Join Nas4free to ClearOS Domain
NAS4Free is an open source file NAS server which can be used to supply volume space for your network. It contains its own directory or can join an Active Directory Domain. An 'unadvertised' feature is that it can also join a ClearOS domain. This guide will help you join your NAS4Free server to your ClearOS domain.
Prerequisites
Validate that your Directory services are set up on ClearOS. You can use the OpenLDAP server of ClearOS or you can use the beta Samba 4 Directory. The instructions given here are for OpenLDAP as that is the more difficult to configure. If you use the OpenLDAP version, you will need to manually override many aspects of the NAS4Free web interface by modifying command line files including the smb.conf file.
It is best if you set your NAS4Free to use your ClearOS server for its DNS and WINS settings.
Joining the Domain Configuration
To begin, be sure to check the 'enable' checkbox at the top of the screen. In your NAS4Free interface, access the Active Directory applet by selecting
Next, enter the information for your ClearOS server:
- Domain controller name
- This should be the short name for your ClearOS server. You should be able to ping it from the shell of your NAS4Free box. You can also issue the following command from
Advanced » Command (where server1 is the name of your server):
ping -c4 server1
- Domain name (DNS/Realm-Name)
- This name is critical if using Samba 4 Directory, but it should merely approximate the name as it should be.
- Domain name (NetBIOS-Name)
- This should be the domain name specified in your ClearOS' Windows Networking section.
- Administrator name
- Typically 'winadmin' on ClearOS.
- Administration password
- This is the password of your 'winadmin' account.
Click 'Save'.
Validating Join
You can validate that your NAS4Free has properly joined by doing the following:
- Make sure that a computer account has been created in your domain.
- Validate that your ClearOS users are visable to NAS4Free.
- Validate that your ClearOS groups are visible to NAS4Free.
On your ClearOS server, run the following and look for the Computer entry for your NAS4Free box. You can distinguish between user accounts and computer accounts in your domain because computer accounts have the “$” symbol at the end. An example of a computer account for your NAS4Free might look like this:
dn: cn=NAS4FREE$,ou=Computers,ou=Accounts,dc=example,dc=com objectClass: top objectClass: account objectClass: posixAccount objectClass: sambaSamAccount cn: NAS4FREE$ uid: NAS4FREE$ description: Computer NAS4FREE uidNumber: 1009 gidNumber: 1000515 homeDirectory: /dev/null loginShell: /sbin/nologin sambaSID: S-1-5-21-123456789-123456789-1234567890-1009 sambaAcctFlags: [W ] structuralObjectClass: account entryUUID: ebeb3444-add4-1032-96a3-71cd48e4a0cb creatorsName: cn=manager,ou=Internal,dc=example,dc=com createTimestamp: 20130909195111Z entryCSN: 20130909195111.326480Z#000000#000#000000 modifiersName: cn=manager,ou=Internal,dc=example,dc=com modifyTimestamp: 20130909195111Z
On OpenLDAP you will need to change the security model in the smb.conf file from 'ads' to 'domain'. You will need to manually rejoin the domain.
net rpc join -Uwinadmin
Validate that trust exists between the NAS4Free and the ClearOS server:
wbinfo -t
Next, see if you can see the users and groups from your ClearOS server on the NAS4Free. Using shell access or
getent passwd
This will show you the valid users.
getent group
This will show you the valid groups.