FreeNAS AFP server with OS X client

A long weekend, and finally a chance to put those twin terabyte drives to use. Since my first attempt at getting things running gave me a little trouble, I decided to wipe the box and start over. (And document the steps this time!)

hardware
Acer Aspire E500-G870 (on-board GigE, 4x SATA II ports, VGA port, and is pretty quiet)
2x Samsung SpinPoint F1 1TB SATA2 32MB 7200RPM (for data)
2GB SSD ATA drive (for FreeNAS)

step 1 - install FreeNAS
Download and burn the LiveCD. I used version 0.69b4 i386. Since FN is an evolving project, the steps required for newer (or older) builds may differ.
Boot the PC from this and do a 'full' install.

step 2 - set up the core bits of FreeNAS
Reboot into FN.
Set up network connections at the command line and then go to the web UI on the OS X client.
Set up your System-General and System-Advanced as desired. (This is pretty straightforward - documentation is available here.)
(As I'm using gigabit ethernet, I set the MTU to 9000 to enable jumbo frames. This needs to be set on the client side too - see the notes at the end.)

step 3 - add disks
I decided to add just the first 1TB drive for testing, calling it primary, and mounting it at /mnt/pri.
Disks-Management: add the drive here (again, see the FN SUG for help).
Disks-Format: format the drive primary as UFS.
Disks-Mount Point: create a new Mount Point for primary at /mnt/pri.
(I enabled the option to run fsck at boot time.)

step 4 - add users
As I want access from my OS X user account, I need to mirror that account on FN.
Access-Users and Groups: add your OS X username/password here - for reference, I'll use sig.
Set UID to 501 and group to staff. (You can find your own values by entering 'id' at the command line on OS X.)
Tick the box to allow shell access.

step 4b - reboot FN
I found that some settings did not propagate immediately and got errors about sig being an invalid argument in later steps. Rebooting the FN server solves this (and is necessary to apply some changes from step 2 anyway).

step 5 - back to the command line
A little tinkering is required before we set up our AFP shares. Either go back to the FN server, or SSH into it. (Note that it is not recommended to share the top level of the drive through AFP, so each share should be a separate directory. This suits me as I plan to use rsync to back up, but that's for another post.)
Go to the mount point for the drive

cd /mnt/pri

Create a directory for the share and set the owner to the user set up earlier. (Apparently it is a bad idea to have the directory owned by root when using AFP if you value your data integrity.)

mkdir manga
chown -R sig manga

(Technically, the -R is only needed if there is something in the directory, so it can be omitted if you actually created the folder and didn't copy it from elsewhere.)
(If you want multiple OS X users to access the same share, you could probably have added a group in step 4 with all the users in it, and then set that as the owner here instead.)

step 6a - setting up AFP service
Go back to the web UI and enable AFP under Services-AFP-Settings.
Set a name. (I used the name of freenas box plus afp: kujira-afp.)
Tick the boxes for Enable local user authentication and Disable AFP-over-Appletalk.
Save and restart the service.

step 6b - setting up AFP shares
Go to Services-AFP Shares and create a new share with the required path e.g. /mnt/pri/manga/
Ignore the password field and enter your OS X username in the Allow and Read/Write Access fields.
Tick the 'upriv' check-box and save.

step 7 - access the share
In the Finder, open a new window. The FN server should be visible in the SHARED section on the left. More importantly, selecting it should auto-authenticate you and selecting your share should auto-mount it.
(I'm using OS X 10.5 - versions before Leopard will be slightly different, but if you've made it this far, you'll probably manage. Next time I have a guest or relative with 10.4, I'll make a note of how that works.)


notes

I mentioned setting the MTU to 9000 to allow jumbo frames. This allows larger chunks of data to pass over the network, meaning that large files need to be split into fewer pieces. To change the MTU on OS X, open System Preferences-Network, select your ethernet connection and click Advanced. Select the Ethernet tab and set the Configure drop-down to Manually. The only setting you should need to alter from default is the MTU, which should be set to Jumbo (9000).
(I seem to recall that IPv6 has an even bigger packet available, but would like to test the system in a state that I'm pretty sure should work before trying to break it all.)

In step 4, if you use the admin group instead of staff, then the user will have access to every mount point on the FN server, even if they are not configured as AFP shares! (Essentially allowing step 6b to be skipped.) I thought this might be a good idea at first, but it seems to be unsafe, and the documentation does recommend to NOT share the root level of FN drives over AFP. As I experienced problems when I tried that first time round, I avoided it on my second build and used the longer method outlined above.


to do

Install the second terabyte drive and schedule rsync to backup important shares to it from the first drive. (RAID != backup.)

Test everything for a few weeks. (Don't put data that doesn't exist elsewhere onto a test rig like this!)