Today’s video outlines how to configure Openfiler and continues where I left off from the installing OpenFiler video. This article assumes that you have already already installed Openfiler. For instructions on how to do that see our video on installing openfiler.
**Note: This information came from a previous site of ours, so the information may be out of date
Today’s video covers:
- Setting up the OpenFiler LDAP Server (Part 1)
- Creating Users and Groups (Part 1)
- Setting up Network ACL’s (Part 1)
- Creating Volumes (Part 1)
- Creating Network Shares (Part 2)
- Creating iSCSI Luns (Part 2)
Open Filer Video Part 1:
Open Filer Video Part 2:
For those of you who don’t feel up for watching a video I have written instructions below:
Setting up the OpenFiler LDAP Server:
Open Filer has two methods for authentication, NT/AD Authentication and LDAP Authentication. If you are using LDAP authentication you can either use an extrernal LDAP server or use the LDAP server included with Openfiler. In this tutorial I will assume you are using the integrated LDAP Server.
To setup LDAP, click on the Accounts tab at the top. On the accounts page, Check the box next to Use LDAP, then check the box next to use local LDAP Server.
By Default the base DN is: dc=example,dc=com
It is ok to leave this value alone, but if you have another domain name you want to use, simply replace example and com with whatever you want. For example; if you want to use everythingvm.com as your domain name, you would enter dc=everythingvm,dc=com
The next item is the Root Bind DN. The default value is Openfiler. It won’t work if you leave this value as default. You need to enter the right syntax. Assuming you want the Hostname to remain Openfiler, and the domain name is everythingvm.com you would enter the following: dc=openfiler,dc=everything,dc=com
Next check the box next to SMB LDAP Configuration; then scroll to the bottom of the page and click Submit.
Next click on the Services tab and verify that the LDAP service is now enabled. If LDAP is now enabled then you know the LDAP server is working.
Creating Users and Groups:
Now that LDAP has been configured you can start creating users and groups. All users need to at least one group. To create the first group, click on the Accounts tab, then on the right side click on Administration.
Ensure the Group Administration tab is selected, enter the name of the group you want to create: Example,:Normal Users
Click Add Group.
The next step is to create a user. Click on the User Administration tab,
Enter the user name for the user you want to create, Example: Seanp
Enter the password in both the Password and Retype Password fields.
In the primary group field, select the Normal Users group, click Add User.
Click on the Volumes tab, click on Create new Physical Volume.
Listed will be all the physical disks in your system. Click on the disk you want to create the Volume on (Example: /dev/sdb)
Scroll to the bottom of the page, change the partition type to Physical Volume
Enter the starting and Ending Cylinders, then verify the size column shows the size of Volume you are aiming for. If you want to create a smaller volume, reduce the number of the Ending Cylinder.
Click Create to create the Volume.
The next screen will show you a pie chart demonstrating how much of the disk has been allocated.
Next we need to create a Volume Group, click on the Volume Groups link on the right side of the page. Enter the name of the Volume Group, check the box next to the Physical Volume you just created, then click Add Volume Group.
Now that we have created a Volume Group and added a volume to it, we need to create a logical Volume or Partition as some people call it. On the right side, click on Add Volume.
The next screen will show you a pie chart telling you how much of the volume group is still available. Enter the name you want the Volume to be known by, Example: MyShare
Use the slider to choose how large you want the volume to be. In the drop down, select the file system type you want to use for this volume: Example: EXT3 or iSCSI. If you are creating an iSCSI LUN, you would select iSCSI, if you plan on creating a file share, you want to select XFS or EXT3.
For the purpose of our example, I will first create an EXT3 partition/volume using 50% of the Volume Group, then create a second partition/volume by clicking on Add volume on the right side and selecting iSCSI.
Setting up Network ACL’s:
Network ACL’s (Access Control Lists) allow you to control access to your storage system based on the IP address of the client. Provided you have good network security, it is an easy way to restrict access and not have to deal with user-names and passwords.
To configure Network ACL’s:
- Click on the System tab
- Scroll down to the bottom
- Type a name for your ACL (Example: Servers), Enter the IP Network Address (Example 10.0.0.0), Enter the Netmask ( Example: 255.0.0.0)
*Note* If you use the above examples, you would be setting access controls which would affect any computers whose IP addresses begin with 10.
4. Click Update
Repeat steps one thorugh four to create as many ACL’s as you please. You will be able to grant or restrict access based on these ACL’s when you create your shares and LUN’s.
Creating Network Shares:
OpenFiler is capable of sharing files using many protocols. In order to create a share you must first enable the service, then create the share.
- Click on the Services Tab at the top of the screen
- Click Enable next to SMB/Cifs and/or NFS Server depending on the protocols you wish to use for sharing your files.
- Click on the Shares tab
- Click on the volume you wish to create the share on
- Enter the name of the folder you wish to share, then click on create sub folder
- click on the folder
- click on share
- click on make share.
- Next to Share Access Control mode Select Controlled Access.
*Note* You can either select Public Guest Access, or Controlled Access. If you select Public Access, there will be no username/password required to access the share, but we can still use Network ACL’s to control Access.
- Click PG next to the group you wish to use as the Primary Group, You need to specify at least one. Then select RW to enable Read/Write access for this group. Alternatively you could select RO for Read Only access, or NO for No Access.
- Click Update
- Scroll to the bottom of the page again
- Under Host Access Configuration, select RW next to the ACL you wish to use, and underneath the protocol you wish to use. There will be three radio buttons underneath each protocol. To enable NFS access, select RW underneath NFS. To enable CIFS/SMB access, select RW underneath CIFS/SMB
- Click Update
Creating iSCSI Luns:
So far we have covered sharing files using Open Filer, this would be using OpenFiler as a Network Attached Storage device (NAS). iSCSI is known as a SAN protocol and works by sending SCSI commands over a network.
Before proceeding, review the Creating Volumes section of this document and create an iSCSI Volume.
To create an iSCSI LUN:
- Click on the Services tab
- Click Enable next to iSCSI
- Click on the Volumes tab at the top of the page
- Click on iSCSI Targets
- Click Add
- Click on LUN Mapping
- Click Map
- Click on Network ACL
- Click on the Drop Down Menu next to the Network ACL you wish to connect from
- Select Allow
- Click Update
At this point your LUN has been created. For information on how to connect to your LUN from different clients, see the article on Connecting to Storage Systems using iSCSI, NFS< and CIFS (SMB): https://www.idkrtm.com/connecting-to-storage-systems-using-iscsi-nfs-and-cifs-smb/