Topic: LDAP Authentication for FreeNas

[Mirfster]

Hello all,

Got a question regarding enabling LDAP Authentication on a SME 9.x Server.

Scenario is as follows:
1) Building a new SME Server 9.x (Will include a 3rd NIC - 10GB just for backups traffic)
2) Will backup and restore older SME Server (8.x) to the new Server
3) Will build a separate FreeNas Server (Will include a 3rd NIC - 10GB just for backups traffic)
4) Want to enable LDAP Authentication so the SME Server will handle accounts

*** Note: Already tried SME as a Domain Controller; but can't get FreeNas to work with Active Directory or just NT4 Domain... Maybe my fault...

Anyways, I am trying thinking of using LDAP Authentication (will see if it works properly in a Test Lab if I can).  My only concern is that per the "LDAP_Authentication" (http://wiki.contribs.org/LDAP_Authentication) Wiki it states:

Warning:
   If you enable ldap auth, it'll remove all your groups, users, ibay accounts from the unix databases so everything is only in LDAP.

If you attempt to then disable LDAP Authentication this will break everything as you won't have any functioning accounts afterwards, and you will disable LDAP master auth functionality.

With that being stated, I am worried that all the Users, Groups, etc. that are re-generated when I do the Restore from the SME 8 Server to the new SME 9 Server are basically lost?

Can anyone chime in on this?  If this is the case, then that is definitely not the route I want to take.

Thanks.

[Stefano]

1) Building a new SME Server 9.x (Will include a 3rd NIC - 10GB just for backups traffic)

how do you think to make it work?

2) Will backup and restore older SME Server (8.x) to the new Server
3) Will build a separate FreeNas Server (Will include a 3rd NIC - 10GB just for backups traffic)
4) Want to enable LDAP Authentication so the SME Server will handle accounts

*** Note: Already tried SME as a Domain Controller; but can't get FreeNas to work with Active Directory or just NT4 Domain... Maybe my fault...

I remember I used FreeNas joined to SME domain in NT4 style, but can't help you, it was may years ago..

Anyways, I am trying thinking of using LDAP Authentication (will see if it works properly in a Test Lab if I can).  My only concern is that per the "LDAP_Authentication" (http://wiki.contribs.org/LDAP_Authentication) Wiki it states:

With that being stated, I am worried that all the Users, Groups, etc. that are re-generated when I do the Restore from the SME 8 Server to the new SME 9 Server are basically lost?

Can anyone chime in on this?  If this is the case, then that is definitely not the route I want to take.

Thanks.

AFAIK you don't need to enable LDAP auth to make FreeNas work..

anyway, if you enable it AFTER you restored your server, you'd not loose anything

[Mirfster]

Sorry for the late response,  I didn't get an e-mail notification there was a reply.

As far as making the 3rd NIC work, I edited the "etc/rc.d/rc.local" to add a line similar to:

ifconfig eth2 172.x.x.x netmask 255.x.x.x broadcast 172.x.x.x

While I have not actually tested accessing shares, I was successfully able to ping from each Server to the other via those statics.  I was waiting to get the other part (Directory Services, LDAP or NT4 Domain) working first.

That is a different range from the other two NICs (Local and Gateway).  The 10GB NIC is directly attached (SFP Fiber) to the FreeNas Server which has a similar Static IP.  ** When I say "Directly" I mean while the cards are physically attached,  SME Server is a VM Instance on vSphere 5.5 Update 3 where I configured a separate Virtual Switch just for the 10 GB NIC (Full Disclosure  )

AFAIK you don't need to enable LDAP auth to make FreeNas work..

True, but I want a single point of administration for Users and Groups and I believe to obtain this I would have to get Directory Services, NT4 Style or LDAP working between FreeNas and SME.  Please correct me if I am wrong in this.

While the main purpose of connecting to FreeNas is to expedite the Backups (since they are taking so long now they are running into the next days start time); I would like to "off load" some other items to FreeNas:

1) Map User Directories to FreeNas instead so I can take advantage of "Snapshots" (Similar to MS "Shadow Copy")
2) Set Quotas
3) Easily expand shares/volumes
4) Leverage ZFS (Really RaidZ2)
5) Have the FreeNas Server backup the SME Backups and itself to a 3rd Storage (Will be the Drobo that it is replacing)

BTW, did I mention that the old SME Server will become an backup SME Server housed at a different location using AFFA? 

AFAIK you don't need to enable LDAP auth to make FreeNas work..

anyway, if you enable it AFTER you restored your server, you'd not loose anything

This sounds promising, perhaps I will try to test it out with another VM instance running SME 8... Can't hurt

Hopefully I did not inundate you with too much information and thanks for your response. 

[Mirfster]

Update:

Turns out that I do not need to use LDAP; since I was able to get the "NT4 Style" Domain to work fine from FreeNas to SME.  The issue turned out to be that I did not add the SME Server IP as a "Name Server" in the "Network - Global Configurations" on the FreeNas Server.

Once I did this "NT4 Directory Services" was able to successfully connect and list Users/Groups from SME.

Running "wbinfo -u" on the FreeNas Server properly shows Users from the SME Server
Running "wbinfo -g" on the FreeNas Server properly shows Groups from the SME Server
I was able to set "Owner (User)" and "Owner (Group)" permissions on Shares to accounts from SME on FreeNas

Thanks to Stefano for mentioning that he was able to get FreeNas working with SME before, it got me to re-focus on using that instead of LDAP.   

[TerryF]

He's not to bad Stefano rarely, if ever, misses the target