Lead Image © Parisod@Snowmelody, Fotolia.com

Lead Image © Parisod@Snowmelody, Fotolia.com

Integrating FreeNAS with Windows Active Directory

Fun with FreeNAS

Article from ADMIN 26/2015
By
FreeNAS offers a powerful array of features and is adaptable to a wide range of network-attached storage solutions. We look at integrating Windows Active Directory, taking snapshots, replicating, and backing up.

Whether you need a network-attached storage (NAS) solution for your enterprise or small business or just want to build a storage solution for your Windows network, FreeNAS has got you covered.

In a previous issue [1], I showed you how to install FreeNAS, configure sharing, and set up a basic client node. In this article, I dive into more advanced features, such as integrating Windows Active Directory, snapshots, replication, and backup.

Directory Options

Your FreeNAS system [2] can easily integrate with your existing network directory services or use its own local user configuration. If you are running Windows Active Directory, LDAP (e.g., OpenLDAP), NIS (Network Information Service), or NT4 (I hope not!), you can pull the usernames and passwords directly from your directory. In this article, I focus on integrating your FreeNAS box with Windows Active Directory.

In this example, I am building on Windows 2012 R2, but you could build this many other ways. For example, if you have an open source environment, you might build this on Samba 4, which can provide much of the same technology.

Unlike the last installment on FreeNAS, in which I used a local FreeNAS authentication system, this time, I instead point the FreeNAS system to a Windows 2012 Active Directory server. This effectively means that I don't have to recreate users in FreeNAS; instead, I refer to Windows AD for authentication.

In this configuration, FreeNAS polls the Windows 2012 Active Directory domain controller and imports the users into FreeNAS. Keep in mind that FreeNAS also supports being a domain controller (DC) itself or being an additional DC alongside your others. Here, I use it for authentication only, not as a full active directory implementation.

Prerequisites

Before beginning, you must take care of a few prerequisites. To check your configuration in the web management interface, go to Network | Global Configuration (Figure 1). Double-check your network settings (IP, Gateway, etc.) and make sure the correct domain is listed and you are pointed at the correct DNS server. This is easily accomplished by going to the FreeNAS shell in the web GUI or the Console. In this case, assure you are pointing to your Active Directory (AD) domain controller.

Figure 1: Checking your configuration.

Next, you should go to your DNS server (which happens to be your AD domain controller as well) and add a DNS record for your FreeNAS box. Finally, test the name resolution and network availability from the shell on FreeNAS with ping or dig.

Network Time Protocol (NTP) synchronizes time on a network. Time is of vital importance to many services such as Kerberos and logging, among others. In this case, you want to assure both your Windows 2012 R2 server and FreeNAS box are pointing to the same NTP server. In FreeNAS, you can do so by going to System | General | NTP Servers .

If you are running an End-of-Support/End-of-Life version of any software, it is time to upgrade. Systems such as Windows NT4 to 2003 (end of life in 2015) or NIS are beyond antiquated, insecure technologies that should only be exhibited in museums.

Setting up AD Authentication

With the prerequisites out of the way, you are ready to begin. For this section, I assume you already have a basic FreeNAS setup that is using local authentication (FreeNAS local users/passwords) and you are reconfiguring it to use Windows Active Directory. Starting this process is simply accomplished by navigating in the FreeNAS web GUI to Directory | Active Directory (Figure 2). Simply put in your domain, AD administrator account and AD administrator password. When it finalizes, you will see a success message flash at the top of the FreeNAS screen.

Figure 2: Active Directory settings window.

Generally, you will be fine using the default option (non-advanced mode), but quite a few options are customizable by clicking the Advanced Mode button [3]. Once you have set up your FreeNAS box to use AD, you can go to your volumes and change the permissions as desired under Storage | View Volumes . Simply select the volume you want to manage and then click the Change Permissions icon. From there, you will see the usual options for assigning permissions.

Now that you have set your FreeNAS server with Active Directory, you can use a Windows client to test it. As you see in Figure 3 on a Windows 7 client joined to the domain, I'm able to connect to the share and enjoy the music (metal specifically) that I have stored there. Give me a minute to rock out! \m/( )\m/

Figure 3: Streaming music after joining the domain.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus