apr 16, 2009 -
In my previous post, I went over the basic installation of Openfiler. In this final part, I'll describe how we configured Openfiler via the web interface to create users, partitions and shares.
What is our NAS going to do? We can configure all that we need from the web interface. The Openfiler documentation, at the time of writing this blog post, was messy and written for the previous version of Openfiler. It seems a little better now but let's go over it anyway! Point your browser to the IP address you remembered/wrote down earlier (ie. https://192.168.0.100:446). You might get a security warning but you can ignore it (or add an exception for it). From here on, we'll do everything via the web interface.
- Login with username: openfiler and password: password (don't forget to change this later on).
- Navigate to: Services > Manage Services, and click Enable on the following services:
- SMB / CIFS server (to enable shares)
- LDAP server (to store users and groups)
- Navigate to: Services > SMB / CIFS Setup.
- Fill in the NetBIOS name (ie. fileserver). This represents how the server can be accessed (ie. \\fileserver\myshare). You can leave all other settings untouched.
User and group access
Now that the basic services are enabled, we need to tell Openfiler that all our user accounts are stored in the just enabled LDAP.
- Navigate to: Accounts > Authentication.
- Make the following changes:
, and click Submit at the bottom of the page.
- Use LDAP: checked
- Local LDAP server: checked
- Base DN: dc=yourdomain,dc=yourextension (I chose: dc=maykinmedia,dc=com)
- Root bind DN: cn=manager,dc=yourdomain,dc=yourextension (I chose: cn=manager,dc=maykinmedia,dc=com)
- Root bind password: yourpassword (I chose: oh wait...nm)
- SMB LDAP Configuration: checked
- User password policy: checked
At this point, it might take a while before these settings take effect. If you proceed to create groups (as we're going to do in a second) and get a warning, don't worry. Just disable/enable the LDAP server under Services > Manage Services to make things work. If things are still not working, rebuilt the LDAP under Services > LDAP Setup.
We'll create 2 groups: "staff" and "users". The users group will only be able to access the Projects share and the "staff" group will be able to access all shares.
- Navigate to: Accounts > Administration (this brings you to the Group Administration tab).
- Under Add new group, fill in the Group Name (I chose "staff"), and click Add Group.
Repeat this for the users group. Adding a user to one or more groups is just as simple:
- Click on the User Administration tab on the same page.
- Under Add new user, fill in the username, password, primary group, and click Add User.
Repeat this for all the users you'd like. To add someone to multiple groups (ie. part of the staff and users group) go back to the Group Administration tab look under Group Control.
Partitions, volumes and volume groups
We still don't have any storage space, shares or users. Create one big storage space from the unused disk space (from the 2 hard disks):
- Navigate to: Volumes > Block devices.
- Under Edit Disk, click on the : /dev/hda
- Scroll down to Create a partition in /dev/hda, select:
and click Create.
- Mode: Primary
- Partition Type: RAID array member
Repeat this for /dev/hdb.
- Navigate to: Volumes > Software RAID.
- Scroll down to Create a new RAID array.
- Under Select RAID array type, select: RAID1 (mirrored).
- Check both devices, and click: Add array.
The just created software raid's state will be: Active & recovering, for a while before getting Synchronized. Now, we'll create the volume group(s) to store data. A (logical) volume group (VG) is some virtual disk space that can span multiple physical volumes (PV). In our case this is not applicable but a required step in the process. The VG will consist of the remaining space on the PV.
We will create a volume group called "maykin" which will consist of 3 volumes: "File Server", "Repository" and "Backup". I will only cover the "File Server" volume in this post since it's the only one that will have shares. The other two are used for different purposes then actually intended by Openfiler. Anyway, the "File Server" volume will get 2 shares: "Administration" (for us, the owners) and "Projects" (for every authenticated user).
- Navigate to: Volumes > Volume groups.
- Under Create a new volume group, fill in the Volume group name (I chose "maykin"), check the only available volume, and click Create volume group.
- Navigate to: Volumes > Add volume.
- Scroll down to Create a volume in "maykin", fill in the desired size, name (I chose "File Server"), leave it on XFS, and click Create.
I didn't use the maximum available size for the volume so I can make more volumes later. To make this File Server volume accessible, we create shares:
Setting up shares
Shares are the available access points to the volume we just created. As mentioned before, we'll create 2 shares: "Administration" and "Projects".
Before we do this, we'll add an IP-range that will have access to these shares. This seems to be mandatory, otherwise the shares would not show for me.
- Navigate to: System > Network Access Configuration.
- Fill in all the fields. (Typically: 192.168.1.0 as Host, 255.255.255.0 as Netmask, so all clients in the 192.168.1.* range can access the shares).
- Click Update.
There! Not a very hard step but it took me a while to figure out this was mandatory. Now, finally, shares!
- Navigate to: Shares.
- Click on File Server, fill in the sub folder name in the popup (I chose "Administration"), and click Create Sub-folder.
- Click on the just created sub folder, and click Make Share.
This brings us to another page where we can assign groups to shares:
- Under Edit share you can fill in Override SMB/Rsync share name to have a nice share name (by default "[volume group.volume.share name]"). Typically, just fill in the same share name (to name it "[share name]").
- Scroll down to Share Access Control Mode and make sure it's set to Controlled access (if not, set it and press Update).
- Scroll further down to Group access configuration.
- For the staff group, select PG (Primary Group) and RW (Read/Write access).
- For the users group, leave NO (No Access) checked.
- Click on Update.
- Scroll down to Host access configuration.
- Select RW under SMB/CIFS (Read/Write access for the IP-range for our shares. Group access still take precedence, don't worry).
- Click on Update.
Repeat this for the Projects share, and set appropriate access for both the staff and users groups.
And... done! Under Windows you can access the shares by going to the IP address or Netbios name in Windows Explorer (ie. \\192.168.1.10 or \\fileserver).