Cool Solutions

Building an MS-DFS environment containing NSS4AD volumes and making it available through Filr

BSCHOOFS

By:

November 30, 2018 8:41 am

Reads:407

Comments:0

Score:Unrated

Print/PDF

In this ever changing and “Directory Agnostic” to shifting world, we’re sometimes asked to perform awkward tasks.

This is one of them, but mixing 2 worlds to please the majority of your users isn’t a bad thing in my book, so here goes.

When for various reasons the directory the users authenticate to shifted from eDirectory (eDir) to Active Directory (AD) they should not lose access to their data (hosted on the great NSS storage and all its benefits).

So… using “the best of both worlds” how would one go about that?

Stage one: Preparing the OES Server(s)

As we need to go in the NSS for AD world, the server needs to be 2015SP1 or up, preferably fully patched.

Then in case the OES environment is using DST make sure to enable the REPLICATE_PRIMARY_TREE_TO_SHADOW option in the NCP server configuration. (ncpcon set REPLICATE_PRIMARY_TREE_TO_SHADOW=1) and that both NSS volumes are AD enabled.

In case DFS is used, make sure to AD enable the target volumes as well and ensure the required AD rights are set.

The novell-cifs service already needs to be up and running, and usable before activating the volumes for NSS for AD, and the NSS for AD volumes should already be accessible for the AD users that are going to access this data before continuing these next steps (mainly so we know we did not break it)…

In the Novell CIFS server, set the smb signature to “optional” ( novcifs -g yes ).
(To verify it’s set use: novcifs -o)

NSS for AD on 2018: https://www.novell.com/documentation/open-enterprise-server-2018/stor_nss_ad_lx/data/b1h322dq.html

NSS for AD on 2015SP1: https://www.novell.com/documentation/oes2015/stor_nss_ad_lx/data/b1h322dq.html

Stage two: Creating the MS DFS using the NSS4AD shares

To setup the MS DFS, please keep in mind these things.

  • Using NSS4AD there is currently no capability to build a replicated DFS (DFSR).
  • It is not possible to browse to the NSS4AD share, the network path needs to be typed or copy pasted.

Setting up the DFS NameSpace.

  • Create a new DFS NameSpace, if desired or required.
  • In the DFS NameSpace, create the Folder Target, pointing to the NSS4AD volume.
  • Leave the rights to inherit, unless otherwise desired.

When the AD users can access the DFSed NSS4AD volumes, the next stage can be started, the Filr access enabling.

More info: https://docs.microsoft.com/en-us/windows-server/storage/dfs-namespaces/dfs-overview

Stage three: Creating the Filr Net Folder Server and Net Folder

The first step is… un-appliance like, so use with care. Be aware that if the appliance is ever replaced it will undo this change (for a major version upgrade or a broken appliance) and this step will need to be reapplied.

  • Access the server prompt either over ssh or using the hypervisor
  • vi /etc/krb5.conf
  • Under [libdefaults] set the default realm to the FQDN of the AD Domain
  • add these lines:
    • case_sensitive = false
    • default_ccache_name = /vastorage/filr/krb5cc_0
  • restart the famtd or the appliance

An example krb5.conf:

[libdefaults]
# default_realm = EXAMPLE.COM
default_realm = ADDOM.DIGITALAIRLINES.COM
case_sensitive = false
default_ccache_name = /vastorage/filr/krb5cc_0

When the Name Space is a Domain Name Space, but not all Domain Controllers host the Name Space, reconfigure the Filr VA’s /etc/hosts file so it can only reach these servers using the DNS name of the Domain.

After this is done, the Net Folder Server, pointing to the MS DFS NSS4AD Name Space or Target Folder can be created.

  • Log in to Filr with an administrative account
  • In the Net Folder Server section, create a new Net Folder Server
  • Set the server type to Microsoft Windows
  • Under the authentication tab, set an AD user (preferably member of the NSS4AD administrative group) as proxy user and limit the authentication level to kerberos only.

More info: https://www.novell.com/documentation/filr-3/filr-admin/data/netfolders_servers.html#new-net-folder-server-dialog

Then this Net Folder Server can be used to create a Net Folder and managed as any other.

More info: https://www.novell.com/documentation/filr-3/filr-admin/data/netfolders_create.html#new-nf-dialog

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...

Tags: , ,
Categories: Collaboration, File Services and Management, Filr, IT Operations Management, Messaging & Team Collaboration, Mobility, Open Enterprise Server, Technical

0

Disclaimer: This content is not supported by Micro Focus. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

Comment

RSS