This article details how to setup a free standing OpenFiler SAN that will authenticate from the built-in LDAP server. This is a great approach if you only need file storage with no network authentication. While you could authenticate other systems from the LDAP in OpenFiler, I would advise you to look at the OpenFiler project – 2 servers article.
OpenFiler Server
OpenFiler 2.2
2G system
2G data raid 5 member
2G data raid 5 member
2G data raid 5 member
256M
Most servers have static IPs. You network is probably using 192.168.x.x. I would recommend that you pick a range of addresses to assign statically. I keep my records in spreadsheet. Something like:
192.168.1.x subnet 255.255.255.0
Gateway 192.168.1.1
P.DNS 192.168.1.1
.1 router
.3 openFilerGenerally if you are using a SOHO Router (you know, the kind Best Buy, Fry’s, etc sells) your Gateway and DNS will be your router.
—
dn means Distinguished Name and is similar to referring to you by your full name to identification in a group.
dc means Domain Component, and is it one part of the name.
objectClass defines what purpose the entry serve; as a person (not LDAP) I might have father, husband, technician, bugSquisher.
openfiler
I would recommend that you have a small “system” drive and then a group of “data” drives.
Installing openFiler 2.2, boot from the CD
openfiler screen, Next
U.S. English, Next
Automatically partition, Next, Yes I am sure
Select (check mark) only the system drive
Select Remove all Linux partitions on this system, Next
Take a look at the partition layout, smile, nod and click, Next
Network, Click Edit
Uncheck Configure using DHCP
Assign the IP Address and Subnet Mask from your IP Log (remember, the one you wrote earlier), Click OK
Assign a hostname: san.example.com
Assign Gateway and Primary DNS, Click Next
Timezone: Hopefully you know where you live. System clock uses UTC is already unchecked. Click Next
Root password, I would make it the same. You could be paranoid and make it different, but if you choose that I would recommend that you get a good password wallet. And Click Next.
Click Next to begin installing.
Reboot when it completes.
Open a browser and go to https://192.168.1.3:446
Scroll down the license, read it, and if you agree continue. If you do not, quit reading.
The default login is username: openfiler, password: password
Services tab
- Enable/Disable sub-tab
Enable LDAP
Enable SMB/CIFS if you want sharing with Windows machines.
If you are looking for other services you should already be familiar with them (NFS or iSCSI).
- SMB Settings
All of the default settings should be sufficient.
- LDAP Settings
Base DN: dc=example,dc=com
Root bind DN: cn=Manager,dc=example,dc=com
Root Password: (write it down somewhere)
Allow users to set password: checkmark
Click submit.
IMPORTANT: When you submit information from the LDAP Settings it initializes LDAP. If you do it again later it could potentially erase changes you have made.
Accounts tab
Click the Accounts tab, and Admin Password sub-tab. Change the password, and write it down.
Back to the Authentication sub-tab
Check mark “Use LDAP”
Un-Check mark “Use TLS”; This is encryption so you are not sending you password over the network in plain text – You are sending it local so it is not quite as big a deal.
Server: localhost
Base DN: dc=example,dc=com
Root bind DN: cn=Manager,dc=example,dc=com
Root bind password: (the one you wrote down a minute ago)
click Submit
- Account Administration sub-tab
Group Administration, Add new group,
Group Name: Users
Uncheck “Override automatic GID” (unchecked is default)
Click “Add Group”
Success
User Administration, Add new user,
Username: charles
password: asdfgh
type the password again
Primary Group: 500: Users
Uncheck “Override automatic GID” (unchecked is default)
Success
— Side Note
I fought with this error for a while. It was because I did not have the samba.schema on the LDAP server. I am leaving it so if someone else is having this error they will know what I had to fix.
An error has occured:
Error changing password.
Failed to add entry for user Charles.
Failed to modify password entry for user Charles
The List of users and List of Groups is empty. I am going to continue since it shows users and I will come back to it if they don’t populate after I create volumes and shares. (FIXED)
— END Side Note
Go check the sub-tab List of users, List of groups and Account Administration to see if you can view your users.
General Tab
There are two sets of security, user based and IP based. Next we navigate to the General tab.
I’m going to create two networks.
Name Network/Host Netmask Type localhost 127.0.0.1 255.255.255.255 Share nat 192.168.1.0 255.255.255.0 Share
Navigate to the Clock sub-tab and set the time and date.
Navigate to the Notification sub-tab. I strongly recommend that you set an email so you will be notified if a drive fails.
Volumes tab
The tabs will seem “backwards” since you will use them right to left. This walk through is tailored to systems using software raid. The software raid is preferable to fakeraid (if it is on a motherboard or you paid less than $150 it is probably fakeraid) and hardware raid is expensive.
- Physical Storage Mgmt. sub-tab
The first drive should be your system drive. Each of the others is a data drive.
Click /dev/sdb,
Scroll down to the section to “Create a partition” ,
Change the Partition Type to “RAID array member”,
The other options are fine with defaults,
Click Create.
You are taken to an “Edit partitions” page, click the link “Back to the list of physical storage devices”.
I repeated that process on /dev/sdc and /dev/sdd, and you should continue on the remaining members of this RAID array. Then continue…
- Software RAID Mgmt. sub-tab
Select RAID array type: RAID-5 (parity),
Checkmark all of the RAID members,
If you have a “Spare” you can also select it here, if you do not or you are not sure what it means don’t worry about it now and read about it later,
Click “Add array”,
Move on…
- Volume Group Mgmt. sub-tab
“Create a new volume group”,
Fill in the “Volume group name” – realize that this will appear as part of the path. I will call mine VolGroup01.
Select the /dev/md0 – this is the RAID you just created,
Click “Add volume group”,
Move on…
- Create New Volume sub-tab
Now we are down to the meat. This is where you start carving out chunks to share. You will probably use this tab fairly frequently until you have your shares completed.
“Create a volume in “volgroup01″”,
Volume Name – Avoid spaces, use letters, numbers, dashes or underscores – I used “store”,
Describe the store – you may use any character you would like – I used “A new store for example”,
Required Space (MB): 100 – 100MB for this example,
Filesystem type – I would recommend Ext3 with a few exceptions:
If you want an iSCSI share choose iSCSI,
If the Filesystem is 8TB for 32 bit or 16TB for 64 bit you will need a different filesystem,
Click Create – This can take quite a long time for large filesystems, go get a coke.
- List of Existing Volumes sub-tab
So, you are sitting here now. If you have an Ext3 partition and need more space you can make it bigger with the Properties: Edit.
Shares tab
List of Current Shares
You should see a tree with:
volgroup01
A new store for example
Click the Volume (“A new store for example”),
Name the folder (I will name it “folder”) and click Create a Sub-folder,
Click the folder,
There are several options to create a sub-folder, rename the folder, create a description, delete the folder, but most importantly,
Click Make Share.
First, the settings I used and then an explanation.
Controlled access
Users: PG and RW
Click Update
Host access configuration
Under SMB/CIFS
localhost RW
nat RW
The Restart services automatically checks
Click Update
— Explanation
You will remember earlier I said there is user and IP security…
Group access configuration
You have 2 options, Public guest and Controlled access. Public guest permits access without authentication and Controlled provides authentication.
Each share must have a “Parent Group” or PG. Think of this as the owner group.
You can also assign each group permission with NO Access, Read Only (RO) or Read and Write (RW).
—
Host access configuration
SMB/CIFS
Enable oplocks – leave this at default
Restart services – this will automatically become marked if you change something
that requires a service restart
Each of the services provides the option to advertise the share on the respective protocol. Make something available here does NOT enable the service, but it is possible to have one share available to Windows clients and another as an NFS share, or even both options on the same share.
Each network you created earlier can have NO Access, Read Only or Read Write.
NFS provides options for Root Access and Run Insecure; Explaining these is beyond the scope of this article and you really should do some more reading before you enable either one.
— END Explanation
You have enough configuration now that you should be able to browse it on your Windows workstation. Just type \\192.168.1.3 and you should be able to see the share. At some point it will ask you for your username and password.
[...] OpenFiler project – one server Lights out [...]