This article details how to setup a free standing OpenFiler SAN that will authenticate from the built-in LDAP server. This is a great approach if you only need file storage with no network authentication. While you could authenticate other systems from the LDAP in OpenFiler, I would advise you to look at the OpenFiler project – 2 servers article.
OpenFiler Server
OpenFiler 2.2
2G system
2G data raid 5 member
2G data raid 5 member
2G data raid 5 member
256M
This article details how to setup a free standing LDAP server for authentication, and setup an OpenFiler SAN that will authenticate from the LDAP server.
LDAP Server
CentOS 5.1
2G hdd
256M RAM
OpenFiler Server
OpenFiler 2.2
2G system
2G data raid 5 member
2G data raid 5 member
2G data raid 5 member
256M
I am setting up an http proxy.
# cd /xen # mkdir www1 # cd www1/ # tar xjvf ../debian-4.0-20070801.tar.bz2 debian-4.0.img debian-4.0.xen3.cfg debian.swap # mv debian-4.0.xen3.cfg proxy.cfg # dd if=/dev/zero of=debian.swap bs=1M count=256 #dd if=/dev/urandom bs=1 count=3 2>/dev/null | od -tx1 | head -1 | cut -d' ' -f2- | tr -d ' ' | tr '[a-f]' '[A-F]' 7E0E41 # vi proxy.cfg kernel = "/boot/vmlinuz-2.6-xenU" memory = 128 name = "proxy" vif = [ 'bridge=xenbr0,mac=00:16:3e:7E:0E:41' ] dhcp = "dhcp" disk = ['file:/xen/debian/debian-4.0.img,sda1,w' , 'file:/xen/debian/debian.swap,sda2,w' ] root = "/dev/sda1 ro" ramdisk = "/boot/initrd-2.6-xenU.img" # xm create -c ./proxy.cfg ... DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5 receive_packet failed on eth0: Network is down DHCPOFFER from 192.168.0.36 DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 192.168.0.36 bound to 192.168.0.215 -- renewal in 300 seconds. done. ... # ssh 192.168.0.215 Password: password # vi /etc/hostname proxy # passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully # apt-get update ... # vi /etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.0.52 netmask 255.255.255.0 gateway 192.168.0.1 auto lo iface lo inet loopback # /etc/init.d/networking restart ...lost network connection... # ssh 192.168.0.52 # apt-get install squid3 # apt-get dist-upgrade
I will continue the configuration tomorrow. It will only allow local connections (192.168.0.x).
nano /etc/squid3/squid.conf
I searched for acl all to find the area and added two acls.
acl privnat src 192.168.0.0/255.255.255.0
acl dmz src 10.0.0.192/255.255.255.224I searched a couple of times for “http_access all” and following the INSERT line, added my new rules:
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
http_access allow privnat
http_access allow dmzSave and close the file, then restart squid.
/etc/init.d/squid3 restart