1

I am in the middle of trying to resolve a problem with Openfiler when it is linked to Active Directory.

I have a Server running Openfiler 2.3 x64 and another Server running Windows Small Business Server 2003. I have integrated Openfiler with Active Directory so that the shares are only accessible to users from Active Directory.

I have discovered a problem where if the Active Directory Server is unavailable for any reason, I cannot login to Openfiler in any way - this includes via SSH, directly into the console, via the Web portal, or access any of the shares. If I reconnect the link to Active Directory, everything works again straight away.

Is there a way of caching the Active Directory credentials in Openfiler somehow, so that if the domain controller is unavailable, users can still access the shares, and I can at least still login to Openfiler?

Cheers,
Matt

fistameeny
  • 317
  • 1
  • 8
  • 18

1 Answers1

3

I don't have a direct answer for you, but how often is your SBS down? If this is a frequent occurrence, you should: 1. Remediate the reason for the frequent downtime 2. Install a second DC. I understand that SBS will allow additional DCs in the domain, they just can't hold any of the FSMO roles. In small offices, I've often seen the second DC installed on desktop-level hardware for cost savings.

mfinni
  • 35,711
  • 3
  • 50
  • 86
  • Thanks for the reply. The complexity here is that the Openfiler SAN will also host the SBS 2003 as a virtual machine in the coming weeks (linked via NFS to VMWare ESXi). Therefore, if the SAN is restarted, Openfiler and SBS 2003 would be affected – fistameeny Feb 11 '10 at 16:29
  • 1
    OK - that's a terrible idea. Making the storage entirely dependent on the VMs that it hosts is not good, in general. Adding a physical DC as I described should mitigate that risk. – mfinni Feb 11 '10 at 16:32
  • If you're running iSCSI LUNs from the OpenFiler I would recommend you switch back to local authentication. If you need a file share host, setup an additional file server as a VM within your ESXi environment (and enable AD auth on that one only). The only benefit you'll get from running fileshares on the physical openfiler is file caching for fileIO operations, but that's a minimal benefit unless your shares are *really* busy. – Chris Thorpe Oct 07 '10 at 09:31