FREE NAS 8.0 / 7.2 and Server 2008 Active Directory

[Ulfwald]

I set up FreeNAS and I am able to access it from the web interface create the volumes, but I am having trouble mapping a drive to it from the 2008 server. So I have read on the FreeNAS forums where it has issues, so now I am downgrading to 7.2. Any tips, tricks, or hints you folks can offer are greatly appreciated.

My Windows 2008 server is running Active Directory, AD Integrated DNS, DHCP, and print services. I have not set up user accounts or computer accounts yet, as I want my infrastructure to be in place before I start connecting clients. The Server set up is an Intel 3.2 ghz processor (32 bit) with 4 gigs of RAM, which 2008 enterprise sees all of. 1 400 gig SATA boot drive, mirrored to another matching drive. Then I have 2 SATA RAID cards, each card has 4 400 gb Hard drives in a striped set up on the hardware. but then the 2 1.4tb volumes those create are mirrored in windows.

I figure I need to set up a computer account on the windows server, call it FreeNAS_001, and also set up a user account called FreeNAS_001 with a password that does not change and give it admin privileges.

Any other suggestions?

 

[Nothinman]

Computer accounts should be automatically created when joining the domain and I see no reason why any accounts used by FreeNAS itself should have domain admin rights. But I don't have any experience joining FreeNAS to AD.

 

[Apathetic]

I believe you can configure FreeNas to authenticate against an AD server. That way, you wont have to create two local users (one on the FreeNas side and one on the Windows side).

 

[Ulfwald]

According to the forums on the FreeNAS Sites, 8.0 release has issues connecting, which I ran into last night. So I am downgrading to 7.2. Just looking for advice to minimize my frustration factor and get it up and running asap. Because I want to mount the volumes on the NAS server as a folder on the 2008 server. Then I will set up the FTP site on that. or should I just map it as another drive, and forward the FTP port on the router to the NAS server?

 

[Apathetic]

See if this article helps:

linky

Dave

 

[Apathetic]

Unfortunately, I haven't messed with the newer versions of FreeNas and can't offer very much specific help. It looks like going with 7.x is the right way to go for now until they resolve the issues in 8.x

Dave

 

[Ulfwald]

Well, then I guess I am going to reload 7, right now I have a CF direct insertion adapter ordered from New Egg, and will reload once I get it. Until then I will play around with 8 and see if I can get it working.

On another note, I am also looking at Astaro as a firewall solution.

 

[Scarpozzi]

I wanna make a suggestion....

It sounds to me like all your users are coming from AD (windows users). If that's the case, then I would suggest trying to keep everything as native as possible on the Windows side. If you don't, you'll ultimately be dealing with account syncronization and maintaining services that WILL change over time. In other words, as things get patched and adjusted, they'll eventually break or have problems that will require further attention.

If you're just wanting to share the volumes on your NAS box and don't need linux users to access it, I'd set up an iSCSI target there and use the Microsoft iSCSI intiator to connect to it...then format it from Windows Server as NTFS and do all your shares on the "Locally mounted" NTFS/iSCSI volume.

FreeNAS is a good download, but you'll probably have slightly more control if you pick another OS...because then you can follow the product lifecycle and not feel like it's as much of a black box. Ubuntu, CentOS, Red Hat, SUSE, etc can all provide iSCSI targets and will likely be a little more user-friendly if you ever have serious problems with the core OS. Heck..if you have an extra Windows license, you can do it with Server 2008 too.

I recommend also going with one of those linux distros because you can disable all you don't need, firewall the box specifically to only talk to your windows host and your ssh client and routinely update itself via yum or zypper (whatever SUSE is using these days).

I currently run 2 FreeNAS boxes and have had luck with it, but got burned a few years back because the OS crashed hard and I couldn't ever get the system to boot. I had to revert back to a system level backup that captured the mounted stores.... I just like the granularity that a real linux server gives. Particularly that you know which config files you touched...it might take you a little longer to get it off the ground, but most of the iSCSI stuff is cake compared to dealing with account management. If you do want integration with a linux host, look at Likewise.

 

[Ulfwald]

Scarpozzi, that sounds like a good idea. Basically I am building this as a final project for school. iF i AM USING freenas 8, How would I set up the file system? I guess I would map the Iscsi to the IP address of the nas box right? I have not messed with ISCSI at all, this is new to me, so any help or tutorial would be greatly appreciated.

 

[Scarpozzi]

iSCSI 101:

When you setup a target, you're not formatting anything. You're just setting aside a contiguous set of blocks on the disk to be presented to an iSCSI target. Think of iSCSI as an external SCSI adapter that uses a network cable instead of a SCSI cable. Best advice....keep it on the same switch (preferably gig link with jumbo frames)...don't route it anywhere or you'll see packet loss, degraded performance. So if your boxes are in the same room, you'll see the best performance.

If the network is secure and you can lock down your adapter with a firewall, don't bother with CHAP. On the other hand, if you don't want someone else to attempt to connect to the iSCSI target, configure it. I typically don't bother since I set it up on non-routed private class C anyhow. iSCSI works best when it's point-to-point.

Performance-wise, you'll typically hit a peak of 600Mbit for a busy volume over FC. That's for datacenter-type stuff running a database on a SAN. Running home folders in Windows on a 100Mbit link should be fine...just a step or two slower because you're going to be capped at 1/5th the peak bandwidth. For as many spindles as you have in that linux box, it may be a wash anyway.

The technology is pretty sound and most nas devices that run on Linux all mount on windows without too many hiccups.

There are a lot of tutorial pages out there that probably explain it better than I can.
Here's what google found:
http://www.trainsignaltraining.com/how-to-setup-iscsi-drive-using-freenas
http://technet.microsoft.com/en-us/edge/Video/ff710316

 

[Ulfwald]

thanks for the input. I will be working on this tonight

 

[Tbirdkid]

Honestly, i dont like AD integration to a NAS. Too much over head in the LDAP queries in a major enterprise environment. Also, i havent had much luck with it on the Netgear Readynas i had. Although, I dont use a nas to supply a bunch of users extra space anyways. If thats what you are looking to do, and this is a business, i would go with a san over a nas. Just my 2 cents...

 

[Scarpozzi]

Honestly, i dont like AD integration to a NAS. Too much over head in the LDAP queries in a major enterprise environment. Also, i havent had much luck with it on the Netgear Readynas i had. Although, I dont use a nas to supply a bunch of users extra space anyways. If thats what you are looking to do, and this is a business, i would go with a san over a nas. Just my 2 cents...

In a major enterprise environment, it shouldn't matter that much. AD runs LDAP just fine. The only queries it has to do when integrated with a NAS device is authentication. If you have a few dedicated domain controllers, they won't break a sweat for those kinds of requests. All of the file sharing integration and disk rights are done at the NAS level and not shared in AD, so there's nothing additional that needs to be accessed via LDAP. If they can bind to LDAP, the NAS should let them get to their home directory.

The real rub with using a NAS to present a shared file system is that it creates compatibility problems between what Windows expects and what Samba actually delivers since it's not technically native. CIFS is, but Samba doesn't do things exactly the way Windows 2008 does out of the box. When using samba, there are a few hurdles such as opportunistic file locking (oplocks) and windows clients configured for offline files. There are probably guides to make this more transparent to the user. I've just not had a need to play around with it for about 6-7 years...so I've been lazy.


A SAN is typically better than NAS because of transport, management, disk capacity, but more importantly...support. (Meaning FC can hit speeds of 2Gbit/4Gbit and even 8Gbit throughput to a fibre switch and some have iSCSI that will do 10Gbit copper if you have the network infrastructure) You can get a cheap SAN with FC from EMC in the range of $50k-100k depending on how good of a negotiator you are, but they'll get you in the end with support costs, and overall ROI vs product lifecycle when its time to upgrade...and that's typically for a non-redundant system, meaning you only get one Storage Processor. Most DAEs will run you $45k or more populated. (15, 3.5" disks)

To compare the EMC Celerra NAS is a pretty close comparison to FreeNAS...only FreeNas has better management. The Celerras (also branded under Dell as a NX4) are junk. They work, but are terrible in comparison to the CX series SANs running Navisphere or Unisphere with Flare code 30 installed (I can't wait to upgrade).

For the kind of sharing he's doing and the equipment he's using iSCSI is going to be the best option. Especially because it sounds like it's for a smaller project and I doubt he has a few hundred grand to spend on storage.

 

[Ulfwald]

For the kind of sharing he's doing and the equipment he's using iSCSI is going to be the best option. Especially because it sounds like it's for a smaller project and I doubt he has a few hundred grand to spend on storage.

So true, this is just a project for school, just to see if I can make it work. So far I am having issues. But I am doing the research and working through it.

I do appreciate the help from here. This place has always been good at assisting people when they need it.

The big thing is right now the project is dead in the water, the storms a few weeks ago here in GA had some serious lightening and my equipment took a major hit. So it is back to square 1.