success.

IIRC, CIFS has to be specifically enabled in the management utility. I think it hides under the LDAP options someplace. It's just a checkbox, so it would be really easy to miss.

Once the unit is joined to a domain the entire LDAP tab is disabled. I've gone over it a fair bit without finding a specific LDAP checkbox.

---

The core of my problem is scanning from a bunch of Konica Minolta copiers to user shares via SMB. Some dumbass at KM decided that underscores in the server name should throw an error despite being legit characters. So I can't program the copiers to access via machine name and by IP address breaks. Grr.

 

[Chewy509]

Have you contacted Synology support? And also contacted Konica Minolta to inform them that their firmware is broken...

 

[sdbardwick]

Did something change? It was beaten pounded impressed upon me that underscore characters were not valid in server/node names.

 

[Mercutio]

I have mad, mad hate for Konica document centers and their terrible software, but I also don't have a Synology NAS on a domain so I can't speak to what features might or might not be disabled.
Technically, CIFS is a superset of SMB networking that includes stuff like addressing directly by IP (instead of NetBIOS namespace), and if the client supports only SMB, you can't expect it to do anything more.

Why not create a DNS alias for the impacted machine names that points to your NAS if you can't access via IP? These machines have static IP assignments, right?

 

[Chewy509]

Did something change? It was beaten pounded impressed upon me that underscore characters were not valid in server/node names.

NETBIOS allows underscores, but DNS does not... (RFC952 Sec 1)

cite: http://support.microsoft.com/kb/909264

From the MS article:

The underscore has a special role, as it is permitted for the first character in SRV records by RFC definition, but newer DNS servers may also allow it anywhere in a name. For more details, see: http://technet.microsoft.com/en-us/library/cc959336.aspx.

When promoting a new domain, you get a warning that a underscore character might cause problems with some DNS servers, but it lets you create the domain.

 

[Chewy509]

Did something change?

Nope, it was taught that way to ensure the AD setup could work with all other OSes that forced strict RFC compliance with DNS names... eg work with Mac, *BSD, GNU/Linux, etc...

 

[ddrueding]

Have you contacted Synology support? And also contacted Konica Minolta to inform them that their firmware is broken...

This is (AFAIK) a 6-year+ issue with KM that has been pounded about on their forum for at least that long. I've sent the controller to go yell at them, but I do not consider it worthwhile. Synology has an e-mail from me, but haven't yet received a response.

I have mad, mad hate for Konica document centers and their terrible software, but I also don't have a Synology NAS on a domain so I can't speak to what features might or might not be disabled.
Technically, CIFS is a superset of SMB networking that includes stuff like addressing directly by IP (instead of NetBIOS namespace), and if the client supports only SMB, you can't expect it to do anything more.

Why not create a DNS alias for the impacted machine names that points to your NAS if you can't access via IP? These machines have static IP assignments, right?

They do have statics, and a second DNS alias without underscores returns the same error. I assumed that was because it wasn't referencing the machines actual name.

-----

Thanks for the help, but I've had to throw in the towel on this issue. Set up the FTP server on the Synology box, and reprogrammed 300+ inboxes on 12 units to use FTP instead of SMB. Takes longer for the scans to appear (minutes?), but it works. I have too many other things going to spend more time on this.

Thanks again for all the help, you guys are awesome!

 

[sdbardwick]

Nope, it was taught that way to ensure the AD setup could work with all other OSes that forced strict RFC compliance with DNS names... eg work with Mac, *BSD, GNU/Linux, etc...

Yeah, my pounding was back in '87 at uni, so it was "That way it will always work for both Unix and whatever garbage the other departments use."