Cannot join QNAP to Domain

Hi All,

I am trying to join my QNAP TS221 to my nethserver Domain with no success.
I was able to joint it once into the domain, but later the QNAP disks died and it was reinstalled.
nethserver is updated to the latest version:
System version: NethServer release 7.6.1810 (final)
Kernel release: 3.10.0-862.14.4.el7.x86_64
my domain account is:
NetBIOS domain name: mydomain
LDAP server:
LDAP server name:
Realm: AD.mydomain.LOCAL
Bind Path: dc=AD,dc=mydomain,dc=LOCAL
LDAP port: 389
Server time: Wed, 06 Feb 2019 15:48:47 IST
KDC server:
Server time offset: 0
Last machine account password change: Mon, 06 Aug 2018 09:35:04 IDT

Join is OK

whenCreated: 20180806063503.0Z
name: DC
objectSid: S-1-5-21-1364839592-55747391-1094092716-1104
accountExpires: 9223372036854775807
sAMAccountName: DC$
pwdLastSet: 131780109042605860
dNSHostName: dc.mydomain.local
servicePrincipalName: HOST/DC
servicePrincipalName: HOST/dc.mydomain.local
whenChanged: 20190203074515.0Z
lastLogon: 131939338671395610
distinguishedName: CN=DC,CN=Computers,DC=ad,DC=mydomain,DC=local

When I try to connect the QNAP to the domain, it has a quick configuration wizard that helped me join the domain in the past.

When I run it now, it will ask for, the following:
Full DNS doamin name: I put:
NEBIOS domain name: I put MYDOMAIN
Primary DNS server:
on the next stage it will show me the Domain server it found:,
I will add it to the the list, give an administrator user/password and click Join,

After a while, I will get a summarize screen that says it will join the domain:

here I can see the problem, twice nsdc-dc.??
in the QNAP log I get the error:
[Security mode] Failed to join domain. Cannot resolve domain. Check DNS server, AD servewr name and Domain.
What do I need to do to fix this?

Do you have tried with

Full DNS Domain name: mydomain.local
DNS: the Nethserver IP (not the DC Container)



Tried it with all options, only the option will give me the server name to select as the domain to join.

Is the software up to date?

Also you can try enabling SMB v1 and Join domain: then disable it.

3 hints I think I can give:

Your full domain fqdn ist “ad.mydomain.tld” without nsdc-dc. It’s the domain fqdn, not the server fqdn.
What happens if you try to use the IP instead?
Administator Username is “administrator” with it’s password.
AFAIK this comes from MS-compatibility.

Nothing to de with this, but your machine seems not to be fully udated:
kernel 862.14 is one/two steps behind. subscrition kernel is 957.1, normal repo is 957.5

I did this a few weeks ago on a TS-863U-RP… Please try it with:

Full DNS domain name: ad.mydomain.local

NS was the DHCP and DNS-server for the NAS…

When I try using ad.mydomain.local I do not get a domain to connect to:

Can you ping this domain? If not, there’s a problem with DNS resolution.
Set the DNS to your NS, not to the nsdc.
If I read it corectly, the is the nsdc.

I tried yesterday with a QNAP TS-459Pro+ and a Nethservice NG 7.6 (both fully updated).

I was unable to join QNAP to the domain too.

  • DNS:
  • Full DNS domain name: ad.mydomain.tld (but I have tested mydomain.tld and
  • user: root (but I have tested root@domain.tld administrator administrator@mydomain.tld)
1 Like


Yes I can Ping the domain:
_ad.mydomain.local__** - both replay with
dc.mydomain.local , that is the NS server name, replay with

Do you ping from qnap or NS?
The DNS server should be the, this is your NS-instance.
Above I saw the DNS set to, this is the IP of the nsdc-container.

In NethServer administrator is disabled by default.

@eitan You should have set the password for admin instead and use his credentials, or any other member of the Domain Admins group to join the domain.

:+1: And NetBIOS domain name: TELEM (…or whatever)

They should both work! If the DHCP server is NethServer i’d go with .30 (or keep the default from DHCP), otherwise .31.

@eitan, your secondary DNS is suspect. I’d clear the input fields just to be sure it’s not a bug of the qnap.

To check if the domain is reachable, from a QNAP shell run

$ host ad.telem.local
$ ping ad.telem.local

AD has always an “A” record for the domain name itself that resolves to all DCs IP addresses.

1 Like

Just tried. You’re right, they work both.

@ federico.ballarini
How do I go about enabling (and disabling)SMB v1?

@ flatspinRalf Jeckel
I can ping it from any machine in that network

…weird but why is it mixed case? Please try to enter the domain name exactly as it was printed by Samba…

Kerberos is case sensitive, DNS not. Windows is usually case insensitive, Linux not.

It has been mentioned, but after you activated Samba4 AD accountprovider, you have to enable administrator and admin accounts by giving them a password.
When you join the domain, use either one of them. Root is a local account of the server and has no rights adding users or machines to the domain.

1 Like

@ davidep
No problem pinging ad.telem.local

1 Like

I do not think it is a user issue, more of a DNS issue.
first, only the FQDN will give me the option to select a domina to join to:
after that, in the final “domain connection” screen, I get the bad domain name of:
Any other DNS name , ad.mydomain.local or dc.mydomain.local will fail to give a domain to connect to

That is expected behaviour because ad.mydomain.local is the name of your domain, not your AD domain controller and dc.mydomain.local does not exist since your domain is ad.mydomain.local. NethServer is and the NSDC container where Samba4 AD resides is

If you think it is a DNS problem, make sure your clients use NS as DNS server to resolve ip addresses on your local LAN. If you think NS can’t resolve an IP address automagically, just add the IP address in NethServer DNS.