Issues while connecting freenas

UCS - Univention Corporate Server
#1

I haven’t really tried your setup with the LDAP binding, but some things should work nevertheless.

  1. Create a NFS-Share on your freenas server, that you want to be accessed through UCS. I’ve changed the permissions in freenas (dataset and share!) to the Univention user mounting the drives/shares.
  2. Create a share on Univention master:
  • domain -> shares.
  • As you created freenas as a member server, you can select it from the dropdown menu.
  • The path is the full /mnt/… path in freenas.
  • Select user and group the same as on freenas
  1. On Univention master:
  • Select the Univention device -> computer, where you want to mount the share.
  • Go to the policy tab -> NFS-shares, create a policy. You can of course and perhaps for better create the policy before this… (domain -> policies) Select the share from dropdown, enter the path where you want to mount the share.
  1. perhaps a reboot is needed, but I’m not sure.
    But what about smb-shares???
    The step 2 from above, domain -> shares - you can chose if you want to enable the share as samba/nfs. The above guide is working with nfs. (I use a setup like this for mounting bareos-storage to Univention)
    If you want to use the freenas-share for the user-accounts over smb, then you want to enable both, samba and nfs and perhaps adjust the permissions.
    I don’t know, if you can connect directly to freenas smb-shares from a joined windows computer with the LDAP setup. It’s possible with the AD binding in freenas. If you can, then you don’t have to mount the share locally to use it in the user accounts and point to freenas there.
#2

Tried this today. Created a AD Member server and installed the certificate. The bind was also successful. But the freenas shares are are not accessible in univention. As you said, I couldnt understand how I can export the share to Univention. Please let me know the steps to complete this. Thanking…

#3

I want to authenticate the freenas 9.10.1-U2 server by using the UCS domain server for LDAP authentication.
Is there any how to’s for configuring this. Freenas is working perfectlly without the ldap authentication.
the doc says that
the LDAP server must support SSL/TLS and the certificate for the LDAP server needs to be imported.Is it mandatory for Ldap authentication.
How can I activate this feature.
Thanks in advance

#4

I use the active directory binding in freenas but I’ve managed to connect to ldap as ad failed…
What I did:

  • Create a computer account as member server in UCS (so I can export the freenas shares to UCS systems)
  • Import the UCS CA from #cat /etc/univention/ssl/ucsCA/CAcert.pem in freenas-gui (system -> CAs)
  • In freenas-gui -> LDAP
  1. your-ldap-master.ucs-domain.local:7389
  2. Base-DN: dc=ucs-domain,dc=local
  3. Bind-DN: uid=Administrator,cn=users,dc=ucs-domain,dc=local
  4. the suffixes: cn=users … cn=groups … cn=computers
  5. TLS
  6. Chose the UCS-CAcert you imported from the drop-down
  7. The nebios name: YOUR-LDAP-MASTER
    Bind pw is the admin pw.
    (I also created the kerberos Realm, but I think that this is only relevant with the AD binding)
    Best, Bernd
#5

Thank you for your speedy support. I will try this and will update after testing.

#6

Tried this today.
Created a AD Member server and installed the certificate. The bind was also successful.
But the freenas shares are are not accessible in univention. As you said, I couldnt understand how I can export the share to Univention. Please let me know the steps to complete this.
Thanking you in advance.

#7

I’ve still the same issue, did somebody already solve this?

#8

Hi @goudduif,

what exactly???

  • can you “see” the UCS -users and -groups in freenas? They should be listed in the form NETBIOS-NAME\user. You have to assign them twice in freenas: storage AND shares.
  • if that is so: when you create a share in UCS match the freenas-settings for user and group.

just guessing at this point what the problem could be…

(I use the AD-service for the connection - it is an old thread transfered from an old forum with a post I perhaps didn’t even write :wink: - just meaning, care to open a new thread perhaps…)

Best, Bernd

#9

Hi Bernd thanks for your replay, I’ll review this as soon I solve the Samba issue I expected after the latest update last Saturday

Mastodon