Topic: SME to authenticate users on an openfiler box?

[judgej]

Can anyone tell me whether it is possible to use an SME7 box to authenticate users accessing an OpenFiler NAS box?

I basically have one SME6.5 (to be upgraded to SME7.x) with the users defined. I am intending rolling out two OpenFiler NAS boxes, at different locations, synchronised so they back each other up over the Internet.

The OpenFiler boxes can authenticate against a wide range of services, most of which I have no idea how to set up.

My ideal would be to tick a few boxes in the OpenFiler boxes, enter some details for the SME box, and then have users accessing the OpenFiler box authenticated against the SME server.

-- JJ

[SupportIT]

You can install the NIS contrib and use it for your authentication - I have it working and it seems to be all ok.

[judgej]

You can install the NIS contrib and use it for your authentication - I have it working and it seems to be all ok.

Thanks.

For reference, I've found these two documents, which I suspect may need updating for SME7, but they have got me headed in the right direction at least:

http://no.longer.valid/phpwiki/index.php/NIS%20Authenticated%20Linux%20workstation%20on%20an%20e-smith%20server

http://no.longer.valid/phpwiki/index.php/How%20to%20set%20up%20NIS%20on%20your%20SME%20Server

[p-jones]

judgej, did you ever progress this ?? If yes, how ?

[christian]

I second the query. I'll be moving ahead on this probably in the next few weeks. I'm toying with either OpenFiler or FreeNAS.

[judgej]

judgej, did you ever progress this ?? If yes, how ?

On the one hand: no, but the story has moved on.

In theory OpenFiler would authenticate against an NT domain, and SME Server can act as a domain controller. So it should work. Unfortunately, make one tiniest mistake setting up OpenFiler (the kind of thing you would do when when setting it up for the first time) and you get locked out of OpenFiler, with not even an administrator login. So for a biginner, it is a big risk, and a big learning curve trying to work out how to get your locked up data back.

But I said the story has moved on. I've noticed in the last few days that OpenFiler 2.2 now has its own built-in authentication server. That should really open up the market to home users. I've run out of space on my 500G SME server, and so I'm looking for a terabyte or more of decent RAID storage.

I'm going to give OpenFiler another go, but for now avoid trying to authenticate against the SME server, because it is not fun being locked out of your storage, with the prospect of days of learning how the damn thing works to get back in again.

-- JJ

[judgej]

I second the query. I'll be moving ahead on this probably in the next few weeks. I'm toying with either OpenFiler or FreeNAS.

FreeNAS: very small, compact, fast, but very limited (one share - basically like a USB disk on the network). Can run off a small compactflash card. The Mini solution. Free.

OpenFiler: very large, complex, complete (many shares, many users, many ways to access the data - webav, ftp, NFS, iSCSI/NAS, etc.). Needs its own separate 3Gbyte+ disk to boot off, though people have had some luck booting from 4Gbyte compactflash cards. Just keep plugging in new disks and extend logical volumes as needed. The Rolls Royce solution. Free.

SME: more geared towards mail and other services than pure storage. Does its job well, but when you run out of storage, it's not easy to just plug another disk in and extend logical disks. The Estate/family car solution. Free.

All do RAID, and no matter which one you start with, moving your data to another would not be hard. All great choices for their niches.

-- JJ

[christian]

JJ,
thanks for the notes.

In the latest FreeNAS version the docs indicate that you can link up multiple FreeNAS boxes via iSCSI (as does OpenFiler). It also indicates the ability to combine physical volumes and then create logical volumes on top od these. To be frank the way it reads you could in theory create more logical volumes of logical volumes.

Are your FreeNAS comments based on the current releases or past analysis? In other words is the FreeNAS docs talking about future state (or over stating its capabilities)?

Did you note if either can have its root disk set up as RAID1?

What attracts me about FreeNAS is it seems well documented, small foot print, has uPNP capability.

Christian

[francois.mdlh]

judgej, any success getting Openfiler to authenticate from SME? I have been using both seperately, but it would be great to run both off the same user database. C'mon ppl, I'm sure this can be done! Help!

[francois.mdlh]

bump

[judgej]

bump

Bumpy bump - sorry, no progress. I kind of ran out of time trying to set it up, and now have bought a bunch of portable USB disks we operate over 'sneakernet'.

-- JJ

[francois.mdlh]

eish, bummer. was hoping someone could get this working. I'll have to use two sme servers then.

[grasomega]

Hi everyone!

I have tested the Openfiler with SME server 7 and it worked like a charm.
I had no problem in getting the Openfiler to authenticate the users on SME Server.
First, you have to setup SME as a Domain Controller.
Join the Openfiler box to SME Domain using NTDOM, not ADS (see Openfiler docs: http://www.openfiler.com/docs/manual/#d0e1157 - 3.5.3. Windows Domain Controller Configuration).
Then you have to reset the computer account for Openfiler on SME:

Code: [Select]

smbpasswd -a -m Clientname$

Then rejoin the Openfiler to the SME Server Domain (on Openfiler):

Code: [Select]

net rpc join -S $smeserver -U admin

and enter the password.

I created then some file shares on Openfiler and I could setup ACLs based on SME users. They were respected and the users had access as set.

All the setup was made on a single server with VMware Server and virtual networking.

I hope this helps.

grasomega

P.S. Many thanks to the SME Server team for their absolutely great product!

EDIT: I forgot the joining the domain step  

[TrevorB]

In the latest FreeNAS version the docs indicate that you can link up multiple FreeNAS boxes via iSCSI (as does OpenFiler). It also indicates the ability to combine physical volumes and then create logical volumes on top od these. To be frank the way it reads you could in theory create more logical volumes of logical volumes.

I use a FreeNAS box for my backups etc. linked to the smeserver via iscsi (using dmay's dar2 contrib for backup). Works very nicely. 3 disks in the FreeNAS box. 2 in raid 0 mode (striped) and 1 holding the OS and some more share.

Shares are CIFS (for general media stuff throughout the household) and workstation backup as well as the iscsi for full/incremental server backup.

I have the security wide open (as it's just @ home), but it does allow for using the smeserver for authentication (I just haven't tried it).

FreeNAS box has a pre-allocated IP from the smeserver box (via hostnames), so it's a known name for all the Win boxes.

Trevor B

[francois.mdlh]

you sir, are a genius! i love you!

[unite07]

Grasomega.

I have configured sme as the domain controller and openfiler to authenticate against it.

openfiler sees the users and groups but when i try and set up a share using the openfiler account administration screen it gives this error:
ldap_bind: Invalid credentials (49)

i have not set up ldap, only NTDOM is set up.  

Has anyone got this to work not using ldap?

aaron

[grasomega]

Hi, everybody,

Ok, I guess I overlooked this:

Before joining the domain,

1. on Openfiler's interface go to Services -> Enable/Disable and set SMB/CIFS to enable.
2. On SMB settings, set the Wins Server to the SME server name. Leave anything else to default.
3. Go to the Join the domain using NTDOM. Reset the account on SME. Rejoin - it should work even with Openfiler's Interface.

It should be working...

grasomega

[darmasanthi]

i am a newbe, what is mean :

Then you have to reset the computer account for Openfiler on SME:

Code:

smbpasswd -a -m Clientname$


Then rejoin the Openfiler to the SME Server Domain (on Openfiler):

Code:

net rpc join -S $smeserver -U admin


I do not understand .."Clientname$" and "$smeserver"

Regards,
darmasanthi

[darmasanthi]

Yes, i can see the user on OpenFiler Group+User,

but we can not access the file sharing ...?

Regards,
darmasanthi

[darmasanthi]

you sir, are a genius! i love you!

Hi,
could you help me for the complete HowTo,
cause, i can not find it

Regards
darmasanthi

[darmasanthi]

You can install the NIS contrib and use it for your authentication - I have it working and it seems to be all ok.

Can you give me the complete HowTo..

regards,
darmasanthi

[darmasanthi]

Hi everyone!

I have tested the Openfiler with SME server 7 and it worked like a charm.
I had no problem in getting the Openfiler to authenticate the users on SME Server.
First, you have to setup SME as a Domain Controller.
Join the Openfiler box to SME Domain using NTDOM, not ADS (see Openfiler docs: http://www.openfiler.com/docs/manual/#d0e1157 - 3.5.3. Windows Domain Controller Configuration).
Then you have to reset the computer account for Openfiler on SME:

Code: [Select]

smbpasswd -a -m Clientname$
Then rejoin the Openfiler to the SME Server Domain (on Openfiler):

Code: [Select]

net rpc join -S $smeserver -U admin
and enter the password.

I created then some file shares on Openfiler and I could setup ACLs based on SME users. They were respected and the users had access as set.

All the setup was made on a single server with VMware Server and virtual networking.

I hope this helps.

grasomega

P.S. Many thanks to the SME Server team for their absolutely great product!

EDIT: I forgot the joining the domain step 

cause i'm a newbe,
could you give us a complete how to...
if you don't mind, help me with example

Regards.
darmasanthi

[mazkot]

You can install the NIS contrib and use it for your authentication - I have it working and it seems to be all ok.

whats your configuration in openfiler?
I have the NIS working but I cannot open the folders.

thanks

[byte]

Moving this topic to the SME 7.x contribs forum, it is more appropriate there. Thanks!

[mazkot]

Since I search to openfiler and read that NIS is not to supported by the new openfiler... I like to ask if someone had configured openfiler with ldap and not using sme as PDC?

Thanks