Extremely disappointed in Synology

[ZippyDan]

Eh, I don't know why I'm posting here except that I feel like ranting.

I am running a Zentyal domain server (www.zentyal.com). For some reason, this linux distro runs LDAP for binding on port 390 (the standard port 389 is used for another instance of LDAP for samba4 - something like that).

I purchased THREE Synology Diskstation 1513+ for our offices.

You could blame me for not doing my research (I didn't know Zentyal used a nonstandard port), but Synology has been EXTREMELY unhelpful and outright dismissive.

Their WebUI does not have an option to change the connection port. Their software developers suggest I manually edit the config file using the command line, but then seemed confused when I said that editing a command line was not enough, I needed instructions to start the LDAP client service. At that point they seemed to indicate I was "past the point" which they would support. When I mentioned that FreeNAS does support custom port numbers and this was a product I PAID for, they simply suggested I return the items.

1. I think a WebUI field for inputting a different port number is a trivial addition
2. If I'm arrogant in my expectation that they could change the UI just for me (I don't think Zentyal is so obscure that it would only help me), then at the very least they could have assisted me with the command line configuration.

 

[Pulsar]

1. I think a WebUI field for inputting a different port number is a trivial addition
2. If I'm arrogant in my expectation that they could change the UI just for me (I don't think Zentyal is so obscure that it would only help me), then at the very least they could have assisted me with the command line configuration.

You purchased a product that does not have the capabilities you need. It's not logical to think that the manufacturer is going to help you make the product work in a way they didn't design it to. Unfortunate, but true.

I realize how frustrating that is, though. In a recent search for a wireless bridge, I found that the device for the box and even the user manual (online) was so abridged that it left me guessing. I ended up buying 3 different bridges, and only 1 actually 'bridged' the way a bridge SHOULD. The other manufacturers, while calling their devices bridges, had actually made devices that were not, they were half-assed access points, media servers, and repeaters (which would only work with a repeater of identical manufacture).

Annoying.

 

[drebo]

There's a reason people still use Windows for things like file servers and authentication.

Say what you will about Microsoft, but Active Directory is still head and shoulders above any other option available.

On another note: if you worked for me, I'd fire you for making this decision.

 

[Emulex]

most of those little nas boxes are just atom cpu's with 512meg to 2gb of ram. better off buying/building a microserver

 

[imagoon]

Meh they are fine for iSCSI targets, esp for backup storage.

 

[kevnich2]

There's a reason people still use Windows for things like file servers and authentication.

Say what you will about Microsoft, but Active Directory is still head and shoulders above any other option available.

On another note: if you worked for me, I'd fire you for making this decision.

Fire him for purchasing the synology units for using something other than Microsoft for his network access directory?

 

[drebo]

Fire him for purchasing the synology units for using something other than Microsoft for his network access directory?

Both. The former shows he did not properly research or test his proposed solution before he invested in it. The latter shows a remarkable lack of good judgment and a propensity for ensuring his own job security rather than implementing a simple, easy to use, industry-standard solution.

Synology units aren't terrible by themselves. I've used them to great effect as basic bulk storage as an iscsi target. For this purpose, however, a Windows Server box would have been cheaper and simpler.

 

[kevnich2]

Both. The former shows he did not properly research or test his proposed solution before he invested in it. The latter shows a remarkable lack of good judgment and a propensity for ensuring his own job security rather than implementing a simple, easy to use, industry-standard solution.

Synology units aren't terrible by themselves. I've used them to great effect as basic bulk storage as an iscsi target. For this purpose, however, a Windows Server box would have been cheaper and simpler.

Yeah I agree with you on those counts for sure. I like the synology units, their good general purpose storage nodes for both NFS and iscsi targets. I still don't know why, for business use, you wouldn't implement a network directory scheme that 99% of other businesses use and just use Windows Active Directory. I'm all for out of the box ideas but not for something like that. Use what works....

 

[ZippyDan]

Both. The former shows he did not properly research or test his proposed solution before he invested in it. The latter shows a remarkable lack of good judgment and a propensity for ensuring his own job security rather than implementing a simple, easy to use, industry-standard solution.

Offense intended: you are a judgmental asshole.

Since we have been using our Zentyal domain server, I have had no trouble connecting other LDAP-compatible devices. There was no reason to expect that the Synology would also have problems connecting, especially since it is a linux box where I should have command line access to make any small adjustments I might need to.

There is no way to "test" the solution without purchasing the product. In fact, I found on the Synology forums another person in the same situation who was told by Synology's presales people that the box did indeed support custom LDAP ports, only to find this was untrue.

Secondly, my decision to use Zentyal instead of Microsoft was not motivated by any self-serving desire as you so offensively suggest, but by simple economics. A Windows server solution would cost tens of thousands of dollars to implement in our company thanks to Microsoft's client licensing schemes. Zentyal's community edition is free. Not every company in the world has a huge budget to spend on software.

Thirdly, I WILL get these Synology boxes working with our domain server. Tomorrow I will be setting up a simple intermediate box to forward traffic from 389 to 390 and back until such time as Synology decides to update their UI. So, my idea was not a failure and will not cost the company any additional money. I simply encountered an unexpected obstacle and posted here to express my disappoint with Synology's complete lack of support.

Your method of management shows a propensity for making snap judgments without the details of the situation. You are arrogant, elitist, and lack empathy. I'm glad you're not my boss.

 

[drebo]

Sorry, but if your "offices" can be served by 3 1513+s, any Microsoft solution would be in the hundreds of dollars, not 10s of thousands.

Further, you've already spent more than the Microsoft licensing would have cost trying to troubleshoot this.

Try again. You're still an idiot, and you'd still be fired.

Research first so you don't waste money later.

 

[gsaldivar]

For this purpose, however, a Windows Server box would have been cheaper and simpler.

Possibly/probably yes, but we really don't know ALL the details about the poster's situation to make that conclusion. There may have been other factors at work which led to the search for a non-Microsoft solution. Those details aside, it's probably a good idea to just address the technical questions at their face value and leave it at that.

There isn't anything inherently wrong with going non-standard, and yes there probably should have been more research/testing done before a live implementation of this solution. I have personally used Zentyal servers to replace Windows Servers with a good success rate. When properly researched and configured, the platform is rock solid and quite economical.

 

[Mushkins]

Sorry, but if your "offices" can be served by 3 1513+s, any Microsoft solution would be in the hundreds of dollars, not 10s of thousands.

Further, you've already spent more than the Microsoft licensing would have cost trying to troubleshoot this.

Try again. You're still an idiot, and you'd still be fired.

Research first so you don't waste money later.

I'm not sure you're making fair assumptions, and you have no idea what financially quantitative value can be placed on trying to make these work in his situation. Nowhere in the OP did he ever say he took down the old storage solution and left the business with no NAS and no access to their files while trying to configure these things. As far as we know it was 100% business as usual and this is strictly a capacity expansion or something where nothing is really lost by a few days delay.

Project delays happen and people make mistakes. If you just fired anyone and everyone that worked for you as soon as they ever made even an easily fixable mistake you'd get pretty lonely pretty fast sitting at the top all by yourself.

Either way, the OP made the solution work with a middleware fix. It's not optimal, but he still worked through the error, learned one more thing, and came up with a feasible and cost-free solution.

And good luck selling that "Microsoft is the only solution or your fired" to all the big time network infrastructure linux techs. Yes it's less common, but it's a legitimate approach to network infrastructure.

 

[ZippyDan]

Sorry, but if your "offices" can be served by 3 1513+s, any Microsoft solution would be in the hundreds of dollars, not 10s of thousands.

Further, you've already spent more than the Microsoft licensing would have cost trying to troubleshoot this.

Try again. You're still an idiot, and you'd still be fired.

Research first so you don't waste money later.

By wasting my time with you, I guess you come out the victor, but I can't help being drawn to the desire to put your arrogance in its place. Hopefully someday that gift will be given to you.

When I said "tens of thousands", I was inaccurate. I should have said "over ten thousand dollars". Additionally, I was perhaps unfairly including the cost of Microsoft Exchange Server and Exchange Server CALs in my comparison, but we also use Zentyal (Zarafra) to replace Exchange Server, and that was part of the cost calculation that went into the decision to use a nonMicrosoft solution. Though to be fair, Zarafra does have licensing requirements also.

Anyway, the total cost of a MS Licensing solution for Windows Server Standard Licenses, CALs and an Exchange Server License and CALs comes to around $13,000 USD.

The total time I have spent on this hiccup (discovering the WebUI does not have an option for a LDAP port, googling the problem, e-mailing tech support back and forth a few times and attempting their CLI solutions, and finally posting here and at the Synology forums) possibly amounts to 3 hours. In fact, the reason I was disappointed in Synology's support is that they spent so LITTLE time trying to help me with a relatively simple problem before telling me to just return their products.

My time is valuable, but I guarantee you those three hours did not cost the company more than the MS Licensing would have. In fact, there has been no real physical loss in value at all, except for my time, as there was no system downtime for this problem and there is no urgent need to get the NAS up and running by any specific deadline, nor did this problem keep me from accomplishing any more pressing tasks. The NAS's are an expansion, not a replacement, to an already working system, and a delay in that expansion is something that the users are not even aware of. And since I am a salaried employee and not paid by the hour, from the company's standpoint, even my few hours "wasted" does not create any appreciable damage.

Your lack of ability to compare simple economic facts tells me that you, in fact, are the idiot, and I'm glad that at least a couple of other people have spoken up to call you out on your assumptions and unfair generalizations.

 

[ZippyDan]

Just in case anyone else runs across this same problem, I was able to solve it relatively easily.

Here are the basic steps:

1. Setup a temporary LDAP server running on the standard port 389 on any machine. You can even setup one on the Synology box itself by downloading a free package from their package center.
2. Connect the Synology LDAP client to this temporary server. The Synology will not confiugre itself to run the client automatically and create a config file.
3. Now through SSH you can edit the created config file directly from the command line. Change the port to anything you want.
4. Reopening the LDAP client control panel in the Synology WebUI will refresh the config file and show you if the connection is successful.
5. You can now disable/uninstall your temporary LDAP server.

I ran into some other problems getting the Synology to authenticate with the Zentyal server's built-in LDAP user, even after getting the port to change successfully. Basically, I solved this by creating a separate Domain Administrator user specifically for the Synology device.

If you need more details, I suggest finding my thread on the Zentyal support forums. Just search for "Zentyal", "Synology", and "ZippyDan".

 

[Mushkins]

Just in case anyone else runs across this same problem, I was able to solve it relatively easily.

Here are the basic steps:

1. Setup a temporary LDAP server running on the standard port 389 on any machine. You can even setup one on the Synology box itself by downloading a free package from their package center.
2. Connect the Synology LDAP client to this temporary server. The Synology will not confiugre itself to run the client automatically and create a config file.
3. Now through SSH you can edit the created config file directly from the command line. Change the port to anything you want.
4. Reopening the LDAP client control panel in the Synology WebUI will refresh the config file and show you if the connection is successful.
5. You can now disable/uninstall your temporary LDAP server.

I ran into some other problems getting the Synology to authenticate with the Zentyal server's built-in LDAP user, even after getting the port to change successfully. Basically, I solved this by creating a separate Domain Administrator user specifically for the Synology device.

If you need more details, I suggest finding my thread on the Zentyal support forums. Just search for "Zentyal", "Synology", and "ZippyDan".

Thanks for the follow-up. The only downside I really see is dedicating a user CAL for the extra domain admin account, but if you have other services or devices you needed a dedicated AD admin user set up for you can always use the same one so it's not wasted. Glad you got it working.

 

[mloiterman]

There's a reason people still use Windows for things like file servers and authentication.

Say what you will about Microsoft, but Active Directory is still head and shoulders above any other option available.

On another note: if you worked for me, I'd fire you for making this decision.

And if you worked for me, I'd fire you for being an arrogant blowhard.

 

[Juddog]

You purchased a product that does not have the capabilities you need. It's not logical to think that the manufacturer is going to help you make the product work in a way they didn't design it to. Unfortunate, but true.

I realize how frustrating that is, though. In a recent search for a wireless bridge, I found that the device for the box and even the user manual (online) was so abridged that it left me guessing. I ended up buying 3 different bridges, and only 1 actually 'bridged' the way a bridge SHOULD. The other manufacturers, while calling their devices bridges, had actually made devices that were not, they were half-assed access points, media servers, and repeaters (which would only work with a repeater of identical manufacture).

Annoying.

^^ I agree with this; buying something and expecting it to perform functions that it never stated it supported means that you're on your own. Figure it out yourself or go to the Synology community for help, or buy a real SAN that advertises support for those features, or actually build a NAS from scratch yourself that uses ZFS, etc..

 

[Juddog]

Just in case anyone else runs across this same problem, I was able to solve it relatively easily.

Here are the basic steps:

1. Setup a temporary LDAP server running on the standard port 389 on any machine. You can even setup one on the Synology box itself by downloading a free package from their package center.
2. Connect the Synology LDAP client to this temporary server. The Synology will not confiugre itself to run the client automatically and create a config file.
3. Now through SSH you can edit the created config file directly from the command line. Change the port to anything you want.
4. Reopening the LDAP client control panel in the Synology WebUI will refresh the config file and show you if the connection is successful.
5. You can now disable/uninstall your temporary LDAP server.

I ran into some other problems getting the Synology to authenticate with the Zentyal server's built-in LDAP user, even after getting the port to change successfully. Basically, I solved this by creating a separate Domain Administrator user specifically for the Synology device.

If you need more details, I suggest finding my thread on the Zentyal support forums. Just search for "Zentyal", "Synology", and "ZippyDan".

Thanks for the follow up, good to hear this was resolved!