Tag: ldap
Openfiler – Rsync over SSH setup & How-to
by swicknire on Jan.12, 2011, under linux/ubuntu
Introduction
Openfiler is a nice little NAS box, but when it comes to setup and configuration you’re pretty much left on your own. There’s no good documentation (even the paid user manual is garbage – it only describes the various checkboxes and fields). The openfiler forums are littered with people asking the same questions you are… and getting no answers.
After hours of searching and messing around, I have rsync over ssh working on openfiler! (Yes, SSH is a requirement in order to secure the data transfer – we don’t want anyone sniffing the traffic and picking up… well, anything).
rsync over SSH on openfiler
LDAP Users & Groups
I’m going to go ahead and make the assumption you’ve successfully setup LDAP and have created a few users and groups. If not, I may write another article pertaining to LDAP as I know it may not be the easiest thing to understand and setup.
On my openfiler system I’ve setup various groups and users as follows:
example: (user-name.group-name)
user.local
backup.remote
external.untrusted
For this article we’ll be focusing in the user “backup” as part of the “remote” usergroup.
File Shares & Permissions
I’ve setup a share called “BACKUPS” which is located at /mnt/volume-group/volume/BACKUPS
I’ve set the remote group as the primary group (PG) and has read/write (RW) access. And have granted the local user read only (RO) access, so that I’m able to access the share on my local network. (I don’t want to accidentally write things that could possibly screw up rsync at a later date).
Under the host access configuration (Which again I’m assuming you’ve setup “trusted” networks or the ip’s of your external servers/machines that you wish to have connect to your openfiler box). I’ve set my “Remote-servers” network to have Read/Write access to rsync. (Ignore the rsync options for now unless you have specific needs or issues later)
rsync daemon
You may have trouble enabling the rsync service/daemon from the web gui, no problem – login to the openfiler server and start it manually.
#/etc/init.d/rsync start
You may or may not get any errors, should be fairly easy to read the error output and fix as necessary. Below is what my /etc/rsyncd.conf file looks like:
port = 873
motd file = /opt/openfiler/etc/rsync.motd
[ volume-group.volume.BACKUPS ]
path = /mnt/volume-group/volume/BACKUPS
comment = rsync-comment
hosts allow = 192.168.1.1/27 192.168.2.1/29
hosts readonly allow =
auth use pam = yes
read only = no
write only = no
use chroot = no
max connections = 0
list = yes
modifying LDAP user for SSH
In order to properly use our LDAP user “backup” over SSH, we’ll first need to give him a proper home directory (as it’s currently set to /dev/null).
Searching for the user gives us some information:
ldapsearch -x uid=backup
Now in order to modify this user we’ll need to make an ldif file using your fav editor (Keep in mind you’ll need to use the options you’ve set on your openfiler LDAP – hint – accounts tab on openfiler shows the DN info):
#nano backup.ldif
dn: uid=backup,ou=People,dc=openfiler,dc=nas
changetype: modify
replace: homeDirectory
homeDirectory: /tmp
–
replace: loginShell
loginShell: /bin/bash
Enable SSH for LDAP user “backup”:
[root@backupsrv1 ~]# ldapmodify -W -x -D ‘cn=Manager,dc=openfiler,dc=nas’ < ./backup.ldifEnter LDAP Password: ************modifying entry “uid=backup,ou=People,dc=openfiler,dc=nas”
Router/Firewall setup – Port forwarding
Remote Client Configuration (files sent from here)
rsync -avz -e ssh /home backu[email protected]:/mnt/volume-group/volume/BACKUPS/myserver1