FreeNAS 9.3.x setup

From FreeNAS using Active Directory Wiki
Jump to: navigation, search

Before we start

  • We used a virtualized setup in order to create this walkthrough, using generic domain & computer names where possible.
  • We used the private IP address range of 10.1.1.x - obviously you'll want to replace our internal IP addresses with your own
    • We used a single Active Directory domain controller, to keep things simple. We then configured the following network settings, which is reflected throughout this document:
      • Gateway: 10.1.1.1
      • DNS: 10.1.1.2
      • NTP: 10.1.1.2
      • DC (Domain Controller): 10.1.1.2
      • FreeNAS: 10.1.1.3
  • Where appropriate, we'll make a note of where additional server IP's can be entered, for redundancy

Getting started with FreeNAS

Initial connection

  • When FreeNAS 9.3 is first installed, the network adapter is set to DHCP - we will change this a few steps down. We will be configuring FreeNAS purely from the webUI, so make a note of the IP on the FreeNAS server console:

File:FreeNAS 9.3 DHCP on first boot.png

  • Use your favorite web browser to connect to that address - the first visit to the FreeNAS webUI will prompt you for a password, for the default user root

File:FreeNAS 9.3 first visit password prompt.png

Configuring networking

  • Click on Network -> Global Configuration
    • Hostname: freenas (this needs to match the DNS "A" record & computer account name you created during the Active Directory prep)
    • Domain: mauiri.xxx
    • IPv4 Default Gateway: 10.1.1.1
    • Nameserver 1: 10.1.1.2
    • Click "Save"

File:FreeNAS 9.3 network settings - global configuration.png

  • Click on Network -> Interfaces -> Add Interface
    • NIC: select the NIC being used by FreeNAS (single NIC systems only have 1 item in the dropdown list)
    • Interface Name: em0 (We named it the same as what FreeNAS names it, for consistency - you can name it whatever you like)
    • DHCP: unchecked
    • IPv4 Address: 10.1.1.3 (this needs to match the DNS "A" record you created during the Active Directory prep)
    • IPv4 Netmask: /24
    • Click "Save"
      • The new IP address takes effect immediately - repoint your browser to the new address to continue

File:FreeNAS 9.3 network settings - add interface.png

  • Click on Network -> Network Summary to verify previous settings

File:FreeNAS 9.3 network settings - network summary.png

Configuring Time Server

  • Click on System -> General -> NTP Servers
    • Remove all 3 default NTP servers
    • Click Add NTP Server
      • Address: 10.1.1.2
      • Prefer: checked (only if you have other time servers configured)
      • Leave everything else at its default setting

File:FreeNAS 9.3 Add NTP server.png

  • Now that the time server is set, you need to set your time zone
  • Click on System -> General -> Timezone
    • Timezone: (obviously select YOUR time zone)
    • Click "Save"

File:FreeNAS 9.3 System Settings Timezone.png

Creating a Storage Pool

  • Your storage pool has to be created before you configure FreeNAS to use Active Directory, however that is beyond the scope of this how-to.
  • The official FreeNAS wiki is an excellent resource on creating your storage pool.
  • We also suggest giving cyberjocks excellent PowerPoint presentation explaining what VDev zpool, ZIL and L2ARC is.
    • After your pool is created, we suggest creating a dataset specifically for CIFS sharing.
    • Again, the official FreeNAS wiki is a good source of info on how to do this
      • When creating the dataset, you have to take into consideration how this particular dataset will be used.
        • Dataset Name: jobdata
        • Compression level: Inherit (lz4)
        • Share type: Windows
        • Case Sensitivity: Insensitive
        • Enable atime: Inherit (on) (you can turn this off for a small performance boost, but doing so will potentially break some backup programs)
        • ZFS Deduplication: Inherit (off)

FreeNAS 9.3 Create a dataset for CIFS sharing.png

Setting up Active Directory & CIFS

  • Click on Directory Services -> Active Directory
    • Domain name: mauiri.xxx
    • Domain Account Name: freenasadmin
    • Domain Account Password: HorseBattery@2016 (don't actually use this, please)
    • Confirm Domain Account Password: HorseBattery@2016
    • Click Save, this may take awhile. After it's complete, move on to setting up CIFS

FreeNAS 9.3 Active Directory setup.png

  • Click on Services -> CIFS
  • Leave everything at their default settings save for the following 2 items:
    • Workgroup: MAUIRI
    • Server Maximum Protocol: SMB3_00
  • Click Services -> Control Services
    • Turn on the CIFS service if it hasn't already started

Creating your share using Windows permissions

  • Click on Sharing -> Windows (CIFS) Shares -> Add Windows (CIFS) Share
    • Path: (browse to the path of the dataset created previously)
    • Use as home share: Unchecked
    • Name: JobData (this is the name you'll see when you connect via Windows Explorer)
    • Apply Default Permissions: Checked
    • Allow Gues Access: Unchecked
    • Click "OK"

FreeNAS 9.3 Add Windows share.png

Dataset File/Folder Permissions

  • Now we need to change the default owner & group on the dataset created
  • Click on Storage -> Volumes
    • Expand your volumes until you find the dataset created for file sharing
    • Click Change Permissions
      • Apply Owner (user): Checked
      • Owner (user): MAUIRI\administrator
      • Apply Owner (group): Checked
      • Owner (group): MAUIRI\domain users
      • Apply Mode: Checked
      • Mode: (unchangeable)
      • Permission Type: Windows
      • Set permission recursively: unchecked (unless you have files owned by a FreeNAS user stored in this dataset already)
      • Click "Change"

FreeNAS 9.3 Dataset for CIFS change permission.png

Verification

This was just copied and pasted from the FreeNAS 9.2.x walkthrough - while the paths may be different, the concept never changed.

  • From a Windows client, open Windows Explorer, and type in \\freenas - if everything is set properly, you should see the CIFS share you created earlier.

Windows Explorer - freenas share Downloads.png

  • Enter into the shared directory, and as a simple test - create a folder. If you're allowed, then it worked!

Windows Explorer - freenas share test.png

  • If you go into the FreeNAS shell, you can further verify permissions are using Active Directory style permissions

FreeNAS with Active Directory permissions.png