Small Business Server - Samba/DNS/DHCP

[Jan Dusatko]

Hi,
Can someone make me an advice about?
I would like to setup FreeNAS server for small network, migrate from FreeBSD. There are points out:
1) Use Samba4 with AD
2) Use internal Samba DNS or external BIND with DLZ
3) Use DHCP server (isc-dhcp-server)

other points about (not part of question)
- FreeNAS on mirrored device
- four 1Gbps NIC in LACP pair
- CIFS/AFP sharing only
- Jail with Bacula for backup purpose
- OpenVPN server
- Internal SSL CA

Currently I looking for best way how to implement it. Because there are no option to setup DHCP server or DNS server in services, I suspect that most easy way could be a jail with DNS/DHCP and let synchronize Samba4 internal DNS with BIND or only use the jail BIND for Samba4 DNS requests. Most of needs for this configuration included, but building system covering whole are little bit problematic. For example my experience in past, using jailed DHCP often doesn't provide DHCPOFFER fast enought and I have issues regards persuade Samba4 to use keys for DNS.

Any tips for Samba4/BIND/DHCP?

Regards
Jan

 

[dlavigne]

Why not just stick with FreeBSD?

 

[Jan Dusatko]

David,
I would like to use FreeNAS on fileservers, especially for SMBs. Mostly needed only secure&integrated DNS/DHCP + file sharing (SMB/AFP+LDAP+DNS), VPN services and backup service. Usage of FreeNAS can help me minimize my activity, because FreeNAS upgrade takes up to 10 minutes, but FreeBSD much longer. Still opened question if there are any implications caused by jailed services or not.

During my investigation I found those probably steps (any comments welcome):
1) Setup FreeNAS
2) Configure CA for SSL purpose(I not sure if there are possibility to create CA inside FreeNAS or I need to use jail)
3) Setup Active Directory (internal LDAP+DNS, planned investigate if is possible to configure internal LACP with CA configured)
4) Setup backup and VPN service/jail
5) Setup jail for DNS+DHCP
6) reconfigure Samba4 internal DNS to allow replication with DNS in jail and DNS forwarder in jail, reconfigure Samba4 internal DNS, DNS in jail and DHCP in jail to use the same keys

In past, when I try to use DHCP inside jail, mostly response are too slow or doesn't work perfectly. Currently I investigating if this is root cause by jail or LACP.

Another, because I want to "clear" possible issues, FreeNAS will be installed on mirror. Looking for geom / ZFS raid possibility.

Regards

Jan

 

[Jan Dusatko]

David,
I still interested with FreeNAS. On version 9.x I fail to setup needed environment and I switched back to FreeBSD. Currently I continue to ask support for things, which I didn't found in manual.

Needed setup:
1) Internal CA
2) DNS server supporting DNSSEC and keyed authentication from DHCP
3) DHCP server supporting keying against DNS for secure update. IPv4 required.
4) Samba with Active directory and supporting DNSSEC (mostly I use on FreeBSD the BIND DLZ, for example in cooperation with other platforms)
5) Separate jails for each service - VPN, mail, web and so on, but this is my own problem, which I can solve quite easy.

Based on documentation, I not sure about support the DNSSEC and Samba with AD bound together with DHCP. Can you please answer if this is supported?

Regards

Jan

 

[Allan Wilmath]

I think you should consider virtualization. It is working very well for me, and allows me to use the best OS for each task. Much easier than beating a round peg in a square hole. The only tricky part if you are using server grade parts is the controller card for the storage for FreeNAS. I'm using ESXi as the hypervisor and it is working great bringing up 4 VMs all autonomously.