Join Openfiler to Active Directory
Saturday, December 13th, 2008 | Author: Ozzik

As promised, the guide for joining of Openfiler to Active Directory.
And a small part of getting in to make a Homedir for every user (not yet tried by me though).
Most of this guide is copied from rossignol’s guide on the forums.
This document was created for use with Openfiler 2.3 final.
Test domain machine is dcnbn.ds. trotfqdn.ab.ca
This document is case sensitive.

Legend:
dcnbn = domain controler’s netbios name
ds = domain short name
trotfqdn.ab.ca = the rest of the fully qualified domain name.ab.ca
ofnbn = openfiler box’s netbios name

Installation guide is pretty good on the openfiler’s homepage

regarding the next notes from rossignol’s guide: I’m not sure it’s the only way this is gonna work, so it’s up to you if you wanna follow his advice. (this is all regarding the installation).

NOTE: IF THERE IS AN eth1 you must set a static ip for this even if
you don’t intend on using it. Otherwise once install is complete
gateway will be taken by DHCP.
Set hostname ofnbn.ds. trotfqdn.ab.ca.
NOTE: IF YOU MESS UP THE HOSTNAME AND TRY TO CHANGE IT
LATER IN THE WEB CONFIG IT WILL NOT WORK!!!!!!!!!!!!!! HOSTNAME
MUST BE CORRECT DURING INSTALL.

for example, I did change the hostname after the installation in the web config and it still worked.

Set DNS. NOTE: 1st DNS must point to a DNS server that knows
about the Domain, this can be the domain controller itself in some
situations, but in some cases there is a specific DNS for the windows
servers. For secondary and tertiary use your external DNS.
Click on your for time zone and enable the UTC.
NOTE: UTC is not nessary (internet time server) BUT Time sync with the
domain controller is ABSOLUTLY nessary. Kerberos tickets are time sensitive.
I recommend using the same time server for the domain as the openfiler box.

Before you go on, you better update the whole thing as there were some pretty nasty bugs that are fixed now (look for my previous posts about Openfiler). The way you do it is go to the “Update” in the upper right corner, click “launch update” and update everything “in the background”. after that login to ssh or do it from the console:

conary update kernel

Configuration

Log on to the web console https://serverIP:446 with username:openfiler password:password
Go to Accounts tab ->admin password -> current password is password, and enter a new one here
On the system verify your hostname ofnbn.ds. trotfqdn.ab.ca
On system tab , network access configuration. Enter the site ip range and proper subnet that will be accessing this. Example office 10.1.0.0 255.255.0.0 share.

Services tab -> enable SMB
Service tab -> SMB/CIFS setup -> make sure the netbios name is ONLY the ofnbn (you will most likely have to delete ds.trotfqdn.ab.ca)

Acounts tab -> expert view
Check “use windows domain controller and authentication” -> “active directory” radio button
Domain: DS
Domain controllers: ds.trotfqdn.ab.ca - worked with this but may need dcnbn.ds.trotfqdn.ab.ca
ADS Realm: ds.trotfqdn.ab.ca
Join domain : check this
Enter the domain username/password
Scroll down and click use Kerberos5
Realm: ds.trotfqdn.ab.ca
KDC: DCNBN.DS.TROTFQDN.AB.CA
Admin server:DCNBN.DS.TROTFQDN.AB.CA
These settings maybe different if you use a separate Kerberos server from the primary domain controller, but case sensitive - don’t forget.
On the domain controller(Active Directory’s management) go to the properties of the machine that is now in AD and click “Trust for delegation”.
Reboot the Openfiler box.
Log into the web console, go to accounts -> user list. this should be populated.

As for the next section, I used a slightly different approach, maybe because this guy is using a single disk for the Openfiler and data storage. I, myself, used different drives: a single drive(or RAID1) for the Openfiler and 3ware controlled RAID5 drive(10TB) for the data.That’s why I didn’t have to make an extended partition, instead I had to label the drive (via parted) “gpt” and not the default “msdos”, which only allows up to 2TB for a single partition. Other than that it’s pretty similar:

Volume -> block devices click edit under the drive, scroll down to create disk, primary, extended partition, click create. Click block devices again, scroll to bottom, logical disk create again.
Now click add volume. Enter a volume group name. check off the physical volume.
Click shares, click create a new file system. Scroll down and enter a volume name. make it the maximum space available and the filesystem XFS. Click create.

To create user homedirs:
Click on shares, click the volume name and add a sub folder. Click on your sub folder and click make homes share.
Check R/W under SMB/CIFS and click update.
Reboot the openfiler box.
On the domain go to the properties of a user profile -> homefolder H:\ -> \\ip of the openfiler\homes
You should get a message that the folder already exisists. This is a successful message.

Next I’m gonna tell a bit about backing it up via rsync.

Good luck!

Ozzik.

VN:F [1.9.6_1107]
Rating: 9.7/10 (6 votes cast)
VN:F [1.9.6_1107]
Rating: +1 (from 1 vote)
Join Openfiler to Active Directory, 9.7 out of 10 based on 6 ratings