This document shows and describes each screen and configurable option contained within the TrueNAS web interface.
The document is arranged in a parallel manner to the TrueNAS web interface, beginning with the top panel and then descending through each option displayed in the web interface left side menu.
To display this document in a linear HTML format, export it to PDF, or physically print it, please select ⎙ Download or Print.
Table of Contents
⎙ Download or Print: View all CORE UI Reference content as a single page for download or print.
Top Menu: Reference documentation for the options panel that is at the top of the TrueNAS UI.
Task Manager: Use the Task Manager screen to display a list of tasks performed by your TrueNAS.
Alert Notifications: The Alert Notifications panel displays system alerts and provides options to dismiss or reopen dismissed alerts on your TrueNAS.
Interface Preferences: Use the Interface Preferences screen to display a list of general preferences for your TrueNAS.
Reporting: Contains information about the graphs displayed on the Reporting screen in TrueNAS CORE.
Shell: Describes the web interface for the web shell on TrueNAS CORE.
1 - Top Menu
Reference documentation for the options panel that is at the top of the TrueNAS UI.
Across the top row are links to outside resources and buttons to control the system.
The options described from left to right:
Logos and Side Panel Controls
The logo in the upper-left corner shows the installed TrueNAS software.
Clicking the image takes you to the system Dashboard.
The next two buttons control how the side menu displays.
Click the (menu icon) to hide or show the entire left side panel.
Click the (chevron left icon) to collapse the left side panel to shortcut icons or expand to show icons and text.
Click the iXsystems logo to open the iXsystems corporate website in a new browser tab.
Status Icons
The remaining icons in the top menu show various statuses. They also provide system options.
The icon next to the iXsystems logo shows TrueCommand Cloud connection options.
Clicking the icon shows options for signing up for TrueCommand Cloud. It also displays options for connecting/disconnecting from TrueCommand Cloud.
When the system is not connected to TrueCommand Cloud the options are not available. The icon appears but is gray in color.
TrueNAS Enterprise compatible hardware has a (cloud with HA text) icon that shows the current status of High Availability (HA) on the system.
A checkmark () cloud icon indicates HA is functional.
An on top of the cloud icon indicates HA disabled or otherwise unavailable.
Task Manager
The (clipboard icon) is the system Task Manager.
Click the icon to show a list of running or completed TrueNAS tasks.
Tasks are sortable by their success or error State, task Method, and Progress.
Typing text in the Filter field shows tasks that match the characters typed into the field.
Clicking an entry shows more details about that task. This includes start and end timestamps.
Alerts
The (bell icon) contains system notification messages.
The icon changes to when TrueNAS creates a new alert.
Clicking the icon slides out a panel from the right side of the screen that lists each alert.
Dismiss or reopen alerts in this panel.
Dismissing an alert does not prevent it from recurring. TrueNAS might create a new alert if the alert conditions continue to exist on the system.
Configure the alert system in System > Alert Settings.
Settings
The (gear icon) contains links to various system specific options.
Change Password is a shortcut for changing the administrator (root) account password.
Password required to log in to the TrueNAS web interface.
Please back up or otherwise memorize the updated password when changing it.
Preferences contains theme and other visual options for the web interface:
Name
Description
Choose Theme
Select a preferred theme from the dropdown list. There are several built-in themes designed for light and dark modes. High contrast viewing options of the web interface are also listed.
Prefer buttons with icons only
Select to preserve screen space using icons and tooltips instead of text labels.
Enable Password Toggle
Select to display an eye icon next to password fields. Clicking the icon reveals the password.
Reset Table Columns to Default
Select to reset all tables to display system default table columns.
Retro Logo
Select to revert branding back to FreeNAS.
Reset All Preferences to Default
Select to reset all user preferences to their default values. Preserves custom themes.
Update Preferences
Click to save changes to the General Preferences.
Create and manage custom themes on this screen.
Power
The (power icon) has the options for changing the system state.
Log Out exits the web interface and shows the login screen.
The system remains powered on.
Restart initiates a power cycle.
The web interface closes. Discontinues power to the system which is then re-enabled.
The login screen appears when the boot cycle completes.
Shut Down exits the web interface. The process to safely discontinue power to the system begins.
The system remains offline until the power situation corrects.
Additional Top Menu Articles
Alert Notifications: The Alert Notifications panel displays system alerts and provides options to dismiss or reopen dismissed alerts on your TrueNAS.
Interface Preferences: Use the Interface Preferences screen to display a list of general preferences for your TrueNAS.
Task Manager: Use the Task Manager screen to display a list of tasks performed by your TrueNAS.
1.1 - Task Manager
Use the Task Manager screen to display a list of tasks performed by your TrueNAS.
The Task Manager displays a list of tasks performed by the TrueNAS system. It starts with the most recent. Click the assignment to open the Task Manager.
Name
Description
Filter
Search function to locate or filter the list for a particular running task.
View Logs
Tasks with log file output have a View Logs button to show the log files.
State
Column header for tasks that shows the current condition of the task. Indicates whether the task completed or is still in progress. Click State to sort by this column.
Method
Column header for tasks that indicates both the name of the task and the method used. Click Method to sort by this column.
Progress
Column header for tasks that indicates the progress of the the task. Measured by percentage from start to completion. Click Progress to sort by this column.
CLOSE
Closes the Task Manager dialog. Click anywhere off the dialog or use the Esc to close this dialog.
Use the Interface Preferences screen to display a list of general preferences for your TrueNAS.
There are a few adjustable interface preferences. Also included is a built-in theme editor for creating your own TrueNAS color schemes.
To access user preferences, click settings> Preferences.
This page has options to adjust global settings in the web interface. There are also options to manage custom themes and create new themes.
General Preferences
Name
Description
Choose Theme
Select a preferred theme from the dropdown list. Prebuilt and custom themes are visible here.
Prefer buttons with icons only
Select checkbox to preserve screen space. Displays icons and tooltips instead of text labels.
Enable Password Toggle
Select checkbox to make an eye icon appear next to password fields. Click the icon to reveal the password.
Reset Table Columns to Default
Select checkbox to reset the display of all table columns as system default.
Retro Logo
Select checkbox to revert branding back to FreeNAS.
Reset All Preferences to Default
Select checkbox to reset all user preferences to their default values. Does not reset custom themes.
UPDATE PREFERENCES
Cick button to apply the current checkbox settings to the web interface.
Manage Custom Themes
Name
Description
theme name (variable)
Use checkbox to select a custom theme if listed.
DELETE SELECTED
Click button to remove each selected custom theme from the system.
CREATE NEW THEME
Click button to open the theme editor.
Custom Theme Editor
Create Theme
Name
Description
Load colors from existing theme
Select the theme option from the dropdown list. Imports settings into the Create Theme and Preview tabs.
GENERAL
Click to display the GENERAL tab with the primary options for a new theme.
COLORS
Click to display the COLORS tab with color options for a new theme.
PREVIEW
Click to display the PREVIEW tab. The PREVIEW updates to reflect current selections.
GENERAL
Name
Description
Custom Theme Name
Enter a name to identify the new theme.
Menu Label
Enter a short name to use in the TrueNAS web interface menus.
Description
Enter a short description of the new theme.
Choose Primary
Select a generic color from the dropdown list to use as the primary theme color. Or import a specific color setting.
Choose Accent
Select a generic color from the dropdown list to use as the accent color for the theme. Or import a specific color setting.
Choose Topbar
Select a color from the dropdown list to use as the color for the top menu bar in the web interface.
SUBMIT
Click to save the current selections and create the new theme.
CANCEL
Click to return to the Preferences screen without creating a new theme.
COLORS
Name
Description
Background 1
Either click on the color swatch or enter a hex value. This value applies to the bg1 option in the GENERAL tab.
Background 2
Either click on the color swatch or enter a hex value. This value applies to the bg2 option in the GENERAL tab.
Foreground 1
Either click on the color swatch or enter a hex value. This value applies to the fg1 option in the GENERAL tab.
Foreground 2
Either click on the color swatch or enter a hex value. This value applies to the fg2 option in the GENERAL tab.
Alt Background 1
Either click on the color swatch or enter a hex value. This value applies to the alt-bg1 option in the GENERAL tab.
Alt Background 2
Either click on the color swatch or enter a hex value. This value applies to the alt-bg2 option in the GENERAL tab.
Alt Foreground 1
Either click on the color swatch or enter a hex value. This value applies to the alt-fg1 option in the GENERAL tab.
Alt Foreground 2
Either click on the color swatch or enter a hex value. This value applies to the alt-fg2 option in the GENERAL tab.
Yellow
Either click on the color swatch or enter a hex value. This value applies to the yellow option in the GENERAL tab.
Orange
Either click on the color swatch or enter a hex value. This value applies to the orange option in the GENERAL tab.
Red
Either click on the color swatch or enter a hex value. This value applies to the red option in the GENERAL tab.
Magenta
Either click on the color swatch or enter a hex value. This value applies to the magenta option in the GENERAL tab.
Violet
Either click on the color swatch or enter a hex value. This value applies to the violet option in the GENERAL tab.
Blue
Either click on the color swatch or enter a hex value. This value applies to the blue option in the GENERAL tab.
Cyan
Either click on the color swatch or enter a hex value. This value applies to the cyan option in the GENERAL tab.
Green
Either click on the color swatch or enter a hex value. This value applies to the green option in the GENERAL tab.
SUBMIT
Click the button to save the current selections and create the new theme.
CANCEL
Click the button to return to the Preferences screen without creating a new theme.
PREVIEW
Name
Description
Global Preview
Color selections display in the PREVIEW. Click the toggle to turn the display of the PREVIEW widget on or off.
Preview
Name
Description
Buttons
This tab shows examples of web interface buttons. The buttons display with the current theme settings applied.
Forms
This tab shows examples of web interface form options. The options display with the current theme settings applied.
The web interface dashboard provides system details and shortcuts to various configuration screens.
Dashboard Cards
Card
Description
System Information
Shows simple system-level information about TrueNAS, including hardware name (with compatible systems), TrueNAS version, system hostname, and system uptime. Includes a button to update the installed version of TrueNAS.
CPU
Shows current CPU utilization and heat (with compatible hardware). Includes a shortcut icon to the in-depth CPU reporting screen.
Memory
Shows total memory available to the system and the current breakdown of memory usage. Includes a shortcut icon to the in-depth memory utilization screen.
Pool
Shows details about a configured storage pool. One card is created for each storage pool on the system. Includes shortcut icons to the pool configuration and statistics screens.
Interface
Shows details about system network interfaces, including current status and configuration details. Includes shortcut icons to the interface configuration and statistics screens.
TrueNAS Help
Contains links to verious documentation and assistance portals.
3 - Accounts
CORE UI User and Group screens documentation.
This section has articles documenting the TrueNAS local User and Group screens.
Groups: Describes the fields on the Groups screen in TrueNAS CORE.
Users: Describes the fields on the Users screens in TrueNAS CORE.
Reference documentation for the screens within the System menu option.
The TrueNAS CORE web interface System section has numerous features related to configuring the system and integrating it with specific environments or external accounts.
Content
General: Describes the fields for the general system settings for TrueNAS CORE.
NTP Servers: Describes the fields for the NTP Server Settings screen on TrueNAS CORE.
Boot: Provides information about the Boot screen for the TrueNAS CORE.
Advanced: Describes the System > Advanced screen on TrueNAS CORE.
View Enclosure: Provides information about the View Enclosure screen on TrueNAS CORE.
Email: Describes the Email screen on TrueNAS CORE.
System Dataset: Describes the System Dataset screen on TrueNAS CORE.
Reporting: Contains information about the Reporting screen on TrueNAS CORE.
Alert Services: Describes the fields on the Alert Services screen on TrueNAS CORE.
Alert Settings: Describes the Alert Settings screen on TrueNAS CORE.
Cloud Credentials: Describes the fields in the Cloud Credentials screen in TrueNAS CORE.
SSH Connections: Describes the SSH screen fields on TrueNAS CORE.
SSH Keypairs: Describes the SSH Keypair screen on TrueNAS CORE.
Tunables: Describes the Tunable screen fields on TrueNAS CORE.
Update: Describes the fields in the Update screen in TrueNAS CORE.
CAs: Describes the Certificate Authorities screen settings and functions.
Certificates: Explains the fields located on the Certificates screen in TrueNAS CORE.
ACME DNS: Describes the fields in the Add ACME DNS Authenticators screen on TrueNAS CORE.
KMIP: Describes the fields in the KMIP Key Status screen on TrueNAS CORE Enterprise.
Failover (HA): Describes the fields in the Failover Configuration screen on TrueNAS CORE.
Support: Describes the Support screen on TrueNAS CORE.
Describes the fields for the general system settings for TrueNAS CORE.
GUI
Name
Description
GUI SSL Certificate
The system uses a self-signed certificate to enable encrypted web interface connections. To change the default certificate, select a different certificate that was created or imported in the Certificates menu.
Web Interface IPv4 Address
Choose a recent IP address to limit the usage when accessing the administrative GUI. The built-in HTTP server binds to the wildcard address of 0.0.0.0 (any address) and issues an alert if the specified address becomes unavailable.
Web Interface IPv6 Address
Choose a recent IPv6 address to limit the usage when accessing the administrative GUI. The built-in HTTP server binds to the wildcard address of 0.0.0.0 (any address) and issues an alert if the specified address becomes unavailable.
Web Interface HTTP Port
Allow configuring a non-standard port to access the GUI over HTTP. Changing this setting might require changing a Firefox configuration setting.
Web Interface HTTPS Port
Allow configuring a non-standard port to access the GUI over HTTPS.
HTTPS Protocols
Cryptographic protocols for securing client/server connections. Select which Transport Layer Security (TLS) versions TrueNAS can use for connection security.
Web Interface HTTP -> HTTPS Redirect
Redirect HTTP connections to HTTPS. A GUI SSL Certificate is required for HTTPS. Activating this also sets the HTTP Strict Transport Security (HSTS) maximum age to 31536000 seconds (one year). This means that after a browser connects to the web interface for the first time, the browser continues to use HTTPS and renews this setting every year.
Localization
Name
Description
Language
Select a language from the drop-down menu.
Date Format
Choose a date format.
Console Keyboard Map
Select a keyboard layout.
Timezone
Select a time zone.
Time Format
Choose a time format.
Other Options
Name
Description
Crash reporting
Send failed HTTP request data which can include client and server IP addresses, failed method call tracebacks, and middleware log file contents to iXsystems.
Usage collection
Enable sending anonymous usage statistics to iXsystems.
SAVE CONFIG: Saves a backup copy of the current configuration database in the format hostname-version-architecture.
UPLOAD CONFIG: Browse to a previously saved configuration file to restore that configuration.
RESET CONFIG: Reset the configuration database to the default base version.
Describes the fields for the NTP Server Settings screen on TrueNAS CORE.
NTP Server Settings
Name
Description
Address
Enter the hostname or IP address of the NTP server.
Burst
Recommended when Max. Poll is greater than 10. Only use on personal NTP servers or those under direct control. Do not enable when using public NTP servers.
IBurst
Speeds up the initial synchronization (seconds instead of minutes).
Prefer
Should only be used for highly accurate NTP servers such as those with time monitoring hardware.
Min Poll
The minimum polling interval, in seconds, as a power of 2. For example, 6 means 2^6, or 64 seconds. The default is 6, minimum value is 4.
Max Poll
The maximum polling interval, in seconds, as a power of 2. For example, 10 means 2^10, or 1,024 seconds. The default is 10, maximum value is 17.
Force
Forces the addition of the NTP server, even if it is currently unreachable.
Describes the System > Advanced screen on TrueNAS CORE.
System > Advanced contains advanced options for configuring system settings.
These options have reasonable defaults in place.
Make sure you are comfortable with ZFS, FreeBSD, and system configuration backup and restoration before making any changes.
Console
Name
Description
Show Text Console without Password Prompt
Unset to add a login prompt to the system before the console menu is shown.
Enable Serial Console
Do not set this if the Serial Port is disabled. Serial Port and Serial Speed options are visible when this is set.
Serial Port
When Enable Serial Console is set, the available serial port hex addresses are 0x2F8 or 0x3f8.
Serial Speeds
When Enable Serial Console is set, the available serial speeds that can be used by the serial port are 9600 bps, 19200 bps, 38400 bps, 57600 bps, or 115200bps.
MOTD Banner
The message to show when a user logs in with SSH.
Storage
Name
Description
Swap Size in GiB (CORE only)
By default, all data disks are created with the amount of swap specified. Changing the value does not affect the amount of swap on existing disks, only disks added after the change. Does not affect log or cache devices as they are created without swap. Setting to 0 disables swap creation completely. STRONGLY DISCOURAGED
LOG (Write Cache) Overprovision Size in GiB
Overprovisioning a ZFS Log SSD can increase its performance and lifespan by distributing writes and erases across more drive flash blocks. Defining a number of GiB here overprovisions ZFS Log disks during pool creation or extension. Examples: 50 GiB, 10g, 5GB
GUI
Name
Description
Show Console Messages
Display console messages in real time at the bottom of the browser.
Show Advanced Fields by Default
Set to always show advanced fields, when available.
Kernel
Name
Description
Enable Autotune
Activates a tuning script which attempts to optimize the system depending on the installed hardware. Warning: Autotuning is only used as a temporary measure and is not a permanent fix for system hardware issues.
Enable Debug Kernel
Set to boot a debug kernel after the next system reboot.
Self-Encrypting Drive
Name
Description
ATA Security User
User passed to camcontrol security -u to unlock SEDs
SED Password
Global password to unlock SEDs.
Syslog
Name
Description
Use FQDN for Logging
Set to include the Fully-Qualified Domain Name (FQDN) in logs to precisely identify systems with similar hostnames.
Syslog Level
When Syslog Server is defined, only logs matching this level are sent.
Syslog Server
Remote syslog server DNS hostname or IP address. Nonstandard port numbers can be used by adding a colon and the port number to the hostname, like mysyslogserver:1928. Log entries are written to local logs and sent to the remote syslog server.
Syslog Transport
Transport Protocol for the remote system log server connection. Choosing Transport Layer Security (TLS) also requires selecting a preconfigured system Certificate.
Replication
Name
Description
Replication Tasks Limit
Limit the maximum number of replication tasks that can be executed simultaneously.
SAVE DEBUG generates text files that contain diagnostic information.
Provides information about the View Enclosure screen on TrueNAS CORE.
TrueNAS Enterprise
The View Enclosure screen only displays on TrueNAS CORE Enterprise systems with compatible hardware.
The UI options to select System > View Enclosure is not present on incompatible non-Enterprise systems.
The System Information widget on the main Dashboard displays an image of the specific TrueNAS system. Hover the mouse over the image to see the View Enclosure label.
Click anywhere on the system image to open the View Enclosure screen.
View Enclosure Screen
The View Enclosure screen displays an image of the TrueNAS platform.
Additional information about storage pools, drives, and other hardware components is available through clickable elements and buttons.
Enclosure Elements
The top of the View Enclosure screen displays options to view information about the system or expansion shelf.
The options vary by TrueNAS platform, whether or not the system has expansion shelves, and if you have an expansion shelf image selected instead of the TrueNAS system.
All TrueNAS systems include the Disks option. TrueNAS systems with expansion shelves include the Temperature, Power Supply, and Voltage options.
Expansion shelves include the Disks, Cooling, Services, Power Supply, SAS Expander, Temperature Sensors, and Voltage Sensor options.
Each option displays a table with readings from the system’s internal components taken over time.
System Image Screens
System images display the front view of the server by default.
If the system model includes a rear view, REAR changes the image to the back of the system. FRONT switches to the front view of the system chassis.
EDIT LABEL displays for system models other than the Mini.
EDIT LABEL opens the Change Enclosure Label window. Type a name or description for the system and click SAVE to apply the label. Reset to default restores the default name for the system.
System image screens include three options to change the information on the screen:
SHOW POOLS that highlights disks in pools on the system image.
SHOW STATUS that shows healthy disks in the system and a status indicator color legend.
SHOW EXPANDER STATUS that shows the status of SAS expanders in the system or expansion shelf (only systems with an expansion shelf).
Disk Image Screens
Click on a drive image to display a screen with information for that drive. Disk drive information includes the system pool, status, hardware details, and stats.
IDENTIFY DRIVE on disk detail screens turns on the LED indicator on a physical drive bay in the system server.
IDENTIFY DRIVE helps to identify the physical drive bay corresponding to the CORE identification number for that drive.
Select the drive on the image and then click IDENTIFY DRIVE. Go to the location of the system server to locate the drive bay with the LED indication turned on, then check the drive location on the View Enclosure screen.
TrueNAS Mini and R30 systems do not include the IDENTIFY DRIVE function.
Mini Enclosure Screen Example
TrueNAS Mini systems only display the front view of the system hardware.
Pool information displays at the top of the screen. The drive bay number and disk label display to the left of the image, and the status is to the right. A disk image screen shows details for the drive you click on.
The Disks Overview section displays the system drive hardware and capacity.
The Drive Temperatures section displays current readings for each drive in the system.
The right side of the screen includes smaller images of both the system and expansion shelves connected to it. The selected system has a blue vertical line next to it.
The system and expansion shelf image screens include three options to change the information shown on the screen:
SHOW POOLS that highlights disks in pools on the system image.
SHOW STATUS that shows healthy disks in the system and a status indicator color legend.
SHOW EXPANDER STATUS that shows the status of SAS expanders in the system or expansion shelf (only systems with an expansion shelf).
Click on a drive image in the system or an expansion shelf image to display a drive information screen for that drive. Disk drive information includes the system pool, disk status, hardware details, and stats.
The expansion shelf image varies based on the type of expansion shelf installed, but the disk information displayed is the same as for disks in other system disks.
Describes the System Dataset screen on TrueNAS CORE.
The system dataset stores debugging core files, encryption keys for encrypted pools, and Samba4 metadata such as the user and group cache and share level permissions.
Name
Description
System Dataset Pool
Select the pool to contain the system dataset.
Syslog
Store system logs on the system dataset. Unset to store system logs in /var/ on the operating system device.
Contains information about the Reporting screen on TrueNAS CORE.
TrueNAS has a built in reporting engine that displays helpful graphs and information about the system processes.
TrueNAS uses Graphite for metric gathering and visualizations.
Configure system reporting on the System > Reporting screen.
General Options
Name
Description
Report CPU usage in Percent
Reports CPU usage in percent instead of units of kernel time.
Graphite Separate Instances
Sends the plugin instance and type instance to Graphite as separate path components: host.cpu.0.cpu.idle. Disabling sends the plugin and plugin instance as one path component and type and type instance as another: host.cpu-0.cpu-idle.
Maximum time (in months) TrueNAS stores a graph. Allowed values are 1-60. Changing this value causes the Confirm RRD Destroy dialog to display. Changes do not take effect until TrueNAS destroys the existing reporting database.
Number of Graph Points
The number of points for each hourly, daily, weekly, monthly, or yearly graph. Allowed values are 1-4096. Changing this value displays the Confirm RRD Destroy dialog. Changes do not take effect until TrueNAS destroys the existing reporting database.
Reset to Defaults
Resets all entered values and settings back to defaults.
Report history is cleared after changing and saving CPU reporting, graph age, or graph points.
For information on the Reporting screen graphs see System Reporting.
Reporting data is saved and preserved across system upgrades and reboots.
This allows viewing usage trends over time.
This data is frequently written and should not be stored on the boot pool or operating system device.
Reporting data is saved in /var/db/collectd/rrd/.
Enter or paste the API key. Find the API key by signing into the OpsGenie web interface and going to Integrations/Configured Integrations. Click the desired integration, Settings, and read the API Key field.
API URL
Leave empty for default OpsGenie API.
Name
Description
Service Key
Enter or paste the “integration/service” key for this system to access the PagerDuty API.
Hostname or IP address of the system to receive SNMP trap notifications.
Port
UDP port number on the system receiving SNMP trap notifications. The default is 162.
SNMPv3 Security Model
Enable the SNMPv3 security model.
SNMP Community
Network community string. The community string acts like a user ID or password. A user with the correct community string has access to network information. The default is public. For more information, see this helpful SNMP Community Strings tutorial.
Describes the Alert Settings screen on TrueNAS CORE.
Options
Name
Description
Set Warning Level
Customizes the importance of the alert. Each level of importance has a different icon and color to express the level of importance: Info, Notice, Warning, Error, Critical (Default), Alert, and Emergency.
Set Frequency
Adjust how often alert notifications are sent. Setting the Frequency to NEVER prevents that alert from being added to alert notifications, but the alert can still show in the web interface if it is triggered. Options: Immediately (Default), Hourly, Daily, and Never.
Third-party Cloud service providers. Choose a provider to configure connection credentials.
Authentication
Amazon S3 Advanced Options
Name
Description
Endpoint URL
S3 API endpoint URL. When using AWS, the endpoint field can be empty to use the default endpoint for the region, and available buckets are automatically fetched. Refer to the AWS Documentation for a list of Simple Storage Service Website Endpoints.
Region
AWS resources in a geographic area. Leave empty to automatically detect the correct public region for the bucket. Entering a private region name allows interacting with Amazon buckets created in that region. For example, enter us-gov-east-1 to discover buckets created in the eastern AWS GovCloud region.
Disable Endpoint Region
Skip automatic detection of the Endpoint URL region. Set this when configuring a custom Endpoint URL.
User Signature Version 2
Force using Signature Version 2 to sign API requests. Set this when configuring a custom Endpoint URL.
BackBlaze B2
Name
Description
Key ID
Alphanumeric Backblaze B2 Application Key ID. To generate a new application key, log in to the Backblaze account, go to the App Keys page, and add a new application key. Copy the application keyID string to this field.
Application Key
Backblaze B2 Application Key. To generate a new application key, log in to the Backblaze account, go to the App Keys page, and add a new application key. Copy the applicationKey string to this field.
Box
Name
Description
Access Token
A User Access Token for Box. An access token enables Box to verify a request belongs to an authorized session. Example token: T9cE5asGnuyYCCqIZFoWjFHvNbvVqHjl.
Microsoft Onedrive Access Token. Log in to the Microsoft account to add an access token.
Drives List
Drives and IDs registered to the Microsoft account. Selecting a drive also fills the Drive ID field.
Drive Account Type
Type of Microsoft acount. Logging in to a Microsoft account automatically chooses the correct account type. Options: Personal, Business, Document_Library
Drive ID
Unique drive identifier. Log in to a Microsoft account and choose a drive from the Drives List drop-down to add a valid ID.
Name of this SSH connection. SSH connection names must be unique.
Setup Method
Manual requires configuring authentication on the remote system. This can include copying SSH keys and modifying the root user account on that system.
Semi-automatic only works when configuring an SSH connection with a remote TrueNAS system. This method uses the URL and login credentials of the remote system to connect and exchange SSH keys.
Authentication
Name
Description
TrueNAS URL
Hostname or IP address of the remote system. A valid URL scheme is required. Example: https://10.231.3.76
Username
Username for logging in to the remote system.
Password
User account password for logging into the remote system.
Private Key
Choose a saved SSH Keypair or select Generate New to create a new keypair and use it for this connection.
More Options
Name
Description
Cipher
Standard is most secure, but has the greatest impact on connection speed.
Fast is less secure than Standard but can give reasonable transfer rates for devices with limited cryptographic speed.
Disabled removes all security in favor of maximizing connection speed. Disabling the security should only be used within a secure, trusted network.
Connect Timeout
Time (in seconds) before the system stops attempting to establish a connection with the remote system.
A unique name to identify this keypair. Automatically generated keypairs are named after the object that generated the keypair with " Key" appended to the name.
Describes the Tunable screen fields on TrueNAS CORE.
Tunables manage TrueNAS sysctls, loaders, and rc.conf options.
Name
Description
Variable
Enter the name of the loader, sysctl, or rc.conf variable to configure. loader tunables are used to specify parameters to pass to the kernel or load additional modules at boot time. rc.conf tunables are for enabling system services and daemons and only take effect after a reboot. sysctl tunables are used to configure kernel parameters while the system is running and generally take effect immediately.
Creating or editing a sysctl immediately updates the Variable to the configured Value. A restart is required to apply loader or rc.conf tunables. Configured tunables remain in effect until deleted or Enabled is unset.
Description
Enter a description of the tunable.
Enabled
Enable this tunable. Unset to disable this tunable without deleting it.
Describes the fields in the Update screen in TrueNAS CORE.
Name
Description
Check for Updates Daily and Download if Available
Check the update server daily for any updates on the chosen train. Automatically download an update if one is available. Click APPLY PENDING UPDATE to install the downloaded update.
(Refresh)
Check for updates.
Operation
Lists operations TrueNAS performs during the update.
Describes the Certificate Authorities screen settings and functions.
Identifier and Type
Setting
Description
Name
Descriptive identifier for this certificate authority.
Type
Select the CA type from the dropdown list of options. Select Internal CA for a certificate authority that functions like a publicly-trusted CA used to sign certificates for an internal network. This CA is not trusted outside the private network. Select Intermediate CA for a CA that lives between the root and end-entity certificates. Its main purpose is to define and authorize the types of certificates requested from the root CA. Select Import CA for a CA that allows importing an existing CA onto the system. For more information, see What are Subordinate CAs and Why Would You Want Your Own?.
Profiles
Select predefined certificate extensions from the dropdown list. Options are Opentvpn Root CA and CA. Choose a profile that best matches your certificate usage scenario.
Internal and Intermediate CAs
Certificate Options
Certificate options change based on the option selected in Type.
Setting
Description
Signing Certificate Authority
(Required) Select a previously imported or created CA. Displays when Type is set to Intermediate CA.
(Required) Select the number of bits in the key used by the cryptographic algorithm from the dropdown list. Options are 1024, 2048 or 4096. For security reasons, a minimum key length of 2048 is recommended.
Digest Algorithm
(Required) Select the cryptographic algorithm to use from the dropdown list of options. Only change the default SHA256 if the organization requires a different algorithm.
Lifetime
(Required) Enter the lifetime of the CA specified in days.
Certificate Subject
Setting
Description
Country
(Required) Select the country of the organization from the dropdown list.
State
(Required) Enter the state or province of the organization.
Locality
(Required) Enter the location of the organization. For example, the city.
Organization
(Required) Enter the name of the company or organization.
Organizational Unit
Organizational unit of the entity.
Email
(Required) Enter the email address of the person responsible for the CA.
(Required) Enter additional domains to secure for multi-domain support. Separate domains by pressing Enter. For example, if the primary domain is example.com, entering www.example.com secures both addresses.
Basic Constraints
Setting
Description
Enabled
Select to activate this certificate extension.
Path Length
Enter the number of non-self-issued intermediate certificates that can follow this certificate in a valid certification path. Entering 0 allows a single additional certificate to follow in the certificate path. Cannot be less than 0.
Basic Constraints Config
Select the basic constraints extension that identifies whether the subject of the certificate is a CA and the maximum depth of valid certification paths that include this certificate. See RFC 3280, section 4.2.1.10 for more information.
Authority Key Identifier
Setting
Description
Enabled
Select to activate this certificate extension.
Authority Key Config
Select the authority key identifier extension that provides a means of identifying the public key corresponding to the private key used to sign a certificate. This extension is used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover). The identification can be based on either the key identifier (the subject key identifier in the issuer certificate) or on the issuer name and serial number. See RFC 3280, section 4.2.1.1 for more information.
Extended Key Usage
Setting
Description
Enabled
Select to activate this certificate extension.
Usages
Select the options that identify the purpose for this public key from the dropdown list. Is used for end entity certificates. Multiple usages can be selected. Do not mark this extension critical when the Usage is ANY_EXTENDED_KEY_USAGE. Using both Extended Key Usage and Key Usage extensions requires that the purpose of the certificate is consistent with both extensions. See RFC 3280, section 4.2.1.13 for more details.
Critical Extension
Select to identify this extension as critical for the certificate. The certificate-using system must recognize critical extensions, or it will reject the certificate. The certificate-using system can ignore non-critical extensions and still approve the certificate.
Key Usage
Setting
Description
Enabled
Select to activate this certificate extension.
Key Usage Config
Select the key usage extension that defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate. The usage restriction might be employed when a key that could be used for more than one operation is to be restricted. For example, when an RSA key should be used only to verify signatures on objects other than public key certificates and CRLs, the Digital Signature bits would be asserted. Likewise, when an RSA key should be used only for key management, the Key Encipherment bit would be asserted. See RFC 3280, section 4.2.1.3 for more information.
Import CAs
Certificate Subject
Setting
Description
Certificate
Paste the certificate for the CA.
Private Key
Paste the private key associated with the Certificate when available. Provide a key at least 1024 bits long.
Explains the fields located on the Certificates screen in TrueNAS CORE.
After you create or import a new certificate, bind it to the relevant service. For HTTPS binding, go to System > General and select the certificate you want to bind in the GUI SSL Certificate field.
For other services, such as SMB or FTP, bind the certificate within the Services screen. Click the Configure button next to the service you want to bind to, then select the certificate within the Certificate field.
Identifier and Type
Name
Description
Name
Descriptive identifier for this certificate.
Type
Internal Certificate is used for internal or local systems. Certificate Signing Request is used to get a CA signature. Import Certificate allows an existing certificate to be imported onto the system. Import Certificate Signing Request allows an existing CSR to be imported onto the system.
Profiles
Predefined certificate extensions. Choose a profile that best matches your certificate usage scenario.
Internal Certificate and Certificate Signing Request
Multi-domain support. Enter additional domains to secure. Separate domains by pressing Enter. For example, if the primary domain is example.com, entering www.example.com secures both addresses.
Basic Constraints
Name
Description
Enabled
Activate this certificate extension.
Path Length
How many non-self-issued intermediate certificates that can follow this certificate in a valid certification path. Entering 0 allows a single additional certificate to follow in the certificate path. Cannot be less than 0.
Basic Constraints Config
The basic constraints extension identifies whether the subject of the certificate is a CA and the maximum depth of valid certification paths that include this certificate. See RFC 3280, section 4.2.1.10 for more information.
Authority Key Identifier
Name
Description
Enabled
Activate this certificate extension.
Authority Key Config
The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a certificate. This extension is used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover). The identification MAY be based on either the key identifier (the subject key identifier in the issuer’s certificate) or on the issuer name and serial number. See RFC 3280, section 4.2.1.1 for more information.
Extended Key Usage
Name
Description
Enabled
Activate this certificate extension.
Usages
Identify the purpose for this public key. Typically used for end entity certificates. Multiple usages can be selected. Do not mark this extension critical when the Usage is ANY_EXTENDED_KEY_USAGE. Using both Extended Key Usage and Key Usage extensions requires that the purpose of the certificate is consistent with both extensions. See RFC 3280, section 4.2.1.13 for more details.
Critical Extension
Identify this extension as critical for the certificate. Critical extensions must be recognized by the certificate-using system or this certificate will be rejected. Extensions identified as not critical can be ignored by the certificate-using system and the certificate still approved.
Key Usage
Name
Description
Enabled
Activate this certificate extension.
Key Usage Config
The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate. The usage restriction might be employed when a key that could be used for more than one operation is to be restricted. For example, when an RSA key should be used only to verify signatures on objects other than public key certificates and CRLs, the Digital Signature bits would be asserted. Likewise, when an RSA key should be used only for key management, the Key Encipherment bit would be asserted. See RFC 3280, section 4.2.1.3 for more information.
Import Certificate and Import Certificate Signing Request
Certificate Options (Import Certificate)
Name
Description
CSR exists on this system
Check this box if importing a certificate for which a CSR exists on this system
Signing Certificate Authority
Select a previously imported or created CA.
Certificate Subject
Name
Description
Certificate (Import Certificate)
Paste the certificate for the CA.
Signing Request (Import CSR)
Paste the contents of your Certificate Signing Request here.
Private Key
Paste the private key associated with the Certificate when available. Please provide a key at least 1024 bits long.
Describes the fields in the KMIP Key Status screen on TrueNAS CORE Enterprise.
TrueNAS Enterprise
KMIP is only available for TrueNAS Enterprise licensed systems.
Contact the iXsystems Sales Team to inquire about purchasing TrueNAS Enterprise licenses.
KMIP on TrueNAS Enterprise is used to integrate the system within an existing centralized key management infrastructure and use a single trusted source for creating, using, and destroying SED passwords and ZFS encryption keys.
KMIP Server
Name
Description
Server
Host name or IP address of the central key server.
Port
Connection port number on the central key server.
Certificate
Certificate to use for key server authentication. A valid certificate is required to verify the key server connection. WARNING: for security reasons, please protect the Certificate used for key server authentication.
Certificate Authority
Certificate Authority (CA) to use for connecting to the key server. A valid CA public certificate is required to authenticate the connection. WARNING: for security reasons, please protect the Certificate Authority used for key server authentication.
Manage SED Passwords
Self-Encrypting Drive (SED) passwords can be managed with KMIP. Enabling this option allows the key server to manage creating or updating the global SED password, creating or updating individual SED passwords, and retrieving SED passwords when SEDs are unlocked. Disabling this option leaves SED password management with the local system.
Manage ZFS Keys
Use the KMIP server to manage ZFS encrypted dataset keys. The key server stores, applies, and destroys encryption keys whenever an encrypted dataset is created, when an existing key is modified, an encrypted dataset is unlocked, or an encrypted dataset is removed. Unsetting this option leaves all encryption key management with the local system.
Enabled
Activate KMIP configuration and begin syncing keys with the KMIP server.
Change Server
Move existing keys from the current key server to a new key server. To switch to a different key server, key synchronization must be Enabled, then enable this setting, update the key server connection configuration, and click SAVE.
Validate Connection
Tests the server connection and verifies the chosen Certificate chain. To test, configure the Server and Port values, select a Certificate and Certificate Authority, enable this setting, and click SAVE.
Describes the fields in the Failover Configuration screen on TrueNAS CORE.
TrueNAS Enterprise
This article only applies to licensed TrueNAS Enterprise High availability (HA) systems.
Contact the iXsystems Sales Team to inquire about purchasing TrueNAS Enterprise licenses.
Failover Configuration
Name
Description
Disable Failover
Disable automatic failover.
Default TrueNAS Controller
Make the currently active TrueNAS controller the default when both TrueNAS controllers are online and HA is enabled. To change the default TrueNAS controller, unset this option on the default TrueNAS controller and allow the system to fail over. This briefly interrupts system services.
Network Timeout Before Initiating Failover
The number of seconds to wait after a network failure before triggering a failover. 0 means a failover occurs immediately or after two seconds when the system is using a link aggregation.
SYNC TO/FROM PEER
Synchronizes the active and standby TrueNAS controllers.
The Support screen displays system information. Users may also manage thier Enterprise license and create support tickets.
TrueNAS CORE
Name
Description
Username
Your JIRA username.
Password
Your JIRA password.
Type
Select Bug when reporting an issue or Feature when requesting new functionality.
Category
Category that best describes the bug or feature.
Attach Debug
Generates and attaches an overview of the system hardware, build string, and configuration.
Subject
A descriptive title for the new issue.
Description
A one to three paragraph summary of the issue.
Browse…
Attaches screenshots that illustrate the problem.
TrueNAS Enterprise
TrueNAS Enterprise
Proactive Support and the Contact Support fields below are only available on TrueNAS Enterprise licensed systems.
Contact the iXsystems Sales Team to inquire about purchasing TrueNAS Enterprise licenses.
Proactive Support
Name
Description
Name
Primary/Secondary Contact name.
Email
Primary/Secondary Contact email address.
CC
Primary/Secondary Contact email address.
Phone Number
Primary/Secondary Contact phone number.
Enable iXsystems Proactive Support
Set to enable the Enterprise Proactive Support feature.
Contact Support
Name
Description
Name
Contact name.
Email
Contact email address.
Phone
Contact phone number.
Type
Select Bug when reporting an issue or Feature when requesting new functionality.
Environment
Select the appropriate environment.
Criticality
Select the appropriate level of criticality.
Attach Debug
Generates and attaches an overview of the system hardware, build string, and configuration.
Describes the Two-Factor Authentication User Settings screen on TrueNAS CORE.
TrueNAS offers Two-Factor Authentication (2FA) to ensure that a compromised administrator (root) password cannot be used by itself to gain access to the administrator interface.
2FA Configuration
User Settings
Name
Description
One Time Password (OTP) Digits
The number of digits in the One-Time Password. The default is 6, which is Google’s standard OTP length. Check your app/device settings before selecting this.
Interval
The lifespan (in seconds) of each OTP. Default is 30 seconds. The minimum is 5 seconds.
Window
Extends password validity beyond the Interval setting. For example, 1 means that one password before and after the current one is valid, leaving three valid passwords. Extending the window is useful in high-latency situations.
Enable Two-Factor Auth for SSH
Enable 2FA for system SSH access. We recommend leaving this DISABLED until after you successfully test 2FA with the UI.
System Generated Settings
Name
Description
Secret (Read-only)
The secret TrueNAS creates and uses to generate OTPs when you first enable 2FA.
Provisioning URI (includes Secret - Read-only)
The URI used to provision an OTP. TrueNAS encodes the URI (which contains the secret) in a QR Code. To set up an OTP app like Google Authenticator, use the app to scan the QR code or enter the secret manually into the app. TrueNAS produces the URI when you first activate 2FA.
Reference documentation of screens within the Tasks menu option.
TrueNAS includes an easy-to-use interface for common tasks a sysadmin needs to preform on a NAS on a regular basis.
These can roughly be broken down into three groups: system level, data backup, and ZFS tasks.
Contents
Cron Jobs: Describes the fields on the Cron Jobs screen on TrueNAS CORE.
Init/Shutdown Scripts: Explains the fields on the Init/Shutdown Script screen on TrueNAS CORE.
Rsync Tasks: Provides information about the Rsync Tasks screen on TrueNAS CORE.
S.M.A.R.T. Tests: Describes the fields on the S.M.A.R.T. Test screen on TrueNAS CORE.
Periodic Snapshot Tasks: Defines the fields in the Periodic Snapshot Tasks Screen on TrueNAS CORE.
Replication Tasks: Decribes the fields on the Replication Tasks screen for TrueNAS CORE.
Resilver Priority: Describes the Resilver Priority screen on TrueNAS CORE.
Scrub Tasks: Describes the fields on the Scrub Task screen on TrueNAS CORE.
Cloud Sync Tasks: Describes the Cloud Sync Tasks screen on TrueNAS CORE.
Advanced Scheduler: Describes the fields in the Advanced Scheduler in TrueNAS CORE.
5.1 - Cron Jobs
Describes the fields on the Cron Jobs screen on TrueNAS CORE.
Cron Job
Name
Description
Description
Enter a description of the cron job.
Command
Enter the full path to the command or script to be run.
Run as User
Select a user account to run the command. The user must have permissions allowing them to run the command or script.
Schedule
Select a schedule preset or choose Custom to open the advanced scheduler. Note that an in-progress cron task postpones any later scheduled instance of the same task until the running task is complete.
Hide Standard Output
Hide standard output (stdout) from the command. When cleared, any standard output is mailed to the user account cron used to run the command.
Hide Standard Error
Hide error output (stderr) from the command. When cleared, any error output is mailed to the user account cron used to run the command.
Enabled
Enable this cron job. When cleared, disable the cron job without deleting it.
Explains the fields on the Init/Shutdown Script screen on TrueNAS CORE.
Init/Shutdown Script
Name
Description
Description
Comments about this script.
Type
Select Command for an executable command or Script for an executable script.
Command
Enter the command with any options. When Script is selected, click the folder to define the path to the script file.
When
Pre Init is early in the boot process, after mounting filesystems and starting networking. Post Init is at the end of the boot process, before TrueNAS services start. Shutdown is during the system power off process.
Enabled
Enable this task. Clear to disable the task without deleting it.
Timeout
Automatically stop the script or command after the specified seconds.
Provides information about the Rsync Tasks screen on TrueNAS CORE.
Remote sync is a utility that copies data across a network. Rsync first copies the initial data. Later copies contain only the data that is different between the source and destination files. This reduces network traffic. Use Rsync to create backups, and to synchronize data across systems.
Create a New Rsync Task
Go to Tasks > Rsync Tasks. The Rsync Tasks menu displays.
Click ADD.
Source
Name
Description
Path
Browse to the path to be copied. FreeBSD file path limits apply. Other operating systems can have different limits which might affect how they can be used as sources or destinations.
User
Select the user to run the rsync task. The user selected must have permissions to write to the specified directory on the remote host.
Direction
Direct the flow of data to the remote host. During a push, the dataset transfers to the remote module. During a pull, the dataset stores files from the remote system.
Description
Enter a description of the rsync task.
Schedule
Name
Description
Schedule
Select a schedule preset or select Custom to open the advanced scheduler.
Recursive
Select to include all sub-directories of the specified directory. When cleared, only the specified directory is included.
Remote
Name
Description
Remote Host
Enter the IP address or host name of the remote system that will store the copy. Use the format username@remote_host if the user name differs on the remote host.
Rsync Mode
Select to use a custom-defined remote module of the rsync server. Or to use an SSH configuration for the rsync task.
More Options
Name
Description
Times
Select to preserve modification times of files.
Compress
Select to reduce the size of data to transmit. Recommended for slow connections.
Archive
When selected, rsync runs recursively. Preserves symlinks, permissions, modification times, group, and special files. When run as root, owner, device files, and special files are also preserved. Equal to passing the flags -rlptgoD to rsync.
Delete
Delete files in the destination directory that do not exist in the source directory.
Quiet
Select to suppress informational messages from the remote server.
Preserve Permissions
Select to preserve original file permissions. Useful when the user is set to root.
Saves a temporary file from each updated file to a holding directory until the end of the transfer. All transferred files renamed once the transfer is complete.
Auxiliary Parameters
Additional rsync(1) options to include. Separate entries by pressing Enter. Note: The emergency character must be escaped with a backslash \ or used inside single quotes (’*.txt’).
Enabled
Select to enable this rsync task. Clear to disable this rsync task without deleting it.
Describes the fields on the S.M.A.R.T. Test screen on TrueNAS CORE.
Name
Description
Disks
Select the disks to monitor from the dropdown list.
All Disks
Select to monitor every disk on the system with S.M.A.R.T. enabled. Leave clear to choose individual disks on the Disks dropdown list to include in the test.
Type
Select the test type from the dropdown list. Options are LONG, SHORT, CONVEYANCE or OFFLINE. See smartctl(8) for descriptions of each type. Some types degrade performance or take disks offline.
Description
Enter information about the S.M.A.R.T. test.
Schedule
Select a preset test schedule from the dropdown list. Select Custom to open the advanced scheduler and define a new schedule for running the test.
Defines the fields in the Periodic Snapshot Tasks Screen on TrueNAS CORE.
Dataset
Name
Description
Dataset
Select a pool, dataset, or zvol.
Recursive
Select to take separate snapshots of the dataset and each of its child datasets. Clear to take a single snapshot only of the specified dataset without child datasets.
Exclude
Exclude specific child datasets from the snapshot. Use with recursive snapshots. List paths to any child datasets to exclude. Example: pool1/dataset1/child1. A recursive snapshot of pool1/dataset1 will include all child datasets except child1. Separate entries by pressing Enter.
Schedule
Name
Description
Snapshot Lifetime
Define a length of time to retain the snapshot on this system using a numeric value and a single lowercase letter for units. Examples: 3h is three hours, 1m is one month, and 1y is one year. Does not accept Minute values. After the time expires, the snapshot is removed. Snapshots which have been replicated to other systems are not affected.
Naming Schema
Snapshot name format string. The default is auto-%Y-%m-%d_%H-%M. Must include the strings %Y, %m, %d, %H, and %M, which are replaced with the four-digit year, month, day of month, hour, and minute as defined in strftime(3). For example, snapshots of pool1 with a Naming Schema of customsnap-%Y%m%d.%H%M have names like pool1@customsnap-20190315.0527.
Schedule
Choose one of the presets or Custom to use the advanced scheduler.
Allow Taking Empty Snapshots
Creates dataset snapshots even when there have been no changes to the dataset from the last snapshot. Recommended for long-term restore points, multiple snapshot tasks pointed at the same datasets, or compatibility with snapshot schedules or replications created in TrueNAS 11.2 and earlier. For example, allowing empty snapshots for a monthly snapshot schedule allows that monthly snapshot to be taken, even when a daily snapshot task has already taken a snapshot of any changes to the dataset.
Enabled
To activate this periodic snapshot schedule, select this option. To disable this task without deleting it, clear this option.
Decribes the fields on the Replication Tasks screen for TrueNAS CORE.
Basic Creation
What and Where
Name
Description
Load Previous Replication Task
Use settings from a saved replication.
Source Location
Storage location for the original snapshots that are replicated.
Destination Location
Storage location for the replicated snapshots.
Task Name
Name of this replication configuration.
Source Location: On this System
Name
Description
Source
Define the path to a system location that has snapshots to replicate. Click the folder to see all locations on the source system or click in the field to manually type a location (Example: pool1/dataset1). Multiple source locations can be selected or manually defined with a comma (,) separator. Selecting a location displays the number of existing snapshots that can be replicated. Selecting a location that has no snapshots configures the replication task to take a manual snapshot of that location and replicate it to the destination.
Recursive
Select to also replicate all snapshots contained within the selected source dataset snapshots. Clear to only replicate the selected dataset snapshots.
Replicate Custom Snapshots
Replicate snapshots that are not created by an automated snapshot task. Requires setting a naming schema for the custom snapshots.
Naming Schema
Pattern of naming custom snapshots replicated. Enter the name and strftime(3) {0}, {1}, {2}, {3}, and {4} strings that match the snapshots to include in the replication. Separate entries by pressing Enter. The number of snapshots matching the patterns display.
Source Location: On a Different System
Name
Description
SSH Connections
Select an existing SSH connection to a remote system or choose Create New to create a new SSH connection.
Source
Define the path to a system location that has snapshots to replicate. Click the folder to see all locations on the source system or click in the field to manually type a location (Example: pool1/dataset1). Multiple source locations can be selected or manually defined with a comma (,) separator. Selecting a location displays the number of existing snapshots that can be replicated. Selecting a location that has no snapshots configures the replication task to take a manual snapshot of that location and replicate it to the destination.
Recursive
Select to also replicate all snapshots contained within the selected source dataset snapshots. Clear to only replicate the selected dataset snapshots.
Naming Schema
Pattern of naming custom snapshots to be replicated. Enter the name and strftime(3) {0}, {1}, {2}, {3}, and {4} strings that match the snapshots to include in the replication. Separate entries by pressing Enter. The number of snapshots matching the patterns are shown.
SSH Transfer Security
Data transfer security. The connection is authenticated with SSH. Data can be encrypted during transfer for security or left unencrypted to maximize transfer speed. Encryption is recommended, but can be disabled for increased speed on secure networks.
Destination Location: On this System
Name
Description
Destination
Define the path to a system location that stores replicated snapshots. Click the folder to see all locations on the destination system or click in the field to manually type a location path (Example: pool1/dataset1). Selecting a location defines the full path to that location as the destination. Appending a name to the path creates a new zvol at that location. For example, selecting pool1/dataset1 stores snapshots in dataset1, but clicking the path and typing /zvol1 after dataset1 creates zvol1 for snapshot storage.
Encryption
Select to use encryption when replicating data. Additional encryption options appear.
Destination Location: On a Different System
Name
Description
SSH Connections
Select a saved remote system SSH connection or choose Create New to create a new SSH connection.
Destination
Define the path to a system location that stores replicated snapshots. Click the folder to see all locations on the destination system or click in the field to manually type a location path (Example: pool1/dataset1). Selecting a location defines the full path to that location as the destination. Appending a name to the path creates a new zvol at that location. For example, selecting pool1/dataset1 stores snapshots in dataset1, but clicking the path and typing /zvol1 after dataset1 creates zvol1 for snapshot storage.
Encryption
Select to use encryption when replicating data. Additional encryption options appear.
When
Name
Description
Replication Schedule
Text
Destination Snapshot Lifetime
When replicated snapshots are deleted from the destination system. Same as Source uses the configured snapshot lifetime value from the source dataset periodic snapshot task. Never Delete never deletes snapshots from the destination system. Custom sets a how long a snapshot remains on the destination system. Enter a number and choose a measure of time from the dropdown list.
Schedule
Select specific times to snapshot what you specified in Source Datasets and replicate the snapshots to the location in Destination Dataset. Select a preset schedule or choose Custom to use the advanced scheduler.
Text
Text
Advanced Creation
General
Name
Description
Name
Descriptive name for the replication.
Direction
PUSH sends snapshots to a destination system. PULL connects to a remote system and retrieves snapshots matching a naming schema.
Transport
SSH is supported by most systems. It requires a previously created connection in System > SSH Connections. SSH+NETCAT uses SSH to establish a connection to the destination system, then uses py-libzfs to send an unencrypted data stream for higher transfer speeds. This only works when replicating to a FreeNAS, TrueNAS, or other system with py-libzfs installed. LOCAL efficiently replicates snapshots to another dataset on the same system without using the network. LEGACY uses the legacy replication engine from FreeNAS 11.2 and earlier.
Number of retries for failed replications
Number of times the replication is attempted before stopping and marking the task as failed.
Logging Level
Message verbosity level in the replication task log.
Enabled
Activates the replication schedule.
Transport Options
Name
Description
SSH Connection
Choose a connection that has been saved in System > SSH Connections.
Stream Compression
Select a compression algorithm to reduce the size of the data being replicated. Only appears when SSH is chosen for Transport type.
Limit
Limit replication speed to this number of bytes per second.
Allow Blocks Larger than 128KB
Allow this replication to send large data blocks. The destination system must also support large blocks. This setting cannot be changed after it has been enabled and the replication task is created. For more details, see zfs(8).
Allow Compressed WRITE Records
Use compressed WRITE records to make the stream more efficient. The destination system must also support compressed WRITE records. See zfs(8).
Source
Name
Description
Source
Define the path to a system location that has snapshots to replicate. Click the folder to see all locations on the source system or click in the field to manually type a location (Example: pool1/dataset1). Multiple source locations can be selected or manually defined with a comma (,) separator.
Recursive
Replicate all child dataset snapshots. When selected, Exclude Child Datasets becomes available.
Include Dataset Properties
Include dataset properties with the replicated snapshots.
(Almost) Full Filesystem Replication
Completely replicate the selected dataset. The target dataset will have all of the properties, snapshots, child datasets, and clones from the source dataset.
Properties Exclude
List any dataset properties that will not be included with the replication.
Periodic Snapshot Tasks
Snapshot schedule for this replication task. Choose from previously configured periodic snapshot tasks. This replication task must have the same Recursive and Exclude Child Datasets values as the chosen periodic snapshot task. Selecting a periodic snapshot schedule removes the Schedule field.
Replicate Specific Snapshots
Only replicate snapshots that match a defined creation time. To specify which snapshots will be replicated, select this checkbox and define the snapshot creation times that will be replicated. For example, setting this time frame to Hourly will only replicate snapshots that were created at the beginning of each hour.
Also Include Naming Schema
Pattern of naming custom snapshots to include in the replication with the periodic snapshot schedule. Enter the strftime(3) strings that match the snapshots to include in the replication. When a periodic snapshot is not linked to the replication, enter the naming schema for manually created snapshots. Has the same {0}, {1}, {2}, {3}, and {4} string requirements as the naming schema in a periodic snapshot task. Separate entries by pressing Enter.
Saving Pending Snapshots
Prevent source system snapshots that have failed replication from being automatically removed by the Snapshot Retention Policy.
Destination
Name
Description
Destination
Define the path to a system location that stores replicated snapshots. Click the folder to see all locations on the destination system or click in the field to manually type a location path (Example: pool1/dataset1). Selecting a location defines the full path to that location as the destination. Appending a name to the path creates a new zvol at that location. For example, selecting pool1/dataset1 stores snapshots in dataset1, but clicking the path and typing /zvol1 after dataset1 creates zvol1 for snapshots.
Destination Dataset Read-only Policy
SET changes all destination datasets to readonly=on after finishing the replication. REQUIRE stops replication unless all existing destination datasets to have the property readonly=on. IGNORE disables checking the readonly property during replication.
Encryption
Select to use encryption when replicating data. Additional encryption options appear.
Encryption Key Format
Appears when Encryption is set. Choose between a Hex (base 16 numeral) or Passphrase (alphanumeric) style encryption key.
Passphrase
Appears when Encryption Key Format is set to PASSPHRASE. Enter an alphanumeric encryption key.
Store Encryption key in Sending TrueNAS database
Set to store the encryption key in the TrueNAS database.
Encryption Key Location in Target System
Appears when Store Encryption key in Sending TrueNAS database** is unset. Choose a temporary location for the encryption key that will decrypt replicated data.
Replication from scratch
If the destination system has snapshots but they do not have any data in common with the source snapshots, destroy all destination snapshots and do a full replication. Warning: enabling this option can cause data loss or excessive data transfer if the replication is misconfigured.
Snapshot Retention Policy
When replicated snapshots are deleted from the destination system. Same as Source: use the Snapshot Lifetime from from the source periodic snapshot task. Custom: define a Snapshot Lifetime for the destination system. None: never delete snapshots from the destination system.
Replication Schedule
Name
Description
Run Automatically
Select to either start this replication task immediately after the linked periodic snapshot task completes or continue to create a separate Schedule for this replication.
Schedule
Start time for the replication task.
Only Replicate Snapshots Matching Schedule
Appears when Schedule checkbox is set. Set to use the Schedule in place of the Replicate Specific Snapshots time frame. The Schedule values are read over the Replicate Specific Snapshots time frame.
Describes the Resilver Priority screen on TrueNAS CORE.
Resilver Priority
Name
Description
Enabled
Select to run resilver tasks between the configured times.
Begin
Choose the hour and minute when a resilver process can run at a higher priority.
End
Choose the hour and minute after which a resilver process must return to running at a lower priority. A resilver process running after this time can likely take much longer to complete due to running at a lower priority compared to other disk and CPU activities, such as replications, SMB transfers, NFS transfers, Rsync transfers, S.M.A.R.T. tests, pool scrubs, user activity, etc.
Describes the fields on the Scrub Task screen on TrueNAS CORE.
Scrub Task
Name
Description
Pool
Choose a pool to scrub.
Threshold days
Controls the task schedule by setting how many days must pass before a completed scrub can run again. If you schedule a scrub to run daily and set Threshold days to 7, the scrub attempts to run daily. If the scrub succeeds, it will check but won’t run again until seven days pass. Using a multiple of seven ensures the scrub runs on the same weekday.
Description
Describe the scrub task.
Schedule
How often to run the scrub task. Choose one of the presets or Custom to use the Advanced Scheduler.
Enabled
Clear to disable the scheduled scrub without deleting it.
PUSH sends data to cloud storage. PULL receives data from cloud storage. Changing the direction resets the Transfer Mode to COPY.
Transfer Mode
SYNC: Files on the destination are changed to match those on the source. If a file does not exist on the source, it is also deleted from the destination. COPY: Files from the source are copied to the destination. If files with the same names are present on the destination, they are overwritten. MOVE: After files are copied from the source to the destination, they are deleted from the source. Files with the same names on the destination are overwritten.
Directory/Files
Select the directories or files to be sent to the cloud for Push syncs, or the destination to be written for Pull syncs. Be cautious about the destination of Pull jobs to avoid overwriting existing files.
Remote
Name
Description
Credential
Select the cloud storage provider credentials from the list of available Cloud Credentials.
Folder
Enter or select the cloud storage location to use for this task.
Control
Name
Description
Schedule
Select a schedule preset or choose Custom to open the advanced scheduler.
Enable
Enable this Cloud Sync Task. Clear to disable this Cloud Sync Task without deleting it.
Advanced Options
Name
Description
Follow Symlinks
Follow symlinks and copy the items to which they link.
Pre-script
Script to execute before running sync.
Post-script
Script to execute after running sync.
Exclude
List of files and directories to exclude from sync. Separate entries by pressing Enter. See rclone filtering for more details about the --exclude option.
Upload Chunk Size
Files are split into chunks of this size before upload. The number of chunks that can be simultaneously transferred is set by the Transfers number. The single largest file being transferred must fit into no more than 10,000 chunks.
Remote Encryption
Use rclone crypt to manage data encryption during PUSH or PULL transfers: PUSH: Encrypt files before transfer and store the encrypted files on the remote system. Files are encrypted using the Encryption Password and Encryption Salt values. PULL: Decrypt files that are being stored on the remote system before the transfer. Transferring the encrypted files requires entering the same Encryption Password and Encryption Salt that was used to encrypt the files. Additional details about the encryption algorithm and key derivation are available in the rclone crypt File formats documentation.
Transfers
Number of simultaneous file transfers. Enter a number based on the available bandwidth and destination system performance. See rclone –transfers.
Bandwidth Limit
A single bandwidth limit or bandwidth limit schedule in rclone format. Separate entries by pressing Enter. Example: 08:00,512 12:00,10MB 13:00,512 18:00,30MB 23:00,off. Units can be specified with the beginning letter: b, k (default), M, or G. See rclone –bwlimit.
Dry Run
TrueNAS connects to the Cloud Storage Provider and simulates a file transfer without sending or receiving data.
IPMI Screen: Describes the fields on the IPMI screen in TrueNAS CORE.
6.1 - Interfaces Screen
Describes the fields in the Network Interface screen on TrueNAS CORE.
Use the Network > Interface Screen to add various network interfaces to your TrueNAS.
Use the COLUMNS button to display options to modify the information displayed in the Interfaces table. Options are Type, Link State, DHCP, IPv6 Auto Configure, IP Addresses, Description, Active Media Type, Active Media Subtype, VLAN Tag, VLAN Parent Interface, Bridge Members, LAGG Ports, LAGG Protocol, MAC Address, MTU or Reset to Defaults.
To see the details for any interface click the chevron_right symbol to the right of the interface.
Interface Detail Screen
Each interface has a detailed view with the current interface settings and additional actions available for the interface.
Use EDIT to display the Network Interface Edit screen. Several settings are not editable and do not appear on the Edit screen.
Use RESET CONFIGURATION to reset the selected interface. Resetting the configuration interrupts network connectivity. The Reset Configuration dialog displays. You must select Confirm to activate the RESET CONFIGURATION button.
Interface Add Screen
The Interface Add screen displays additional configuration settings based on the type of interface selected.
Interface Settings
Settings
Description
Type
Select the type of interface from the dropdown list. Select Bridge to create a logical link between mutliple networks. Select Link Aggregation to combine multiple network connections into a single interface. Select VLAN for a virtual LAN to partition and isolate a segment of the connection.
Name
Enter a name for the interface. Use the format bridgeXlaggX or vlanX where X is a number representing a non-parent interface.
Description
Enter a description for the interface. For example, what it is used for.
DHCP
Select to enable DHCP. Leave checkbox clear to crate a static IPv4 or IPv6 configuration. Only one interface can be configured for DCHP.
Autoconfigure IPv6
Select to automatically configure the IPv6 address with rtsol(8). Only one interface can be configured this way.
Other Settings
Settings
Description
Dsable Hardware Offloading
Select to turn off hardware offloading for network traffice processing. Warning! Disabling hardware offloading can reduce network performance, and is only recommended when the interface is managing jails, plugins or virtual machines.
MTU
A maximum transmission unit (MTU) is the largest protocol data unti that can be communicated. The largest workable MTU size varies with network interfaces and equipment. 1500 and 9000 are standard Ethernet MTU sizes. Leave blank restores this field to the default value of 1500.
Select an IP address from the dropdown list to define an alias for the interface on this TrueNAS controller. The alias can be an IPv4 or IPv6 address.
ADD
Adds a row to configure another IP address. A DELETE button displays to allow you to delete the extra IP address.
Bridge Settings
Settings
Description
Bridge Members
Select network interfaces to include in the bridge from the dropdown list.
Link Aggreation Settings
Settings
Description
Lagg Protocol
Select the lagg protocol from the dropdown list. This determines the outgoing and incoming traffic ports. LACP is the recommended protocol if the network switch is capable of active LACP. Failover is the default protocol choice and should be used if the network switch does not support active LACP. See lagg(4) for more details.
Lagg Interfaces
Select the interfaces on your TrueNAS to use in the aggregation from the dropdown list. Warning! Lagg creation fails if any of the selected interfaces have been manually configured.
VLAN Settings
Settings
Description
Parent Interface
Select the VLAN parent interface on your TrueNAS from the dropdown list. Usually Ethernet card connected to a switch port configured for the VLAN. New link aggregations are not available until the system is restared.
Vlan Tag
Enter the numeric tag configured in the switched network. This is a required field.
Priority Code Point
Select the Class of Service from the dropdown list. The available 802.1p class of service ranges from **Best effort (default) to Network control (highest).
Interface Edit Screen
The Interface Edit screen displays only the editable configuration settings for the inface selected.
Interface Settings
Settings
Description
Name
Displays the name for the selected interface. This field cannot be edited.
Description
Enter a description for the interface. For example, what it is used for.
DHCP
Select to enable DHCP. Leave checkbox clear to crate a static IPv4 or IPv6 configuration. Only one interface can be configured for DCHP.
Autoconfigure IPv6
Select to automatically configure the IPv6 address with rtsol(8). Only one interface can be configured this way.
Other Settings
Settings
Description
Disable Hardware Offloading
Select to turn off hardware offloading for network traffic processing. Warning! Disabling hardware offloading can reduce network performance, and is only recommended when the interface is managing jails, plugins, or virtual machines.
MTU
A maximum transmission unit (MTU) is the largest protocol data unti that can be communicated. The largest workable MTU size varies with network interfaces and equipment. 1500 and 9000 are standard Ethernet MTU sizes. Leave blank restores this field to the default value of 1500.
Describes the Network Summary screen in TrueNAS CORE.
It is recommended to set up your system connections before setting up data sharing.
This allows integrating TrueNAS into your specific security and network environment before attempting to store or share critical data.
Network Summary
The Network Summary gives a concise overview of the current network setup.
Information about the currently active Interfaces, Default Routes, and Nameservers is provided.
These areas are not editable.
Interfaces shows any configured physical, bridge, LAGG, and vlan interfaces.
All detected physical interfaces are listed, even when unconfigured.
The IPv4 or IPv6 address displays when a Static IP is saved for an interface.
Default Routes lists all saved TrueNAS Default Routes.
Go to Network > Global Configuration to configure Default Routes.
Nameservers lists any configured DNS name servers that TrueNAS uses. To change this list, go to Network > Global Configuration. The TrueNAS Hostname and Domain, Default Gateway, and other options are available in Network > Global Configuration.
Additional Network Configuration Screens
Define any Static Routes in Network > Static Routes.
Out of Band Management is managed from Network > IPMI. This option is visible only when TrueNAS detects the appropriate physical hardware.
Describes the fields in the Network Summary screen in TrueNAS CORE.
It is recommended to set up your system connections before setting up data sharing.
This allows integrating TrueNAS into your specific security and network environment before attempting to store or share critical data.
Network Summary
The Network Summary gives a concise overview of the current network setup.
Information about the currently active Interfaces, Default Routes, and Nameservers is provided.
These areas are not editable.
Interfaces shows any configured physical bridge, LAGG, and vlan interfaces.
All detected physical interfaces are listed, even when unconfigured.
The IPv4 or IPv6 address displays when a static IP is saved for an interface.
Default Routes lists all saved TrueNAS Default Routes.
Go to Network > Global Configuration to configure Default Routes.
Nameservers lists any configured DNS name servers that TrueNAS uses. To change this list, go to Network > Global Configuration.
The TrueNAS Hostname and Domain, Default Gateway, and other options are available in Network > Global Configuration.
Additional Network Configuration Screens
Define any Static Routes in Network > Static Routes.
Out-of-band management is managed from Network > IPMI. This option is visible only when TrueNAS detects the appropriate physical hardware.
Describes how to use the Global Configuration screen in TrueNAS CORE.
The Network > Global Configuration screen has all the general TrueNAS networking settings that are not specific to any interface.
Disruptive Change
Making changes to the network interface the web interface uses can result in losing connection to TrueNAS!
Fixing any misconfigured network settings might require command line knowledge or physical access to the TrueNAS system.
Global Configuration Settings
Options are organized into several categories.
Many of these interface, DNS, and gateway options are also configured in the Console Setup Menu.
Be sure to check both locations when troubleshooting network connectivity issues.
Hostname and Domain
Many of these fields have default values you can change to meet requirements of the local network.
The Hostname and Domain field values display on the Dashboard > System Information card.
Some options only display when the appropriate hardware is present.
Setting
Description
Hostname
Enter the system host name. If an Enterprise system with two controllers, this is the first TrueNAS controller host name. Upper and lower case alphanumeric, (.) and (-) characters are allowed.
Hostname (TrueNAS Controller 2)
Enter the host name of second TrueNAS controller (for HA only). Upper and lower case alphanumeric, (.) and (-) characters are allowed.
Hostname (Virtual)
Ener the virtual host name. When using a virtualhost, this is also used as the Kerberos principal name. Enter the fully qualified host name plus the domain name. Upper and lower case alphanumeric, (.) and (-) characters are allowed.
Domain
Enter the system domain name.
Additional Domains
Enter additional domains to search. Separate entries by pressing Enter. Adding search domains can cause slow DNS lookups
Service Announcement
Setting
Description
NetBIOS-NS
Select to advertise the SMB service NetBIOS name. Legacy NetBIOS name server. Can be required for legacy SMB1 clients to discover the server. When advertised, the server appears in Network Neighborhood.
mDNS
Select to use the system host name (in Hostname) to advertise enabled and runnint services. Multicast DNS. For example, this controls if the server appears under Network on MacOS clients.
WS-Discovery
Select to use the SMB Service NetBIOS Name to advertise the server to WS-Discovery clients. This causes the computer to appear in the Network Neighborhood of modern Windows OSes.
DNS Servers
Setting
Description
Nameserver 1
Enter the primary DNS server IP address.
Nameserver 2
Enter the secondary DNS server IP address.
Nameserver 3
Enter the tertiary DNS server IP address.
Default Gateway
Setting
Description
IPv4 Default Gateway
Enter the IP address to use instead of the default gateway provided by DHCP for IPv4 service. Typically not set.
IPv6 Default Gateway
Enter the IP address to use instead of the default gateway provided by DHCP for IPv6 service. Typically not set.
Other Settings
Setting
Description
HTTP Proxy
Enter the proxy information for the network in the format http://my.proxy.server:3128 or http://user:password@my.proxy.server:3128.
Enable Netwait Feature
Select to prevents network services from starting until the interface can ping the addresses listed in the Netwait IP list.
Netwait IP List
Select only appears when Enable Netwait Feature is set. Enter a list of IP addresses to ping. Separate entries by pressing Enter. Each address is tried until one is successful or the list is exhausted. Leave empty to use the default gateway.
Host Name Database
Enter the database host name. Used to add one entry per line which is appended to /etc/hosts. Separate entries by pressing Enter. Use the format IP_address space hostname where multiple host names can be used if separated by a space. Hosts defined here are still accessible by name even when DNS is not available. See hosts for additional information.
Describes the Static Routes screen in TrueNAS CORE.
Use the Network Static Routes screen to define static routes on your TrueNAS. By default, no static routes are defined on a default TrueNAS system.
Use the blue Columns button to display options to change the information displayed in the Static Routes table. Options are Unselect All, Gateway, Description or Reset to Defaults.
Use Add to dispay the Static Routes Add screen.
Static Route Add Screen
Setting
Description
Destination
Enter the desination IP using the format A.B.C.D/E where E is the CIDR mask.
Gateway
Enter the IP address of the gateway.
Description
Enter any notes or identifiers describing the static route.
The SUBMIT button activates after entering values in the required fields. Use CANCEL to exit without saving and retun to the Static Routes screen.
Describes the fields on the IPMI screen in TrueNAS CORE.
Use the INetwork > IPMI screen to configure the TrueNAS for an IPMI connection. The IPMI configuration screen provides a shortcut to the most basic IPMI configuration.
Setting
Description
TrueNAS Controller
Select a TrueNAS controller from the dropdown list. All IPMI changes are applied to that TrueNAS controller.
Channel
Select the communications channel to use from the dropdown list. Available channel numbers vary by hardware.
Password
Enter a password for connecting to the IPMI interface from a web browser. The password must include at least one upper case letter, one lower case letter, one digit, and one special character (punctuation, e.g. ! # $ %, etc.). It must also be 8-16 characters long.
DHCP
Select to use DHCP to set the IPv4 Address, IPv4 Netmask, and Ipv4 Default Gateway. If checkbox is clear you must manually enter these settings.
IPv4 Address
Enter the static IP address of the IPMI web interface. This is the address TrueNAS connects to when you click the MANAGE button.
IPv4 Netmask
Enter the subnet mask associated with the IP address.
IPv4 Default Gateway
Enter the default gateway of the IPv4 connection. This is associated with the IP address.
VLAN ID
Enter the VLAN identifier if the IPMI out-of-band management interface is not on the same VLAN as management networking.
IDENTIFY LIGHT
Displays a dialog to activate an IPMI identify light on the compatible connected hardware.
MANAGE
Connects the TrueNAS to the IPMI web interface login screen.
Zvols Screen: Describes the fields in the Storage Pools Add Zvol screen in TrueNAS CORE.
7.1.1 - Pool Screens
Describes the fields on the Storage Pools screen on TrueNAS CORE.
Use the Storage Pools screens to add or manage storage pools on your TrueNAS. The Pools screen displays a table of all the pools and datasets configured in your TrueNAS.
Use the to display the Pools Actions dropdown list of pool operations.
Use ADD to display the Import Pool configuration wizard screens.
Use the <class=“fa fa-ellipsis-v” aria-hidden=“true” title=“Options”> for the root dataset to display the Action Menu for the root dataset which is different than the options for nested datasets.
Use the <class=“fa fa-ellipsis-v” aria-hidden=“true” title=“Options”> > for nested datasets to display the Action Menu for nested datasets.
See Datasets Screen for more information on dataset screens.
Import Pools Screens
The import pool wizard has four configuration screens that allow you to add a new pool or import an existing pool based on the selection made.
Displays a dialog with the Auto TRIM and Confirm checkoboxes. Auto TRIM allows TrueNAS to periodically check the pool disks for storage blocks it can reclaim.
Export/Disconnect
Displays a dialog with a warning about unavailable data, backing up data before exporting/disconnecting, and lists services that could be disrupted by the process. Select from the three options:
Setting
Description
Destroy data on this pool?
Select to destroy data on the pool disks.
Delete configuration of shares that used this pool?
Selected by default to delete share configurations listed.
Confirm Export/Disconnect
Activates the Export/Disconnect button.
Export/Disconnect
Use to display the confirmation dialog where you must enter the name of the pool and confirm you want to proceed with this operation.
Use CANCEL to exit the process and close the dialog.
Use CANCEL to exit without saving and display the Pools screen.
Use ADD VDEVS to add vdevs to the exiting pool.
Scrub Pool
Displays a start-scrub confirmation dialog. Select Confirm to activate the START SCRUB button. Use CANCEL to exit back to the Pools screen without starting the scrub.
Expand Pool
Displays the Pool Status screen which displays the status of the pool, the datasets and the disks for the selected pool. Select the to display the options available to datasets and disks.
The Expand Pool function can be used to add a new disk to a single-disk stripe pool in order to create or re-create a mirror pool, if the disk capacity of the new disk meets the requirements.
Pool Manager Screen
The Pool Manager screen displays after selecting either the Create new Pool radio button on the Create or Import Pool screen or the Add Vdev option for an existing pool.
Pool Manager adds the initial vdev when you create the pool or want to add to an existing pool.
At initial creation you have the option to select the type of vdev for this pool.
When accessing Pool Manager for an existing pool from the Pool Actions dropdown and selecing Add Vdev, the pool vdev type is already specified and limits what you can add as a Data type vdev. For example, a pool with a mirror vdev requires you to add a minimum of two disks to the existing mirror. In order to transform a single disk stripe to a mirror, use the Expand Pool
Displays the name of the pool for which you are adding the vdev.
Encryption
Select to apply encryption to the storage pool. All datasets created on an encrypted pool inherit encryption from this root dataset.
RESET LAYOUT
Click to reset the proposed layout displayed. Click before you save to remove any vdev types selected and move disks assigned to any vdev back to the Available Disks list.
ADD VDEV
Displays a dropdown list of the types of vdevs on the system. Vdev types are Data, Cache, Log, Hot Spare, Metadata or Dedup. Click to add vdev types to an existing or new pool vdev setup.
Available Disks
List of available disks on the TrueNAS. Select the checkbox to the left of the disk and then select the blue to the right of the vdev type (if more than one vdev type exists or is added with the ADD VDEV button) to move the disks to that vdev. To move it back to the Available Disks list select the disk checkbox(es) and the blue .
Data VDevs
List of disks assigned to the vdev(s). To move disks back to the Available Disks list select the disk checkbox(es) and the blue symbol.
vdev type
Displays under the Data Vdevs table(s). For an existing pool, the default vdev type is the vdev type for that existing pool. For initial pool creation, the default type is Stripe. After adding disks to the Data VDevs a expand symbol displays with avaialbe options to change the default type of vdev (for example, if two disks are moved to a Data VDev, the Mirror option displays along with Strip).
Estimated raw capacity: 0 B
Displays the raw storage capacity of the disks for the Data VDev type.
Filter disks by name
Click on to display the field where you enter the filter or search parameters.
Filter disks by capacity
Click on to display the field where you enter the filter or search parameters.
Use CANCEL to exit without saving and display the Pools screen.
Use CREATE to add the pool vdev.
Use ADD VDEVS to add vdevs to the exiting pool.
Pool Status Screen
The Pool Status screen which displays the status of the pool, the datasets and the disks for the selected pool.
Each Dataset has two options available from the . Select either Extend which displays the Extend Vdev dialog that allows you to select a new disk from a dropdown list, or Remove which displays a confirmation dialog before you remove the dataset from the pool.
Each disk has four options available from the :
Edit displays the Edit Pool Disk screen where you can change disk settings.
Offline displays the Offline Disk conformation dialog where you confirm you want to offline the disk. Select the Confirm checkbox to activate the OFFLINE button or click CANCEL to exit the dialog and return to the Pool Status screen.
Replace displays the Replacing disk dialog where you select the member disk from a dropdown list. Use Force to override safety checks and add the disk to the pool. Warning, this erases data on the disk!
Detach displays the Detach Disk dialog where you must select Confirm before the DETACH button activates. This detaches the disk from the pool.
Edit Pool Disk Screen
The Edit Pool Disk screen displays disk configutation settings.
Settings on the Edit Pool Disk screen are the same as those on the Storage > Disks > Edit Disk screen. See Disk Screens for more information on disk settings.
Pools Edit Permissions Screen
Use the Edit Permissions option on the parent dataset Dataset Actions menu to display the Edit Permissions screen. This option is only availble on the parent dataset. See Dataset Screens and Setting Up Permissions for more information on pool and dataset permissions.
Describes how to configure a dataset on TrueNAS CORE.
Use the Storage > Pools Add Dataset screen to add a dataset to your TrueNAS. A TrueNAS dataset is a file system that is created within a data storage pool. There are two settings options, BASIC OPTIONS and ADVANCED OPTIONS. Use the basic option unless you want to customize your dataset for specific uses cases.
Use SUBMIT without entering settings to quickly create a dataset with the default options or after entering settings to save and create the dataset.
Name and Options
The Name and Options fields are required to create the dataset.
Datasets typically inherit most of these settings from the root or parent dataset, only a dataset name is required before clicking SUBMIT.
Setting
Description
Name
Enter a unique identifier for the dataset. The name cannot be changed after the dataset is created.
Comments
Enter notes about the dataset.
Sync
Select an option from the dropdown list. Select Standard uses the sync settings requested by the client software. Select Always to wait for data writes to complete, or select Disabled to never wait for writes to complete.
Compression level
Select an option to encode information in less space than the original data occupies. It is recommended to choose a compression algorithm that balances disk performance with the amount of saved space: lz4 is generally recommended as it maximizes performance and dynamically identifies the best files to compress. zstd is the Zstandard compression algorithm that has several options for balancing speed and compression. gzip options range from 1 for least compression, best performance, through 9 for maximum compression with greatest performance impact. zle is a fast algorithm that only eliminates runs of zeroes. lzjb is a legacy algorithm that is not recommended for use.
Enable Atime
Select an option from the dropdown list. Inherit (off) inherits from the pool. on updates the access time for files when they are read. off disables creating log traffic when reading files to maximize performance.
Encryption
Select Inherit (non-encrypted) to inherit the root or parent dataset encryption properties. Clear the checkmark to either not encrypt the dataset or to configure encryption settings other than those used by the root or parent dataset. See Encryption for more information on encryption.
Other Options
Use the Other Options to help tune the dataset for particular data sharing protocols:
Setting
Description
ZFS Deduplication
Select an option to transparently reuse a single copy of duplicated data to save spacefrom the dropdown list. Options are Inherit (off), on, verify or off. Deduplication can improve storage capacity, but is RAM intensive. Compressing data is generally recommended before using deduplication. Deduplicating data is a one-way process. *Deduplicated data cannot be undeduplicated!
Case Sensitivity
Select an option from the dropdown list. Sensitive assumes file names are case sensitive. Insensitive assumes file names are not case sensitive. Mixed understands both types of file names. Case sensitivity cannot be changed after the dataset is created!
Share Type
Select an option from the dropdown list to define the type of data sharing the dataset uses to optimize the dataset for that sharing protocol. Options are Generic or SMB. AFP type shares use SMB unless directed to select Generic. The type of share cannot be changed after the dataset is created!
Dataset Advanced Options
Use ADVANCED OPTIONS to add additional dataset settings such as quota management tools, basic ACL permissions and a few additional Other Options settings fields.
Quota Settings for this dataset and/or this dataset and its child datasets
Setting
Description
Quota for this datset
Enter an integer to define the maximum allowed space for the dataset. 0 disables quotas.
Quota warning alert at, %
Enter an integer to generate a warning level alert when consumed space reaches the defined percentage. By default, Inherit is selected and the dataset inherits this value from the parent dataset. Clear the checkmark to change the value.
Quota critical alert at, %
Enter an integer to generate a critical level alert when consumed space reaches the defined percentage. By default, Inherit is selected and the dataset inherits this value from the parent dataset. Clear the checkmark to change the value.
Reserved space for this dataset
Enter an integer to reserve additional space for datasets that contain logs which could eventually take up all the available free space. 0 is unlimited.
Select an option from the dropdown list. On prevents the dataset being modified. Off allows users accessing the dataset to modify its contents.
Exec
Select an option from the dropdown list. On allows processes to executd from within this dataset. Off prevents processes from executing in the dataset. It is recommended to set to On.
Snapshot directory
Select an option to control visibility of the .zfs directory on the dataset. Options are Visible or Invisible.
Copies
Select an option from the dropdown list to specify the number of duplicate ZFS user data copies stored on this dataset. Choose between 1, 2, or 3 redundant data copies. This can improve data protection and retention, but is not a substitute for storage pools with disk redundancy.
Record Size
Select an option from the dropdown list for the Logical block size in the dataset. Matching the fixed size of data, as in a database, could result in better performance.
ACL Mode
Select an option from the dropdown list to determine how chmod behaves when adjusting file ACLs. See the zfsaclmode property. Passthrough only updates ACL entries that are related to the file or directory mode. Restricted does not allow chmod to make changes to files or directories with a non-trivial ACL. An ACL is trivial if it can be fully expressed as a file mode without losing any access rules. Restricted is typically used to optimize a dataset for SMB sharing, but can require further optimizations. For example, configuring an rsync task with this dataset could require adding --no-perms in the Rsync task Auxiliary Parameters field.
Metadata (Special) Small Block Size
Enter an integer for the threshold block size for including small file blocks into the special allocation class (fusion pools). Blocks smaller than or equal to this value are assigned to the special allocation class while greater blocks are assigned to the regular class. Valid values are zero or a power of two from 512B up to 1M. The default size 0 means no small file blocks are allocated in the special class. Add a special class vdev to the pool before setting this property.
Edit Datasets Screen
Use the Storage > Pools Edit Dataset screen to change setting for an existing dataset. The settings are identical to the Add Dataset screens above. to access the Edit Dataset screens, click the for a dataset and select Edit Options.
Dataset Edit Permissions Screen
Use the Storage > Pools Edit Permissions screen to change permissions settings for a parent dataset. To access the Edit Permissions screens, click the for a dataset and select Edit Options.
Displays the dataset path for the selected dataset.
Owner Settings
Setting
Description
User
Either type to search for or use dropdown list to select an existing user on the system that controls this dataset. Dropdown list displays all user on the TrueNAS system.
Apply User
Select to confirm selected user. As a check on errors, if not selected the user is not submitted.
Group
Either type to search for or use dropdown list to select an existing group on the system that controls this dataset. Dropdown list displays all user on the TrueNAS system.
Apply Group
Select to confirm selected group. As a check on errors, if not selected the group is not submitted.
Access Settings
Setting
Description
Access Mode
Select the Read, Write and Execute checkboxes for User, Group, and Other to set the permissions levels.
Advanced Settings
Setting
Description
Apply Permissions Recursively
Select to apply permissions recursively to all directories and files within the current dataset.
Traverse
Select to apply permissions recursively to all child datasets of the current dataset.
USE ACL Manager Screen
Click USE ACL MANAGER to open the ACL editor to further customize permissions. After selecting the Select a preset ACL radio buttons on the Create an ACL dialog, select a Default ACL Option from the dropdown list. Options are OPEN, Restricted or HOME. Or Create a custom ACL and then click CONTINUE to display the Edit ACL screen with the default permissions for the option you selected.
Displays the dataset path for the selected dataset.
User
Either type to search for or use dropdown list to select an existing user on the system that controls this dataset. Dropdown list displays all user on the TrueNAS system.
Apply User
Select to confirm selected user. As a check on errors, if not selected the user is not submitted.
Group
Either type to search for or use dropdown list to select an existing group on the system that controls this dataset. Dropdown list displays all user on the TrueNAS system.
Apply Group
Select to confirm selected group. As a check on errors, if not selected the group is not submitted.
Access Control List Settings - owner@, group@ and everyone@
Setting
Description
Who
Select from the dropdown list of options. Default for each of the three groups of settings is owner@, group@ and everyone@ but you can change this to either of these additional options User or Group. Selection modifies values displayed in other settings.
ACL Type
Select either Allow or Deny from the dropdown list to specify how permissions apply to the value selected in Who. Select Allow to grant the specified permissions or Deny to restrict the specified permissions.
Permissions Type
Select either Basic or Advanced from the dropdown list. Basic shows general permissions. Advanced shows each specific type of permission for finer control.
Permissions
Select the permissions to apply to the selected value in Who. The list of permissions changes based on the value selected in Permissions Type. See Permissions for more information on permissions by permissions type (Basic and Advanced).
Flags Type
Select the set of ACE inheritance flags to display. Options are Basic or Advanced. If Basic non-specific inheritance options show in the list. If Advanced the dropdown list shows specific inheritance settings for finer control.
Flags
Select how this ACE applies to newly created directories and files within the dataset. If Flag Type is set to Basic options are Inherit or No Inherit. If Flag Type is set to Advanced flags are File Inherit, Directory Inherit, No Propagate Inherit, Inherit Only, or Inherited.
Use ADD ACL ITEM to add another set of the ACL permission settings.
Select Apply permissions recursively to apply the ACL settings recursively to all directories and files in the current dataset.
Describes CORE Dataset User and Group Quota screen settings and functions.
TrueNAS allows setting data or object quotas for user accounts and groups cached on or connected to the system.
Go to Storage > Pools, find the desired dataset, and click to open the Dataset Actions menu and see the User Quota and Group Quota options.
User Quotas Screen
Clicking User Quotas from the Dataset Actions menu shows the User Quotas screen.
Setting
Description
Filter User Quotas
Enter a string to show saved quotas that match the string.
Columns
Displays options to customize the table view to add or remove information. Options are Select All, ID, Data Quota, DQ Used, DQ % Used, Object Quota, Objects Used, OQ % Used, and Reset to Defaults. After selecting Select All the option toggles to Unselect All.
Actions
Shows additional options to manage or add entries to this screen.
Actions
Setting
Description
Toggle Display
Changes the view between filter and list views. By default, only user accounts with a quota are shown (filter view). Switching to the list view shows all available users, even if the user has no quota assigned.
Set Quotas (Bulk)
Opens the Set User Quotas screen to add quotas.
User Expanded View
Click the expand_more icon to display a detailed individual user quota view.
Click the editEdit button to display the Edit User window.
Edit User Configuration Window
The Edit User window allows modifying individual user data and object quota values.
Settings
Description
User
Displays the name of the selected user.
User Data Quota (Examples: 500KiB, 500M, 2 TB)
Enter the amount of disk space the selected user can use. Entering 0 allows the user to use all disk space. You can enter human-readable values such as 50 GiB, 500M, 2 TB, etc.). If units are not specified, the value defaults to bytes.
User Object Quota
Enter the number of objects the selected user can own. Entering 0 allows unlimited objects.
Click Set Quota to save changes or Cancel to close the window without saving.
Set User Quotas Screen
Click Actions > Set Quotas (Bulk) to see the Set User Quotas screen.
Set Quotas Settings
Settings
Description
User Data Quota (Examples: 500KiB, 500M, 2 TB)
Enter the amount of disk space the selected user can use. Entering 0 allows the user to use all disk space. You can enter human-readable values such as 50 GiB, 500M, 2 TB, etc.). If units are not specified, the value defaults to bytes.
User Object Quota
Enter the number of objects the selected user can own. Entering 0 allows unlimited objects.
Apply Quotas to Selected Users Settings
Settings
Description
Select Users Cached by this System
Select the users from the dropdown list of options.
Search for Connected Users
Click in the field to see the list of users on the system or type a user name and press Enter. A clickable list displays of found matches as you type. Click on the user to add the name. A warning dialog displays if there are not matches found.
Click Submit to set the quotas or Cancel to exit without saving.
Group Quotas Screens
Clicking Group Quotas from the Dataset Actions menu shows the Edit Group Quotas screen.
The Edit Group Quotas screen displays the names and quota data of any groups cached on or connected to the system.
Setting
Description
Filter Group Quotas
Enter a string to show saved quotas that match the string.
Columns
Displays options to customize the table view to add or remove information. Options are Select All, ID, Data Quota, DQ Used, DQ % Used, Object Quota, Objects Used, OQ % Used, and Reset to Defaults. After selecting Select All the option toggles to Unselect All.
Actions
Shows additional options to manage or add entries to this screen.
Actions
Setting
Description
Toggle Display
Changes the view between filter and list views. By default, only group accounts with a quota are shown (filter view). Switching to the list view shows all available groups, even if the group has no quota assigned.
Set Quotas (Bulk)
Opens the Set Group Quotas screen to add quotas.
Group Expanded View
Click the expand_more icon to display a detailed individual group quota view.
Click the editEdit button to display the Edit Group window.
Edit Group Configuration Window
The Edit Group window allows you to modify the group data quota and group object quota values for an individual group.
Settings
Description
Group
Displays the name of the selected group(s).
Group Data Quota (Examples: 500KiB, 500M, 2 TB)
Enter the amount of disk space the selected group can use. Entering 0 allows the group to use all disk space. You can enter human-readable values such as 50 GiB, 500M, 2 TB, etc.). If units are not specified, the value defaults to bytes.
Group Object Quota
Enter the number of objects the selected group can own or use. Entering 0 allows unlimited objects.
Click Set Quota to save changes or Cancel to close the window without saving.
Set Group Quotas Screen
Click **Actions > Set Quotas (Bulk) ** to see the Set Group Quotas screen.
Set Quotas Settings
Settings
Description
Group Data Quota (Examples: 500KiB, 500M, 2 TB)
Enter the amount of disk space the selected group can use. Entering 0 allows the group to use all disk space. You can enter human-readable values such as 50 GiB, 500M, 2 TB, etc.). If units are not specified, the value defaults to bytes.
Group Object Quota
Enter the number of objects the selected group can own or use. Entering 0 allows unlimited objects.
Apply Quotas to Selected Groups Settings
Settings
Description
Select Groups Cached by this System
Select the users from the dropdown list of options.
Search for Connected Groups
Click in the field to see the list of groups on the system or type a group name and press Enter. A clickable list displays of found matches as you type. Click on the group to add the name. A warning dialog displays if there are no matches found.
Click Submit to set the quotas or Cancel to exit without saving.
Describes the fields in the Storage Pools Add Zvol screen in TrueNAS CORE.
Use the Storage > Pools Add Zvol screen to add a zvol to a pool.
Basic Options
Setting
Description
Zvol name
Enter a short name for the zvol. Using a zvol name longer than 63-characters can prevent accessing zvols as devices. For example, a zvol with a 70-character filename or path cannot be used as an iSCSI extent. This setting is required.
Comments
Enter any notes about this zvol.
Size for this zvol
Specify size and value. Units like t, TiB, and G can be used. The size of the zvol can be increased later, but cannot be reduced. If the size is more than 80% of the available capacity, the creation fails with an out of space error unless Force size is also selected.
Force size
Select to force the system to create a zvol that brings a pool to over 80% capacity (not recommended). By default, the system does not create a zvol if that operation brings the pool to over 80% capacity.
Sync
Select an option from the dropdown list that sets the data write synchronization. Inherit sets zvol to get sync settings from the parent dataset, Standard uses the sync settings requested by the client software, Always that waits for data writes to complete,or Disabled that never waits for writes to complete.
Compression level
Select a compression option from the dropdown list. Select Off to not compress data to save space. Refer to Compression for a description of the available algorithms.
ZFS Deduplication
Do not change this setting unless instructed to do so by your iXsystems support engineer.
Sparse
Select to provide thin provisioning. Use with caution as writes fail when the pool is low on space.
Read-only
Select an option from the dropdown list to set whether the zvol can be modified. Options are Inherit to get and use the parent pool or root dataset settings, On to prevent modifying the zvol, or Off to allow the zvol to be modified.
Inherit (Encryption Options)
Select to enable the zvol to use the encryption properties of the root dataset.
Selecting ADVANCED OPTIONS adds one additional setting.
Setting
Description
Block size
select the default Inherit or select from the other dropdown list options 4KiB, 8KiB, 16KiB, 32KiB, 64KiB or 128KiB. See Creating a Zvol for more information on these options and block sizes.
SUBMIT activates after all required fields are populated. Use to save settings.
Use CANCEL to exit without saving settings and display the Pools screen.
Use the Storage > Snapshots screens to create and manage snapshots on your TrueNAS.
Use the to display the Show Extra Columns dialog, and after clickng SHOW, the Snapshot screen changes to dipslay the blue COLUMNS button with options to modify the table information.
It also changes the individual snapshots listed to show the individual snapshot action options from the more_vert rather than the navigate_next expand symbol that, after clicking on it, expands the selected snapshot to show details with the action options on the bottom of the expanded view of the snapshot.
To return to the previous display click the to display the Hide Extra Columns dialog, and after clickng HIDE, the blue COLUMNS button no longer displays and the list of snapshots displays the navigate_next expand symbol.
Use ADD to display the Snapshot > Add screen.
Snapshot Add Screen
Name
Description
Dataset
Select a dataset or zvol from the dropdown list to use as the storage location for snapshots.
Name
Enter a unique name. This cannot be used with the value in Naming Schema
Naming Schema
Recursive
Select to include child datasets of the selected dataset.
Use SUBMIT to save settings.
Use CANCEL to exit without saving and display the Snapshots screen.
Snapshot Details Screen
The expanded snapshot view includes date created, space used, and the amount of data accessible by this dataset.
Name
Icon
Description
Delete
delete
Displays a delete confirmation dialog. Select Confirm to activate the DELETE* button.
Clone to New Dataset
Displays the Clone to New Dataset screen.
Rollback
restore
Displays the Dataset Rollback From Snapshot dialog.
Dataset Rollback from Snapshot Dialog
WARNING: Rolling the dataset back destroys data on the dataset and can destroy additional snapshots that are related to the dataset.
This can result in permanent data loss!
Do not roll back until all desired data and snapshots are backed up.
Name
Description
Stop Roolback if Snapshot Exists
Select the safety level for the rollback action. Select the radio button that best fits. Rollback is cancelled when the safety check finds additional snapshots that are directly related to the dataset being rolled back.
Newer intermeidate, Child, and clone
Select to stop rollback when the safety check finds any related intermediate, child dataset, or clone snapshots that are newer than the rollback snapshots.
Newer Clone
Select to stop rollbck when the safety check finds any related clone snapshots that are newer than the rollback snapshot.
No Safety Check (CAUTION)
Select to stop rollback if snapshot exists. The rollback destroys any related intermediate, child dataset, and cloned snapshots that are newer than the rollback snapshot.
Confirm
Select to confirm the selection and activate the ROLLBACK button.
See Creating Snapshots for more information on creating and managing snapshots.
Describes the fields in the VMware Snapshot screen on TrueNAS CORE.
Use Storage > VMware-Snapshots to add a VMWare snapshot that coordinates ZFS snapshots when using TrueNAS as a VMware datastore.
Name
Description
Hostname
Enter the IP address or host name of the VMware host. When clustering, use the IP address or host name of the vCenter server for the cluster.
Username
Enter a user account name created on the VMware host. The account must have permission to snapshot virtual machines.
Password
Enter the password associated with the value in Username.
ZFS Filesystem
Select a file system to snapshot from the dropdown list. Values populate from the VMWare host response.
Datastore
Select an option from the dropdown list after entering the Hostname, Username, and Password, click FETCH DATASTORES to populate the menu. Select the datastore to synchronize. Selecting a datastore also select any previously mapped datasets.
Use FETCH DATASTORES to have TrueNAS connect to the VMware host.
Describes the fields in the Disk Screens in TrueNAS CORE.
Use the Storage > Disks screen to add or manage disks in your TrueNAS.
Use the blue Columns button to display a list of options to modify the information displayed in the list of disks.
Use the arrow_forward_ios expand symbol to the right of any disk on the list to expand that disk to show settings and actions for that disk.
Disk Information Screen
The Disks individual disk information screen includes details about the disk settings and status. It also provides access to disk actions the user can take.
Use EDIT to display the Edit Disk screen.
Use MANUAL TEST to display the Manual S.M.A.R.T. Tests dialog where you can specify the type of test as LONG, SHORT, CONVEYANCE or OFFLINE.
Use S.M.A.R.T. TEST RESULTS to display the results of any S.M.A.R.T. tests executed on the system.
Use WIPE to delete obsolete data off an unused disk. This option does not display unless your disk is unused. See Wiping a Disk for more information on how to use this function.
Edit Disk Screen
The settings on the Edit Disk are the same as those on the Add Disk screen.
Settings
Description
Name
Enter the FreeBSD disk device name. For example, ada0.
Serial
Enter the serial number for this disk.
Description
Enter notes or a description for this disk. For example, where it is located or what it is used for.
HDD Standby
Select the option from the dropdown list for the minutes of inactivity before the drive enters standby mode. Select from Always On or the minutes in a range from 5 to 330. See this forum post for information on identifying spun down drives. Temperature monitoring is disabled for standby disks.
Force HDD Standby
Select to allow the drive to enter standby, even when non-physical S.M.A.R.T. operations could prevent the drive from sleeping.
Advanced Power Management
Select an option from the dropdown list to select a power management profile from the menu. Options are Disabled, Level 1 - Minimum power usage with Standby (spindown), Level 64 - Intermediate power usage with Standby, Level 127 - Maximum power usage with Standby, Level 128 - Minimum with power usage without Standby (no spindown), Level 192 - Intermediate power usage without Standby, Level 254 - Maximum performance, maximum power usage.
Acoustic Level
Select the option from the dropdown list to modify disks that understand AAM Options are Disabled, Minimum, Medium or Maximum.
Enable S.M.A.R.T.
Select to enable allowing the system to conduct periodic S.M.A.R.T. tests.
Enter a numeric value to set the threshold temperature in Celsius. If the drive temperature is higher than this value, a LOG_CRIT level log entry is created and an email i s sent. 0 disables this check.
Difference
Enter a value where the the system reports if the drive temperature changed by this many degrees Celsius since the last report. 0 disables the report.
Informational
Enter a value where the system reports if the drive temperature is at or above this temperature in Celsius. 0 disables this report.
SED Password
Use to set or change the password of this SED. This password is used insead of the global SED password.
Clear SED Password
Select to chear the SED password for this disk.
Use SAVE to save settings and return the Disks screen or use CANCEL to exit without saving.
Import Disk Screen
Use the Import Disk screen to perform a one time disk import, only one disk at a time, on you TrueNAS system.
Settings
Description
Disk
Select the disk to import from the dropdown list. The import copies the data from the selected disk to an existing ZFS dataset. Only one disk can be imported at a time. This is a required field.
Filesystem type
Select one radio button option to specity the file system type that is on the disk to import. Options are UFS, NTFS, MSDOSFS or EXT2FS.
Destination Path
Browse to locate the dataset on the TrueNAS that is to hold the copied data.
The SAVE button activates after required fields are populated.
See Import Disks for more information on importing a disk into your TrueNAS.
Reference documentation of the Directory Services screens.
Active Directory Screen: Use the AD screen to configure Active Directory (AD) on TrueNAS CORE.
Idmap Screen: Use the Idmap screen to configure Identity Mapping (Idmap) on TrueNAS CORE.
LDAP Screen: Use the LDAP screen to configure Lightweight Directory Access Protocol (LDAP) server settings on TrueNAS CORE.
NIS Screen: Use the NIS screen to configure Network Information System (NIS) on TrueNAS CORE.
Kerberos Screens: Use the Kerberos screen to configure to configure Kerberos realms and keytabs on TrueNAS CORE.
8.1 - Active Directory Screen
Use the AD screen to configure Active Directory (AD) on TrueNAS CORE.
The Active Directory (AD) service shares resources in a Windows network environment. Go to Directory Services > Active Directory to set up AD on TrueNAS. The first Active Directory screen is a list of basic options.
Basic Options
Name
Description
Domain Name
Enter the Active Directory domain (example.com) or child domain (sales.example.com). Required field.
Domain Account Name
Enter the Active Directory administrator account name. Required field.
Domain Account Password
Enter the password for the Active Directory administrator account. Required when configuring a domain for the first time. After initial configuration, the password is not needed to edit, start or stop the service.
Enable (requires password or Kerberos principle)
Enable the Active Directory services. Must enter the Domain Account Password when selecting this option for the first time.
Click ADVANCED OPTIONS to access extra options shown below.
Click REBUILD DIRECTORY SERVICE CACHE to resync the cache if it becomes out of sync. Or if fewer users than expected are available or visible in the permissions editors.
Advanced Options
Name
Description
Verbose logging
Select to log attempts to join the domain to /var/log/messages.
Allow Trusted Domains
Selected if you do not want the username to include a domain name. Clear the checkbox to force the domain names to be prepended to usernames. One possible reason to not select this value is to prevent username collisions when this is selected and there are identical usernames across multiple domains.
Use Default Domain
Leave checkbox clear to prepend the domain name to the user name. When not selected prevents name collisions when Allow Trusted Domains is set and multiple domains use the same user name.
Allow DNS Updates
Select to enable Samba to do DNS updates when joining a domain.
Disable FreeNAS Cache
Select to disable caching AD users and groups. This can help when unable to bind to a domain with a large number of users or groups.
Restrict PAM
Select to restrict SSH access in certain circumstances. When selected only members of BUILTIN\Administrators have SSH access.
Site Name
Enter the relative distinguished name of the site object in the Active Directory.
Kerberos Realm
Select an existing realm added in Directory Services > Kerberos Realms.
Kerberos Principal
Select the location of the principal in the keytab. Keytab created in Directory Services > Kerberos Keytabs.
Computer Account OU
The organizational unit where new computer accounts get created. OU strings read from top to bottom without RDNs. Use slashes (/) as delimiters, like Computers/Servers/NAS. Use the backslash (\) to escape characters but not as a separator. Backslash interpretation takes place at many levels. Backslashes might need doubling or even quadrupling to take effect. When left blank, new computer accounts get created in the Active Directory default OU.
AD Timeout
Number of seconds before timeout. To view the AD connection status, open the interface Task Manager.
DNS Timeout
Number of seconds before a timeout. Increase this value if AD DNS queries time out.
Winbind NSS Info
Select the schema to use when querying AD for user/group info from the dropdown list. rfc2307 uses the schema support included in Windows 2003 R2. sfu is for Service For Unix 3.0 or 3.5. sfu20 is for Service For Unix 2.0.
Netbios Name
The Netbios name of this NAS is truenas. This name must differ from the Workgroup name and be no greater than 15 characters.
NetBIOS alias
Alternative names that SMB clients can use when connecting to this NAS. Can be no greater than 15 characters.
LEAVE DOMAIN
Disconnects the TrueNAS system from the Active Directory.
Click SAVE to save settings.
Click BASIC OPTIONS to return to the Active Directory display of basic options only.
Click EDIT IDMAP to navigate to the Directory Services > Idmap screen.
Click REBUILD DIRECTORY SERVICE CACHE to resync the cache if it becomes out of sync. Or if fewer users than expected are available in the permissions editors.
Use the Idmap screen to configure Identity Mapping (Idmap) on TrueNAS CORE.
On a system running Unix or a Unix-like OS, Idmap acts as a translator. Windows Security Identifier (SID)s convert to a user ID (UID) and group ID (GID). Use the Identity Mapping (Idmap) screen to configure Idmap service on the TrueNAS.
Click Edit IDMAP on the Active Directory > Advanced Options screen. The Edit Idmap screen displays. It lists all domains configured on the TrueNAS.
You can customize the information displayed in the Idmap table. Click the blue COLUMNS button to display a dropdown list of options. A check mark next to the option name means the column is currently visible. Select from Unselect All, Backend, DNS Domain Name, Range Low, Range High, Certificate or Reset to Defaults.
Click ADD to open the Idmap Add screen. Enable Active Directory before attempting to add new domains.
Click the more_vert icon to display the options for each domain, Edit or Delete.
Idmap Settings
Name
Description
Idmap Backend
Select the plugin interface for Windbind to use from the dropdown list. Plugin interfaces for Windbind use varying backends. These backends store SID/uid/gid mapping tables. The correct setting depends on the NAS deployment environment.
Name
Enter the pre-Windows 2000 domain name or select from the dropdown list.
DNS Domain Name
Enter the DNS name of the domain.
Range Low
Determines the range of UID/GID numbers which this Idmap backend translates. External credentials like a Windows SID must map to a UID or GID number inside this range. Ignores external credentials outside this range.
Range High
Determines the range of UID/GID numbers which this Idmap backend translates. External credentials like a Windows SID must map to a UID or GID number inside this range. Ignores external credentials outside this range.
SSSD Compat
Select to generate Idmap low range based on same algorithm that SSSD uses by default.
Click SAVE to save settings and return to the Idmap screen.
Click CANCEL to exit without saving and return to the Idmap screen.
Use the LDAP screen to configure Lightweight Directory Access Protocol (LDAP) server settings on TrueNAS CORE.
Lightweight Directory Access Protocol (LDAP) is an industry standard. Directory information services deployed over an Internet Protocol (IP) network can use LDAP. Configure LDAP server settings on your TrueNAS using the Directory Services > LDAP screen.
Click SAVE to save settings.
Click ADVANCED OPTIONS to display extra LDAP configuration options.
Click REBUILD DIRECTORY SERVICE CACHE to resync the cache if it becomes out of sync. Or if fewer users than expected are available in the permissions editors.
Basic Options
Name
Description
Hostname
Enter the LDAP server host names or IP addresses. Separate entries with an empty space. To create an LDAP failover priority list, enter more than one host name or IP address. If a host does not respond, the system tries the next host on the list. This continues until the new connection succeeds.
Base DN
Top level of the LDAP directory tree to use when searching for resources. For example, dc=test,dc=org.
Bind DN
Enter an administrative account name on the LDAP server. For example, cn=Manager,dc=test,dc=org.
Bind Password
Enter the password for the administrative account in Bind DN.
Enable
Select to activate the configuration. Leave checkbox clear to disable the configuration without deleting it.
Advanced Options
Name
Description
Allow Anonymous Binding
Select to disable authentication and allow read and write access to any client.
Kerberos Realm
Select an option configured on your system from the dropdown list.
Kerberos Principle
Select an option configured on your system from the dropdown list.
Encryption Mode
Select an encryption mode for the LDAP connection from the dropdown list. Select OFF to not encrypt the LDAP connection. Select ON to encrypt the LDAP connection with SSL on port 636. Select START_TLS to encrypt the LDAP connection with STARTTLS. This option uses the default LDAP port 389.
Certificate
A certificate is not required when using a username and password. A certificate is not required when using Kerberos authentication. Select a certificate added to your system from the dropdown list. The default option is freenas_default. Or add a new LDAP certificate-based authentication for the LDAP provider to sign. See Certificate Signing Requests for more information.
Validate Certificates
Select to validate the authenticity of the certificate.
Disable LDAP User/Group Cache
Select to disable caching LDAP users and groups in large LDAP environments. When disabled, LDAP users and groups do not display on dropdown lists. They are still accepted when typed into fields.
LDAP timeout
Default value is 10 seconds. Increase if Kerberos ticket queries are not responding within the default time.
DNS timout
Default value is 10 seconds. Increase if DNS queries take too long to respond.
Samba Schema (DEPRECATED - see help text)
Samba 4.13.0 deprecated Samba Schema. Select if SMB shares need LDAP authentication and the LDAP server is already configured with Samba attributes. If selected, specify the type of schema from the Schema dropdown list.
Use the NIS screen to configure Network Information System (NIS) on TrueNAS CORE.
NIS is a client–server directory service protocol. Usage scenarios include the distribution of user and host names between networked computers.
Use the Directory Services > NIS screen to configure Network Information Service on your TrueNAS.
NIS is limited in scalability and security.
For modern networks, LDAP has replaced NIS.
Name
Description
NIS Domain
Enter a name and list any NIS domain host names or IP addresses. Press Enter to separate server entries.
NIS Servers
Enter a name and list any NIS server host names or IP addresses. Press Enter to separate server entries.
Secure Mode
Select to have ypbind(8) refuse to bind to any NIS server not running as root on a TCP port over 1024.
Manycast
Select for ypbind to bind to the fastest responding server.
Enable
Select to enable the configuration. Leave checkbox clear to disable the configuration without deleting it.
Click SAVE to save configuration settings.
Click REBUILD DIRECTORY SERVICE CACHE to resync the cache if it becomes out of sync. Or if fewer users than expected are available in the permissions editors.
Use the Kerberos screen to configure to configure Kerberos realms and keytabs on TrueNAS CORE.
Kerberos is an authentication protocol. It allows nodes on a network to perform identity checks in a secure manner.
Kerberos uses realms and keytabs to authenticate clients and servers.
Go to Directory Services > Kerberos to configure Kerberos. These screens configure Kerberos realms and keytabs on your TrueNAS.
Both Kerberos Realms and Kerberos Keytabs display a table of what is currently on the system.
Click the blue Columns button to display a list of options. These options customize the table display. This button is available for both the realms and keytabs screens.
Click ADD to display the settings screens for either realms or keytabs.
Select Kerberos Settings to open the settings screen but no table.
Kerberos Realms
Your network must contain a Key Distribution Center (KDC) to add a realm.
A Kerberos realm is an authorized domain that a Kerberos server can use to authenticate a client.
By default, TrueNAS creates a Kerberos realm for the local system.
Click ADD to create a realm on the TrueNAS. Click SUBMIT to save changes.
Basic Options
Name
Description
Realm
Enter a name for the realm.
Advanced Options
Name
Description
KDC
Enter the name of the Key Distribution Center. If there is more than one value separate the values by pressing Enter.
Admin Server
Define the server that performs all changes to the database. If there is more than one value separate the values by pressing Enter.
Password Server
Define the server that performs all password changes. If there is more than one value separate the values by pressing Enter.
Kerberos Keytabs
A keytab (key table) is a file that stores encryption keys for various authentication scenarios.
Kerberos keytabs allow systems and clients to join an Active Directory or LDAP. Keytabs make it possible to join without entering a password.
After generating the keytab, use the Add Kerberos Keytab screen to add it to your TrueNAS.
Kerberos Keytab
Name
Description
Name
Enter a name for the keytab.
Choose File
Opens a file explorer window where you can locate and select the keytab file.
Click SUBMIT to save settings or CANCEL to exit without saving.
Kerberos Settings
Use the Directory Services > Kerberos Settings screen to enter any extra settings.
Reference documentation for all screens within the Sharing menu option.
File sharing is a core benefit of a NAS. TrueNAS helps foster collaboration between users through network shares. TrueNAS can use AFP, iSCSI shares, Unix NFS shares, Windows SMB shares, and WebDAV shares.
AFP Share Screen: Provides information about the AFP Share screen in TrueNAS CORE.
Block Shares (iSCSI): Provides information about iSCSI terminology and configuration for TrueNAS CORE.
iSCSI Shares: Describes how to configure iSCSI block share on TrueNAS CORE.
Fibre Channel: Provides information about using Fibre Channel with TrueNAS CORE.
NFS Share Screen: Use the NFS share screen to configure Network File System (NFS) shares on your TrueNAS.
WebDAV Screen: Use the Sharing WebDAV screen to configure Web Distributed Authoring and Versioning (WebDAV) on your TrueNAS.
SMB Share Screen: Desctibes the SMB sharing screen in TrueNAS CORE
9.1 - AFP Share Screen
Provides information about the AFP Share screen in TrueNAS CORE.
Apple Filing Protocol (AFP) facilitates workgroup and Internet file sharing. It does this in a mixed-platform environment. Go to Sharing > AFP to set up an AFP share. Click ADD to edit AFP share settings.
AFP share creation is deprecated in CORE 13.0. A Recommendation dialog displays when accessing this screen and suggests sharing data with a different protocol.
Click CREATE AN SMB SHARE to display the SMB BASIC OPTIONS configuration screen.
Click CONTINUE WITH AFP SETUP to continue to the AFP > ADDBASIC OPTIONS configuration screen.
Click ADVANCED OPTIONS to display extra configuration settings. These configuration settings allow modifying the share Permissions and adding a Description. You can also specify any Auxiliary Parameters.
General Options
These settings display on the BASIC OPTIONS screen.
Name
Description
Path
Browse to the pool or dataset to share. Netatalk does not fully support nesting additional pools, datasets, or symbolic links beneath this path.
Name
The pool name that appears in the connect to server dialog of the computer. This is a required field.
Time Machine
Select to advertise TrueNAS as a Time Machine disk so Macs can find it. Configuring multiple shares for Time Machine use is not recommended. When multiple Macs share the same pool, low disk space issues and failed backups can occur.
Use as Home Share
Select to allow the share to host user home directories. Only one share can be the home share.
Enabled
Select to enable this AFP share. Clear checkmark to disable this AFP share without deleting it.
Permissions
These settings display on the BASIC OPTIONS screen and after clicking ADVANCED OPTIONS.
Name
Description
Default Umask
Umask used for newly created files. Default is 000. This means anyone can read, write, and execute.
File Permissions
Only works with Unix ACLs. New files created on the share are set with the selected permissions.
Directory Permissions
Only works with Unix ACLs. New directories created on the share are set with the selected permissions.
AFP3 Unix Privs
Select to enable Unix privileges supported by OSX 10.5 and higher. Do not enable this if the network contains Mac OSX 10.4 clients or lower as they do not support this feature. Only works with Unix ACLs.
Allow
Comma-delimited list of allowed users and/or groups where groupname begins with a @. Note that adding an entry denies any user or group that is not specified.
Read Only
Comma-delimited list of allowed users and/or groups where groupname begins with a @. Note that adding an entry denies any user or group that is not specified.
Allow Hosts
Allow host names or IP addresses to connect to the share. Click ADD to add multiple entries. If neither Allow Hosts or Deny Hosts contains an entry, then allow AFP share access for any host. If there is an entry in Allow Hosts list but none in Deny Hosts list, then only allow hosts on the Allow Hosts list. If there is a entry in Deny Hosts list but none in Allow Hosts list, then allow all hosts that are not on the Deny Hosts list. If there are entries in both Allow Hosts and Deny Hosts list, then allow all hosts that are on the Allow Hosts list. If there is a host not on the Allow Hosts and not on the Deny Hosts list, then allow it.
Deny
Comma-delimited list of allowed users and/or groups where groupname begins with a @. Note that adding an entry allows any user or group that is not specified.
Read/Write
Comma-delimited list of allowed users and/or groups where groupname begins with a @. Note that adding an entry allows any user or group that is not specified.
Deny Hosts
Deny host names or IP addresses access to the share. Click ADD to add multiple entries. If neither Allow Hosts or Deny Hosts contains an entry, then allow AFP share access for any host. If there is an entry in Allow Hosts list but none in Deny Hosts list, then only allow hosts on the Allow Hosts list. If there is an entry in Deny Hosts list but none in Allow Hosts list, then allow all hosts that are not on the Deny Hosts list. If there are entries in both Allow Hosts and Deny Hosts list, then allow all hosts that are on the Allow Hosts list. If there is a host not on the Allow Hosts and not on the Deny Hosts list, then allow it.
Other Options
These settings display after clicking ADVANCED OPTIONS.
Name
Description
Descriptions
Optional description.
Zero Device Number
Select to enable when the device number is inconstant across a reboot.
No Stat
Select to allow AFP to not stat the pool path when enumerating the pools list. This is useful for automounting or pools created by a preexec script.
Auxiliary Parameters
Additional afp.conf parameters not covered by other option fields.
Click SUBMIT to save settings and create the share.
Click CANCEL to exit the Add screen without saving and return to the AFP screen.
To edit an existing AFP share, go to Sharing > Apple Shares (AFP) and click .
Provides information about iSCSI terminology and configuration for TrueNAS CORE.
Internet Small Computer Systems Interface (iSCSI) represents standards for using Internet-based protocols for linking binary data storage device aggregations.
IBM and Cisco submitted the draft standards in March 2000. Since then, iSCSI has seen widespread adoption into enterprise IT environments.
iSCSI functions through encapsulation. The Open Systems Interconnection Model (OSI) encapsulates SCSI commands and storage data within the session stack. The OSI further encapsulates the session stack within the transport stack, the transport stack within the network stack, and the network stack within the data stack.
Transmitting data this way permits block-level access to storage devices over LANs, WANs, and even the Internet itself (although performance may suffer if your data traffic is traversing the Internet).
The table below shows where iSCSI sits in the OSI network stack:
OSI Layer Number
OSI Layer Name
Activity as it relates to iSCSI
7
Application
An application tells the CPU that it needs to write data to non-volatile storage.
6
Presentation
OSI creates a SCSI command, SCSI response, or SCSI data payload to hold the application data and communicate it to non-volatile storage.
5
Session
Communication between the source and the destination devices begins. This communication establishes when the conversation starts, what it talks about, and when the conversion ends. This entire dialogue represents the session. OSI encapsulates the SCSI command, SCSI response, or SCSI data payload containing the application data within an iSCSI Protocol Data Unit (PDU).
4
Transport
OSI encapsulates the iSCSI PDU within a TCP segment.
3
Network
OSI encapsulates the TCP segment within an IP packet.
2
Data
OSI encapsulates the IP packet within the Ethernet frame.
1
Physical
The Ethernet frame transmits as bits (zeros and ones).
Unlike other sharing protocols on TrueNAS, an iSCSI share allows block sharing and file sharing.
Block sharing provides the benefit of block-level access to data on the TrueNAS.
iSCSI exports disk devices (zvols on TrueNAS) over a network that other iSCSI clients (initiators) can attach and mount.
Challenge-Handshake Authentication Protocol (CHAP): an authentication method that uses a shared secret and three-way authentication to determine if a system is authorized to access the storage device. It also periodically confirms that the session has not been hijacked by another system. In iSCSI, the client (initiator) performs the CHAP authentication.
Mutual CHAP: a CHAP type in which both ends of the communication authenticate to each other.
Internet Storage Name Service (iSNS): protocol for the automated discovery of iSCSI devices on a TCP/IP network.
Extent: the storage unit to be shared. It can either be a file or a device.
Portal: indicates which IP addresses and ports to listen on for connection requests.
Initiators and Targets: iSCSI introduces the concept of initiators and targets which act as sources and destinations respectively. iSCSI initiators and targets follow a client/server model. Below is a diagram of a typical iSCSI network. The TrueNAS storage array acts as the iSCSI target and can be accessed by many of the different iSCSI initiator types, including software and hardware-accelerated initiators.
The iSCSI protocol standards require that iSCSI initiators and targets is represented as iSCSI nodes. It also requires that each node is given a unique iSCSI name. To represent these unique nodes via their names, iSCSI requires the use of one of two naming conventions and formats, IQN or EUI. iSCSI also allows the use of iSCSI aliases which are not required to be unique and can help manage nodes.
Logical Unit Number (LUN): LUN represents a logical SCSI device. An initiator negotiates with a target to establish connectivity to a LUN. The result is an iSCSI connection that emulates a connection to a SCSI hard disk. Initiators treat iSCSI LUNs as if they were a raw SCSI or SATA hard drive. Rather than mounting remote directories, initiators format and directly manage filesystems on iSCSI LUNs. When configuring multiple iSCSI LUNs, create a new target for each LUN. Since iSCSI multiplexes a target with multiple LUNs over the same TCP connection, there can be TCP contention when more than one target accesses the same LUN. TrueNAS supports up to 1024 LUNs.
Jumbo Frames: Jumbo frames are the name given to Ethernet frames that exceed the default 1500 byte size. This parameter is typically referenced by the nomenclature as a maximum transmission unit (MTU). A MTU that exceeds the default 1500 bytes necessitates that all devices transmitting Ethernet frames between the source and destination support the specific jumbo frame MTU setting, which means that NICs, dependent hardware iSCSI, independent hardware iSCSI cards, ingress and egress Ethernet switch ports, and the NICs of the storage array must all support the same jumbo frame MTU value. So, how does one decide if they should use jumbo frames?
Administrative time is consumed configuring jumbo frames and troubleshooting if/when things go sideways. Some network switches might also have ASICs optimized for processing MTU 1500 frames while others might be optimized for larger frames. Systems administrators should also account for the impact on host CPU utilization. Although jumbo frames are designed to increase data throughput, it may measurably increase latency (as is the case with some un-optimized switch ASICs); latency is typically more important than throughput in a VMware environment. Some iSCSI applications might see a net benefit running jumbo frames despite possible increased latency. Systems administrators should test jumbo frames on their workload with lab infrastructure as much as possible before updating the MTU on their production network.
TrueNAS Enterprise
Asymmetric Logical Unit Access (ALUA): ALUA allows a client computer to discover the best path to the storage on a TrueNAS system. HA storage clusters can provide multiple paths to the same storage. For example, the disks are directly connected to the primary computer and provide high speed and bandwidth when accessed through that primary computer. The same disks are also available through the secondary computer, but speed and bandwidth are restricted. With ALUA, clients automatically ask for and use the best path to the storage. If one of the TrueNAS HA computers becomes inaccessible, the clients automatically switch to the next best alternate path to the storage. When a better path becomes available, as when the primary host becomes available again, the clients automatically switch back to that better path to the storage.
Do not enable ALUA on TrueNAS unless it is also supported by and enabled on the client computers. ALUA only works when enabled on both the client and server.
iSCSI Configuration Methods
There are a few different approaches for configuring and managing iSCSI-shared data:
TrueNAS CORE web interface: the TrueNAS web interface is fully capable of configuring iSCSI shares. This requires creating and populating zvol block devices with data, then setting up the iSCSI Share. TrueNAS Enterprise licensed customers also have additional options to configure the share with Fibre Channel.
TrueNAS SCALE web interface: TrueNAS SCALE offers a similar experience to TrueNAS CORE for managing data with iSCSI; create and populate the block storage, then configure the iSCSI share.
TrueNAS Enterprise
TrueNAS Enterprise customers that use vCenter to manage their systems can use the TrueNAS vCenter Plugin to connect their TrueNAS systems to vCenter and create and share iSCSI datastores. This is all managed through the vCenter web interface.
For more information on iSCSI shares also see:
iSCSI Shares: Describes how to configure iSCSI block share on TrueNAS CORE.
Fibre Channel: Provides information about using Fibre Channel with TrueNAS CORE.
9.2.1 - iSCSI Shares
Describes how to configure iSCSI block share on TrueNAS CORE.
Users can configure an iSCSI block share using either the wizard or the individual configuration screens. The wizard steps users through the configuration process in an ordered sequence. Using the seven tabs on the iSCSI screen allows users to configure settings in any order they choose (a manual process).
iSCSI Wizard Configuration Screens
The iSCSI Wizard configuration forms guide users through the process of setting up an iSCSI block share. Click WIZARD to display the first configuration screen.
Wizard Navigation
Use Next to advance to the next wizard configuration form.
Use Back to return to a previous wizard configuration form.
Use Cancel to exit the configuration wizard.
Create or Choose Block Device
Setting
Description
Name
Type a lower case alphanumeric character string that can include a dot (.), dash (-), or colon (:). Keep the string short and do not exceed 63 characters.
Extent Type
Choose either Device or File. If selecting Device use a zvol created for the share. If selecting File also select the path to the extent and include the file size.
Device
Required field. Create New or select from devices listed
Sharing Platform
Select from the options provided: VMware: extent block size 512b, TCP enabled, no Xen compat mode, SSD speed Xen: Extent block size 512b, TCP enabled, Xen compat mode enabled, SSD speed Legacy OS: Extent block size 512b, TCP enabled, no Xen compat mode, SSD speed Modern OS: Extent block size 4k, TCP enabled, no Xen compat mode, SSD speed Use Moderon OS for updated operating systems like Linux OS.
Portal
The Wizard Portal configuration form includes only the Portal field unless you select Create New on the dropdown list.
Setting
Description
Portal
Select either Create New or an existing portal from the dropdown list. Selecting Create New displays the Discovery Authentication Method, Discovery Authentication Group, IP Address and Port fields.
Discovery Authentication Method
Required if creating a new portal. Select either NONE, CHAP or Mutual CHAP from the dropdown list. If NONE you can leave Discovery Authentication Group set to NONE as well.
Discovery Authentication Group
Required if the discovery authentication method is set to CHAP or MUTUAL CHAP. Select either NONE or Create New on the dropdown list. If Discovery Authentication Method is set to NONE you can select NONE here but if Discovery Authentication Method is set to CHAP or MUTUAL CHAP select CREATE NEW. This displays the Group ID, User, Secret and Secret (Confirm) configuration fields.
Group ID
Displays after selecting Create New in the Discovery Authentication Group field. Group IDs allow you to configure different groups with different authentication profiles. For example, all users with a group ID of 1 inherits the authentication profile associated with group 1. Type a number for the group ID.
User
Displays after selecting Create New in for the discovery authentication group. Type the name of the user account to create for the CHAP authentication with the user on the remote system. For example, you could use the initiator name as the user name.
Secret
Displays after selecting Create New as the discovery authentication group. Type a user password of at least 12 but no more than 16 characters.
Secret (Confirm)
Displays after selecting Create New as the discovery authentication group. Retype the user password entered into the Secret field. Click the icon to display the characters you typed to verify you typed the desired password string. Click to hide the password string.
IP Address
Select the IP address from the dropdown list. This is the IP address to list on the portal. Click ADD to add more IP addresses if desired or necessary. Click DELETE to remove any IP addresses and ports you added after clicking ADD. Use 0.0.0.0 to listen on all IPv4 addresses or use :: to listen on all IPv6 IP addresses.
Port
Type the TCP port used to access the iSCSI target. The default port is 3260.
ADD
Saves the selected IP address and allows the user to add another IP address. New IP address and port entry fields includes the DELETE button allows you to remove the new entry if necessary.
DELETE
Displays after clicking ADD. Removes the new IP address and port line created after clicking ADD.
Initiator
Setting
Description
Initiators
Leave blank to allow all host names or to enter a list of initiator host names. Use the keyboard Enter after entering each host name to save.
Authorized Networks
Network addresses allowed to use this initiator. Leave blank to allow all networks or list all network addresses with a CIDR mask. Separate each entry with the keyboard Enter.
Confirm Options Form
Use Back to return to a previous configuration form to make any changes on that form.
Use SUBMIT to save the settings and the new iSCSI share.
Manual Setup Screens
The manual configuration screens allow you to add or edit an iSCSI block share.
There are seven configuration screens accessed from tabs at the top of the iSCSI screen.
Unlike the wizard configuration option, you can move from one screen to another in any sequence.
The Target Global Configuration screen allows user to add or edit global configuration settings that apply to all iSCSI shares.
Setting
Description
Base Name
Lowercase alphanumeric characters plus dot (.), dash (-), and colon (:) are allowed. See the “Constructing iSCSI names using the iqn.format” section of RFC3721.
ISNS Servers
Host names or IP addresses of the ISNS servers to register with the iSCSI targets and portals of the system. Use keyboard Enter. to separate entries.
Pool Available Space Threshold (%)
Generates an alert when the pool has this percent space remaining. It is typical to configure this at the pool level when using zvols or at the extent level for both file and device-based extents.
Click SAVE before leaving the global configuration settings screen.
The Portals screen displays a list of configured portals. It lets users create new portals or edit the existing ones in the list.
Use the blue Columns dropdown list to display a list of available options to add or remove columns in the Portals table. Select from Unselect All, Listen, Description, Discovery Auth Method, Discover Auth Group or Reset to Defaults to reverse any changes you made to the table.
Use ADD to display the Portals Add configuration form.
Click the more_vert icon for the portal and select Edit to display the Portal Edit configuration form.
Both the Add and Edit forms have the same settings fields.
Basic Info
Setting
Description
Description
Optional description. Portals are automatically assigned a numeric group.
Authentication Method and Group
Setting
Description
Discovery Authentication Method
iSCSI supports multiple authentication methods that the target uses to discover valid devices. None allows anonymous discovery while CHAP and Mutual CHAP require authentication.
Discovery Authentication Group
Group ID created in Authorized Access. Required when the discovery authentication method is CHAP or Mutual CHAP.
IP Address
Setting
Description
IP Address
Select the IP addresses the portal uses to listened on. Click ADD to add IP addresses with a different network port. 0.0.0.0 listens on all IPv4 addresses and :: listens on all IPv6 addresses.
Port
TCP port used to access the iSCSI target. Default is 3260.
ADD
Adds another IP address row.
The Initiators Groups screen displays a lis of configured initiators. It lets users create new authorized access client groups or edit existing ones on the list.
Use the blue Columns dropdown list to display a list of available options to add or remove columns in the Initiator Groups table. Select from Unselect All, Initiators, Authorized Networks, Description or Reset to Defaults to reverse any changes you made to the table.
Use ADD to display the Initiators Add configuration screen.
Click the more_vert icon for the initiator and select Edit to display the Initiators Edit configuration form.
Both the Add and Edit forms have the same settings fields.
Setting
Description
Connected Initiators
Initiators currently connected to the system, displayed in the IQN format with an IP address. Set initiators and click an to add the initiators to either the Allowed Initiators or Authorized Networks lists. Click Refresh to update the list of connected initiators.
Allow All Initiators
Allows all initiators when selected. If not selected, configure your own allowed initiators and authorized networks.
Allowed Initiators (IQN)
Initiators allowed access to this system. Enter an iSCSI Qualified Name (IQN) and click the to add it to the list. Example: iqn.1994-09.org.freebsd:freenas.local.
Authorized Networks
Network addresses allowed use this initiator. Each address can include an optional CIDR netmask. Click to add the network address to the list. Example: 192.168.2.0/24.
Description
Enter any notes about initiators.
REFRESH
Refreshes the list displayed in Connected Initiators.
SAVE
Saves changes made on the Add or Edit initiator screens.
CANCEL
Discards changes made on and closes the Add or Edit initiator screens.
The Authorized Access screen displays a list of authorized access networks. It lets users create new authorized access networks or edit existing ones in the list.
Use the blue Columns dropdown list to display a list of available options to add or remove columns in the Initiator Groups table. Select from Unselect All, User, Peer User or Reset to Defaults to reverse any changes you made to the table.
Use ADD to display the Authorized Access Add configuration screen.
Click the more_vert icon for the authorized access and select Edit to display the Authorized Access Edit configuration form.
Both the Add and Edit forms have the same settings fields.
Group
Setting
Description
Group ID
Allow you to configure different groups with different authentication profiles. For example, all users with a group ID of 1 inherit the authentication profile associated with Group 1.
User
Setting
Description
User
User account to create for CHAP authentication with the user on the remote system. Many initiators use the initiator name as the user name.
Secret
User password of at least 12 but no more than 16 characters. Click the icon to display the characters you typed to verify you typed the desired password string. Click to hide the password string.
Secret (Confirm)
Confirm the user password.
Peer User
Setting
Description
Peer User
Only entered when configuring mutual CHAP. Usually the same value as User.
Peer Secret
Mutual secret password. Required when Peer User is set up. Must be different than the password used in Secret. Click the icon to display the characters you typed to verify you typed the desired password string. Click to hide the password string.
Peer Secret (Confirm)
Confirm the mutual secret password.
The Targets screen displays a list of storage resources configured in the system. It lets users create new TrueNAS storage resources or edit existing ones in the list.
Use the blue Columns dropdown list to display a list of available options to add or remove columns in the Targets table. Select from Unselect All, Target Alias or Reset to Defaults to reverse any changes you made to the table.
Use ADD to display the Targets Add configuration screen.
Click the more_vert icon for the target and select Edit to display the Targets Edit configuration form.
Both the Add and Edit forms have the same settings fields.
Basic Info
Setting
Description
Target Name
The base name for the target. It is automatically prepended if the target name does not start with iqn. Allowed characters are lowercase alphanumeric characters plus dot (.), dash (-), and colon (:). See the “Constructing iSCSI names using the iqn.format” section of RFC3721.
Target Alias
Optional user-friendly name for the Target Name.
iSCSI Group
Setting
Description
Portal Group ID
Leave empty or select an existing portal to use. If you click the dropdown arrow, you must select a portal group ID from the list.
Initiator Group ID
Select the existing initiator group that has access to the target. Leave empty if Portal Group ID is empty.
Authentication Method
Select None, CHAP, or Mutual CHAP.
Authentication Group Number
Select None or an integer. This value represents the number of existing authorized accesses.
The Extents screen displays a list of available shared storage units configured on the system. It lets users create new shared storage units or edit existing ones in the list.
Use the blue Columns dropdown list to display a list of available options to add or remove columns in the Extents table. Select from Unselect All, Description, Serial, NAA, Enabled or Reset to Defaults to reverse any changes you made to the table.
Use ADD to display the Extents Add configuration screen.
Click the more_vert icon for the shared storage unit and select Edit to display the Extents Edit configuration form.
Both the Add and Edit forms have the same settings fields.
Basic Info
Setting
Description
Name
Name of the extent. An extent with a size of zero can be an existing file within the pool or dataset. An extent with a size other than zero cannot be an existing file within the pool or dataset.
Description
Type any notes about this extent.
Enabled
Select to enable the iSCSI extent.
Type
Setting
Description
Extent Type
Specify the storage unit type. Select Device or File from the dropdown list. Device provides virtual storage access to zvols, zvol snapshots, or physical devices. File provides virtual storage access to a single file.
Device
Only displays only if Device is the selected in Extent Type. Select the unformatted disk, controller, or zvol snapshot.
Path to the Extent
Only displays if the Extent Type is set to File. Browse to an existing file. Create a new file by browsing to a dataset and appending /{filename.ext} to the path. Users cannot create extents inside a jail root directory.
Filesize
Only displays if the Extent Type is set to File. Enter 0 to use the actual file size and it requires that the file already exists. Otherwise, specify the file size for the new file.
Logical Block Size
Leave at the default of 512 unless the initiator requires a different block size. Select from 512, 1024, 2048 or 4096 on the dropdown list.
Disable Physical Block Size Reporting
Select if the initiator does not support physical block size values over 4K (MS SQL).
Compatibility
Setting
Description
Enable TPC
Select to allow an initiator to bypass normal access control and access any scannable target. This allows xcopy operations that are otherwise blocked by access control.
Xen initiator compat mode
Select when using Xen as the iSCSI initiator.
LUN RPM
Do not change this setting when using Windows as the initiator! Only change the default SSD setting if in a large environment where you need a number of systems using a specific RPM for accurate reporting statistics. Options are SSD, 5400, 7200, 10000 or 15000.
Read-only
Select to prevent the initiator from initializing this LUN.
The Associated Targets screen displays a list of associated TrueNAS storage resources configured on the system. It lets users create new associated TrueNAS storage resources or edit existing ones in the list.
Use the blue Columns dropdown list to display a list of available options to add or remove columns in the Associated Targets table. Select from Unselect All, LUN ID, Extent or Reset to Defaults to reverse any changes you made to the table.
Use ADD to display the Associated Targets Add configuration screen.
Click the more_vert icon for the associated TrueNAS storage resource and select Edit to display the Associated Targets Edit configuration form.
Both the Add and Edit forms have the same settings fields.
Setting
Description
Target
Select an existing target. This is a required field.
LUN ID
Select the value or enter a value between 0 and 1023. Some initiators expect a value below 256. Leave this field blank to automatically assign the next available ID.
Extent
Select an existing extent. This is a required field.
Provides information about using Fibre Channel with TrueNAS CORE.
TrueNAS Enterprise
Fibre Channel is an Enterprise feature in TrueNAS CORE.
Only TrueNAS systems licensed for Fibre Channel have the Fibre Channel Ports tab on the Sharing > Block Shares (iSCSI) screen.
Fibre Channel is a high-speed data transfer protocol providing in-order, lossless delivery of raw block data.
Fibre Channel is primarily used to connect computer data storage to servers in storage area networks in commercial data centers.
The Fibre Channel protocol is fast, cost effective, and reliable over a wide variety of storage workloads.
Initiators and Authorized Access screens only apply to iSCSI block shares and can be ignored when configuring Fibre Channel ports.
Fibre Channel Ports
The Fibre Channel Ports screen displays a table of ports configured on the TrueNAS.
Use the blue Columns button to display options to can change the Fibre Channel table display. Options are Unselect All, WWPN, State or Reset to Defaults.
Click chevron_right to expand the Fibre Channel Ports options.
Fibre Channel Mode Settings
The Mode radio buttons display additional information on the screen based on the selection made.
Name
Description
Initiator
Sets the port as an initiator. Displays Connected Initiators on the right side of the screen for the selected target.
Target
Sets the port as a target. Dipslays the Targets dropdown list field on the right side of the screen. Select the port from the list. Connected Initiators for the selected target display below the dropdown field.
Disabled
Disables the selected Fibre Channel port.
SAVE after making any setting change.
Targets Settings for Fibre Channels
The Targets > Add screen Target Mode dropdown list includes options to select iSCSI, Fibre Channel, or Both.
Associated Target Settings for Fibre Channels
The Targets > Add screen Target Mode dropdown list includes options to select iSCSI, Fibre Channel, or Both.
Use the NFS share screen to configure Network File System (NFS) shares on your TrueNAS.
Unix and Unix-like operating systems often use the Network File System (NFS) protocol. NFS shares data across a network as part of a distributed file system. Go to Sharing > Unix Shares (NFS) to access the NFS screen to create a Network File System (NFS) share on TrueNAS.
Click COLUMNS to change the NSF table view. Options include Unselect All, Description, Enabled or Reset to Defaults.
Click ADD to open the BASIC OPTIONS configuration screen.
NFS Share Basic Option Settings
Name
Description
Path
Type or browse to the full path to the pool or dataset to share. Click ADD to add another Path setting field. Repeat to configure multiple paths.
Description
Enter any notes or reminders about the share.
All dirs
Select checkbox to allow the client to mount any subdirectory within the Path. Clear to only allow clients to mount the Path endpoint.
Quiet
Select to suppress some syslog diagnostics to avoid error messages. See exports(5) for examples. Clear checkbox to allow all syslog diagnostics. This can lead to additional cosmetic error messages.
Enabled
Select checkbox to enable this NFS share. Clear checkbox to disable this NFS share without deleting the configuration.
Click ADVANCED OPTIONS to display extra settings. These settings allow tuning the share access permissions and defining authorized networks.
NFS Share Advanced Option Settings
Access Settings
Name
Description
Read Only
Select checkbox to prohibit writing to the share. Clear checkbox to allow writing to the share.
Maproot User
Enter a new string or select a user to apply that user permissions to the root user. Dropdown list displays a list of all users on the system.
Maproot Group
Enter a new string or select a group to apply that group permissions to the root user. Dropdown list displays a list of all groups on the system.
Mapall User
Enter a new string or select a user to apply permissions for the chosen user to all clients.
Mapall Group
Enter a new string or select a group to apply permissions for the chosen group to all clients.
Authorized Networks
Enter an allowed network in network/mask CIDR notation. Click ADD to define another authorized network. Defining an authorized network restricts access to all other networks. Leave empty to allow all networks.
Authorized Hosts and IP addresses
Enter a host name or IP address to allow that system access to the NFS share. Click ADD to define another allowed system. Defining authorized systems restricts access to all other systems. Leave field empty to allow all systems access to the share.
Click SUBMIT to save NFS share settings.
Click CANCEL to exit without saving and return to the NFS Shares screen.
To edit an existing NFS share click the more_vert for the share and select Edit.
The options available are identical to the ADD share setting options.
Use the Sharing WebDAV screen to configure Web Distributed Authoring and Versioning (WebDAV) on your TrueNAS.
Web Distributed Authoring and Versioning (WebDAV) is an extension of HTTP. It is a protocol designed to help with web content authoring and management. Use the Sharing WebDAV screen to configure WebDAV on your TrueNAS.
Click COLUMNS to change the columns displayed in the table. Options are Select All, Description, Path, Enabled, Read Only, Change User and Group Owners or Reset to Defaults.
Click ADD to open the WebDAV configuration screen.
Name
Description
Name
Enter a name for the share.
Description
Optional.
Path
Browse to the pool or dataset to share.
Read Only
Select to prohibit users from writing to this share.
Change User & Group Ownership
Change existing ownership of all files in the share to user webdav and group webdav. Clearing the check mark means you must manually set ownership of the files accessed through WebDAV to the webdav or www user/group.
Enabled
Select to enable this WebDAV share. Leave checkbox clear to disable this WebDAV share without deleting it.
Server Message Block (SMB) is a file sharing protocol. Windows and other operating systems use SMB.
Go to Sharing > Windows Shares (SMB) to display the SMB screen and setup SMB shares on your TrueNAS.
Click Columns to change the information displayed in the table. Options are Unselect All, Path, Description, Enabled and Reset to Defaults.
Click Add to display the BASIC Options settings screen.
Basic Options
Name
Description
Path
Use the file browser or click the /mnt to select the pool, dataset or directory to share.
Name
Enter a name for the SMB share.
Purpose
Select a preset purpose configuration. This locks in predetermined values for the share. This includes Advanced Options, as well as the Path Suffix. Select from the dropdown list. Options are: No presets Default share parameters Multi-user time machine Multi-protocol (AFP/SMB) shares Multi-protocol (NFSv3/SMB) shares Private SMB Datasets and Shares SMB WORM. Files become readonly via SMB after 5 minutes. Note: The SMB WORM preset only impacts writes over the SMB protocol. Prior to deploying this option in a production environment the user needs to determine whether the feature meets his / her requirements. See “What do all the presets do?” for more information on presets.
Description
Optional. Explains the purpose of the share.
Enabled
Select to enable this SMB share. Clear checkbox to disable the share without deleting the configuration.
The following table shows the preset options for the different Purposes and if those options are locked.
An [x] indicates the option is enabled, [ ] means the option is disabled, and [text] indicates a specific value:
Default share parameters
Multi-user time machine
Multi-protocol (AFP/SMB) shares
Multi-protocol (NFSv3/SMB) shares
Private SMB Datasets and Shares
Files become readonly of SMB after 5 minutes
[x] Enable ACL (locked)
[x] Enable ACL (unlocked)
[x] Enable ACL (locked)
[ ] Enable ACL (locked)
[ ] Enable ACL (unlocked)
[ ] Enable ACL (unlocked)
[ ] Export Read Only (locked)
[ ] Export Read Only (unlocked)
[ ] Export Read Only (unlocked)
[ ] Export Read Only (unlocked)
[ ] Export Read Only (unlocked)
[ ] Export Read Only (unlocked)
[x] Browsable to Network Clients (locked)
[x] Browsable to Network Clients (unlocked)
[x] Browsable to Network Clients (unlocked)
[x] Browsable to Network Clients (unlocked)
[x] Browsable to Network Clients (unlocked)
[x] Browsable to Network Clients (unlocked)
[ ] Allow Guest Access (unlocked)
[ ] Allow Guest Access (unlocked)
[ ] Allow Guest Access (unlocked)
[ ] Allow Guest Access (unlocked)
[ ] Allow Guest Access (unlocked)
[ ] Allow Guest Access (unlocked)
[ ] Access Based Share Enumeration (locked)
[ ] Access Based Share Enumeration (unlocked)
[ ] Access Based Share Enumeration (unlocked)
[ ] Access Based Share Enumeration (unlocked)
[ ] Access Based Share Enumeration (unlocked)
[ ] Access Based Share Enumeration (unlocked)
[ ] Hosts Allow (locked)
[ ] Hosts Allow (unlocked)
[ ] Hosts Allow (unlocked)
[ ] Hosts Allow (unlocked)
[ ] Hosts Allow (unlocked)
[ ] Hosts Allow (unlocked)
[ ] Hosts Deny (locked)
[ ] Hosts Deny (unlocked)
[ ] Hosts Deny (unlocked)
[ ] Hosts Deny (unlocked)
[ ] Hosts Deny (unlocked)
[ ] Hosts Deny (unlocked)
[ ] Use as Home Share (locked)
[ ] Use as Home Share (unlocked)
[ ] Use as Home Share (unlocked)
[ ] Use as Home Share (unlocked)
[ ] Use as Home Share (unlocked)
[ ] Use as Home Share (unlocked)
[ ] Time Machine (locked)
[ ] Time Machine (unlocked)
[ ] Time Machine (unlocked)
[ ] Time Machine (unlocked)
[ ] Time Machine (unlocked)
[ ] Time Machine (unlocked)
[x] Enable Shadow Copies (locked)
[x] Enable Shadow Copies (unlocked)
[x] Enable Shadow Copies (unlocked)
[x] Enable Shadow Copies (unlocked)
[x] Enable Shadow Copies (unlocked)
[x] Enable Shadow Copies (unlocked)
[ ] Export Recycle Bin (locked)
[ ] Export Recycle Bin (unlocked)
[ ] Export Recycle Bin (unlocked)
[ ] Export Recycle Bin (unlocked)
[ ] Export Recycle Bin (unlocked)
[ ] Export Recycle Bin (unlocked)
[ ] Use Apple-style Character Encoding (locked)
[ ] Use Apple-style Character Encoding (unlocked)
[x] Use Apple-style Character Encoding (locked)
[x] Use Apple-style Character Encoding (unlocked)
[x] Use Apple-style Character Encoding (unlocked)
[x] Use Apple-style Character Encoding (unlocked)
[x] Enable Alternate Data Streams (locked)
[x] Enable Alternate Data Streams (unlocked)
[x] Enable Alternate Data Streams (locked)
[ ] Enable Alternate Data Streams (locked)
[ ] Enable Alternate Data Streams (unlocked)
[ ] Enable Alternate Data Streams (unlocked)
[x] Enable SMB2/3 Durable Handles (locked)
[x] Enable SMB2/3 Durable Handles (unlocked)
[ ] Enable SMB2/3 Durable Handles (locked)
[ ] Enable SMB2/3 Durable Handles (locked)
[ ] Enable SMB2/3 Durable Handles (unlocked)
[ ] Enable SMB2/3 Durable Handles (unlocked)
[ ] Enable FSRVP (locked)
[ ] Enable FSRVP (unlocked)
[ ] Enable FSRVP (locked)
[ ] Enable FSRVP (unlocked)
[ ] Enable FSRVP (unlocked)
[ ] Enable FSRVP (unlocked)
[ ] Path Suffix (locked)
[%U] Path Suffix (locked)
[%U] Path Suffix (unlocked)
[%U] Path Suffix (unlocked)
[%U] Path Suffix (locked)
[ ] Path Suffix (locked)
[ ] Auxiliary Parameters (unlocked)
[ ] Auxiliary Parameters (unlocked)
[ ] Auxiliary Parameters (unlocked)
[ ] Auxiliary Parameters (unlocked)
[ ] Auxiliary Parameters (unlocked)
[ ] Auxiliary Parameters (unlocked)
Advanced Options
Access and Other Options are the two options groups.
Access settings allow systems or users to access or change the shared data.
Name
Description
Enable ACL
Select to add Access Control List (ACL) support to the share. Leave checkbox clear to disable ACL support and delete any existing ACL for the share.
Export Read Only
Select to prohibit writes to the share. Leave checkbox clear to allow writes to the share.
Browsable to Network Clients
Select to include this share name when browsing shares. Home shares are only visible to the owner regardless of this setting.
Allow Guest Access
Select to make privileges the same as the guest account. Windows 10 version 1709 and Windows Server version 1903 have disabled guest access. Guest access for these clients requires extra client-side configuration.
MacOS clients: Trying to connect as a user that does not exist in TrueNAS does not default to the guest account. The Connect As: Guest option must be specifically chosen in MacOS to log in as the guest account. See the Apple documentation for more details.
Access Based Share Enumeration
Select to restrict share visibility to users with read or write access to the share. See the smb.conf manual page.
Hosts Allow
Enter a list of allowed host names or IP addresses. Separate entries by pressing Enter. A more detailed description with examples see here.
Hosts Deny
Enter a list of denied host names or IP addresses. Separate entries by pressing Enter.
The Hosts Allow and Hosts Deny fields work together to produce different situations:
If neither Hosts Allow or Hosts Deny contain an entry, then allow SMB share access for any host.
If there is an entry in Hosts Allow list but none in Hosts Deny list, then only allow hosts on the Hosts Allow list.
If there is an entry in Hosts Deny list but none in Hosts Allow list, then allow all hosts that are not on the Hosts Deny list.
If there are both an entry in Hosts Allow and Hosts Deny list, then allow all hosts that are on the Hosts Allow list. If there is a host not on the Hosts Allow and not on the Hosts Deny list, then allow it.
The Other Options have settings for improving Apple software compatibility. There are also ZFS snapshot features, and other advanced features.
Name
Description
Use as Home Share
Select to allow the share to host user home directories. Gives each user a personal home directory when connecting to the share. This personal home directory is not accessible by other users. This allows for a personal, dynamic share. It is only possible to use one share as the home share. See the configuring Home Share article for detailed instructions.
Select to allow export ZFS snapshots as Shadow Copies for Microsoft Volume Shadow Copy Service (VSS) clients.
Export Recycle Bin
When selected, moves and renames deleted files from the same dataset to per-user subdirectory within the .recycle directory at either the root of the SMB share if the path is the same dataset as the SMB share, or at the root of the current dataset if datasets are nested. Nested datasets do not have automatic deletion based on file size. These files do not take any extra space. Do not rely on this function for backups or replacements of ZFS snapshot.
Use Apple-style Character Encoding
Select to convert NTFS illegal characters in the same manner as MacOS SMB clients. By default, Samba uses a hashing algorithm for NTFS illegal characters.
Enable Alternate Data Streams
Select to allow multiple NTFS data streams. Disabling this option causes MacOS to write streams to files on the file system.
Enable SMB2/3 Durable Handles
Select to allow using open file handles that can withstand short disconnections. Support for POSIX byte-range locks in Samba is also disabled. This option is not recommended when configuring multi-protocol or local access to files.
Enable FSRVP
Select to enable support for the File Server Remote VSS Protocol (FSVRP). This protocol allows Remote Procedure Call (RPC) clients to manage snapshots for a specific SMB share. The share path must be a dataset mountpoint. Snapshots have the prefix fss- followed by a snapshot creation timestamp. A snapshot must have this prefix for an RPC user to delete it.
Path Suffix
Appends a suffix to the share connection path. This provides unique shares on a per-user, per-computer, or per-IP address basis. Suffixes can contain a macro. See the smb.conf manual page for a list of supported macros. The connectpath must be preset before a client connects.
Reference documentation for each item contained within the Services screen.
The Services screen lists all services available on the TrueNAS.
Activate or configure a service on the Services page.
Use the right slider to scroll down to the bottom of the list of services or click on page 2, or the or arrows.
Begin typing in the Filter Search field to narrow down the list of services to locate a service.
After you configure a service, determine if you want it to start after the system boots. If so, select Start Automatically for that service.
Click the toggle to start or stop the service, depending on the current state. Hover the mouse over the toggle to see the current state of that service. The toggle turns blue when it is running.
Click the edit icon to display the settings screen for a service.
Sharing provides documentation for services related to data sharing. Tasks provides documentation for services related to automated tasks.
The articles in the Services navigation panel are also listed below:
AFP Screen: Describes the AFP screen in TrueNAS CORE.
Use the Services AFP screen to configure Apple Filing Protocol (AFP) service on your TrueNAS.
Click SAVE to save settings.
Click CANCEL to exit without saving and return to the Services screen.
General Option
Name
Description
Database Path
The database information stored in the path. If the pool has read-only status, the path must still be writable.
Access
Name
Description
Guest Account
Select an account to use for guest access. This account must have permissions to the shared pool or dataset. Any client connecting to the guest service has the privileges of the guest account user. This user must exist in the password file, but does not need a valid login. Root user cannot be the guest account.
Guest Access
Select to disable the password prompt that displays before clients access AFP shares.
Max Connections
Maximum number of simultaneous connections permitted via AFP. The default limit is 50.
Chmod Request
Indicates how to handle access control lists. Select Ignore to disregard requests. Selecting Ignore also gives the parent directory ACL inheritance full control over new items. Select Preserve to preserve ZFS ACEs for named users and groups or the POSIX ACL group mask. Select Simple to configure chmod() as requested without any extra steps.
Map ACLs
Maps permissions for authenticated users. Select Rights (default, Unix-style permissions), None, or Mode (ACLs).
Other Options
Name
Description
Log Level
Record AFP service messages up to the specified log level in the system log. The system logs severe and warning level messages by default.
Bind Interfaces
Specify the IP addresses to listen for AFP connections. Leave blank to bind to all available IPs. If no IP addresses specified, advertise the first IP address of the system. If no IP addresses specified, listen for any incoming request.
ISPs often change the IP address of the system. With Dynamic Domain Name Service (DDNS) the current IP address continues to point to a domain name. This provides uninterrupted access to TrueNAS.
General Options
Name
Description
Provider
Select the provider from the dropdown list of supported providers. If a specific provider is not listed, select Custom Provider. Enter the information in the Custom Server and Custom Path fields.
Custom Server
Displays after selecting Custom Provider in the Provider field. Enter the DDNS server name. For example, members.dyndns.org denotes a server like dyndns.org.
Custom Path
Displays after selecting Custom Provider in the Provider field. Enter the DDNS server path. Path syntax can vary by provider. Obtain path syntax from that provider. For example, /update?hostname= is a simple path for the update.twodns.de custom sever. The host name is automatically appended by default. For more examples see In-A-Dyn documentation.
CheckIP-Server SSL
Use HTTPS for the connection to the CheckIP Server.
CheckIP Server
Name and port of the server that reports the external IP address. For example, entering checkip.dyndns.org:80 uses Dyn IP detection to discover the remote socket IP address.
CheckIP Path
Path to the CheckIP server. For example, no-ip.com uses a CheckIP Server of dynamic.zoneedit.com and CheckIP Path of /checkip.html.
SSL
Use HTTPS for the connection to the server that updates the DNS record.
Domain Name
Fully qualified domain name of the host with the dynamic IP address. Separate multiple domains with a space, comma (,), or semicolon (;). For example, myname.dyndns.org; myothername.dyndns.org.
Update Period
How often the IP is checked in seconds.
Credentials
Name
Description
Username
User name for logging in to the provider and updating the record.
Password
Password for logging in to the provider and updating the record.
The SAVE button activates after you enter your domain name in Domain Name. Click to save all settings.
After configuring your DDNS service, turn the service on using the Services screen.
File Transfer Protocol (FTP) is a communication protocol. It transfers data across a computer network. Configure FTP service settings on TrueNAS using the FTP services screen.
After making changes to settings click SAVE to confirm and save your changes.
Click ADVANCED OPTIONS to display advanced settings options. Click BASIC OPTIONS to return to the basic settings options.
Click CANCEL to exit without saving.
General Options Settings
Name
Description
Port
Enter the port the FTP service listens on.
Clients
Enter the maximum number of simultaneous clients.
Connections
Enter the maximum number of connections per IP address. 0 is unlimited.
Login Attempts
Enter the greatest number of attempts client permitted before disconnect. Increase if users are prone to misspellings or typos.
Timeout
Enter the maximum client idle time in seconds before disconnect. Default value is 600 seconds.
Certificate
Select from the dropdown list the SSL certificate to use for TLS FTP connections. Currently listed as freenas_default. To create a certificate, go to System > Certificates.
Advanced Option Settings
Click Advanced Options if you need to customize your FTP service. Advanced Options are more detailed than the Basic Options settings.
Access and TLS Settings
Access Settings
Name
Description
Always Chroot
Select to only allow users access their home directory if they are in the wheel group. This option increases security risk.
Allow Root Login
Select to allow root logins. Selecting this option increases security risk. Not recommended.
Allow Anonymous Login
Select to allow anonymous FTP logins with access to the directory specified in Path.
Allow Local User Login
By default, only members of the ftp group can to log in. Select this checkbox to allow any local user to log in.
Require IDENT Authentication
Select to require IDENT authentication. Selecting this option results in timeouts when ident (or in Shellidentd) is not running on the client.
File Permissions
Select to define default permissions for newly created files.
Directory Permissions
Select to define default permissions for newly created directories.
TLS Settings
Unless necessary, do not allow anonymous or root access.
For better security, enable TLS when possible.
This is effectively FTPS.
When FTP is exposed to a WAN, enable TLS.
Name
Description
Enable TLS
Select to allow encrypted connections. Requires a certificate. To create or import a certificate go to System > Certificates.
TLS Policy
Select the policy from the dropdown list of options. Options are On, Off, Data, !Data, Auth, Ctrl, Ctrl + Data, Ctrl +!Data, Auth + Data or Auth +!Data. Defines whether the control channel, data channel, both channels, or neither channel of an FTP session must occur over SSL/TLS. The policies are described here.
TLS Allow Client Renegotiations
Select to allow client renegotiation. This option is not recommended. Selecting this option breaks several security measures. See mod_tls for details.
TLS Allow Dot Login
If selected, TrueNAS checks the user home directory for a .tlslogin file. This file must contain one or more PEM-encoded certificates. System prompts user for password authentication if file not found.
TLS Allow Per User
If selected, allows sending a user password unencrypted.
TLS Common Name Required
Select to require the common name in the certificate match the FQDN of the host.
TLS Enable Diagnostics
Select to make logs more verbose. Useful in troubleshooting a connection.
TLS Export Certificate Data
Select to export the certificate environment variables.
TLS No Certificate Request
Select if the client cannot connect due to a problem with the certificate request. Example: the client server is unable to handle the server certificate request.
TLS No Empty Fragments
Not recommended. This option bypasses a security mechanism.
TLS No Session Reuse Required
This option reduces connection security. Only select if the client does not understand reused SSL sessions.
TLS Export Standard Vars
Select to put in place several environment variables.
TLS DNS Name Required
Select to require the client DNS name resolve to its IP address, and the cert contain the same DNS name.
TLS IP Address Required
Select to require the client certificate IP address match the client IP address.
Bandwidth and Other Settings**
Bandwitdth Settings
Name
Description
Local User Upload Bandwidth: (Examples: 500 KiB, 500M, 2 TB)
Enter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). The unlimited default is 0 KiB.
Local User Download Bandwidth
Enter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). The unlimited default is 0 KiB.
Anonymous User Upload Bandwidth
Enter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). The unlimited default is 0 KiB.
Anonymous User Download Bandwidth
Enter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). The unlimited default is 0 KiB.
Other Options Settings
Name
Description
Minimum Passive Port
Used by clients in PASV mode. A default of 0 means any port above 1023.
Maximum Passive Port
Used by clients in PASV mode. A default of 0 means any port above 1023.
Enable FXP
Select to enable the File eXchange Protocol (FXP). Not recommended as this leaves the server vulnerable to FTP bounce attacks.
Allow Transfer Resumption
Select to allow FTP clients to resume interrupted transfers.
Perform Reverse DNS Lookups
Select to allow performing reverse DNS lookups on client IPs. Causes long delays if reverse DNS isn’t configured.
Masquerade Address
Public IP address or host name. Select if FTP clients cannot connect through a NAT device.
Display Login
Specify the message displayed to local login users after authentication. This is not displayed to anonymous login users.
Network devices often use Link Layer Discovery Protocol (LLDP) to communicate information. This information includes their identities, abilities and peers on a LAN. The LAN is typically wired Ethernet. The TrueNAS LLDP services screen configures LLDP on the system.
General Options
Name
Description
Interface Description
Select to enable receive mode. Interface description stores any peer information received.
County Code
Select the two-letter ISO 3166-1 alpha-2 code used to enable LLDP location support. The dropdown list is a comprehensive list of two-character country codes.
Network File System (NFS) is an open IETF standard remote file access protocol. Use the Services NFS screen to enable NFS services on your TrueNAS.
Click SAVE to save settings and return to the Services screen.
Click CANCEL to exit without saving and return to the Services screen.
Name
Description
Number of servers
Enter a number to specify how many servers to create. Increase if NFS client responses are slow. Keep this less than or equal to the number of CPUs reported by sysctl -n kern.smp.cpus to limit CPU context switching.
Bind IP Addresses
Select IP addresses from dropdown list to listen to for NFS requests. Leave empty for NFS to listen to all available addresses.
Enable NFSv4
Select checkbox to switch from NFSv3 to NFSv4.
NFSv3 ownership model for NFSv4
Select checkbox to provide specific NFSv4 ACL support. This does not require the client and the server to sync users and groups.
Require Kerberos for NFSv4
Select checkbox to force NFS shares to fail if the Kerberos ticket is unavailable.
Serve UDP NFS clients
Select checkbox if NFS clients need to use the User Datagram Protocol (UDP).
Allow non-root mount
Select checkbox only if required by the NFS client. Select to allow serving non-root mount requests.
Support >16 groups
Select checkbox when a user is a member of more than 16 groups. Requires correct configuration of group membership on the NFS server.
OpenVPN is an open source connection protocol. OpenVPN creates a secure connection between 2 points in a network. VPN services use OpenVPN to safeguard data integrity and provide anonymity. There two OpenVPN services on TrueNAS, the OpenVPN Client and OpenVPN Server.
OpenVPN Client
Use OpenVPN Client to configure the client settings.
General Options
Name
Description
Client Certificate
Select a valid client certificate from the dropdown list. The option is freenas_default. A certificate must exist on this system that is current and not revoked. Find more about generating certificates and CAs for OpenVPN here.
Root CA
Select the root Certificate Authority used to sign the Client and Server certificates. Find more about generating certificates and CAs for OpenVPN here.
Remote
Enter a valid IP address or domain name to which OpenVPN connects.
Port
Enter a port number to use for the connection.
Authentication Algorithm
Select an algorithm to authenticate packets. The dropdown list provides a list of algorithms to choose from. This is used to confirm packets sent over the network connection. Your network environment might need a specific algorithm. If not, select SHA1 HMAC which is a good standard algorithm to use.
Cipher
Select a cipher algorithm to encrypt data channel packets sent through the connection. While not required, using a cipher increases connection security. Verify if your networking environment requires a particular cipher. If not, AES-256-GCM is a good default choice. The dropdown list provides a list of encryption ciphers to choose from.
Compression
Select a compression algorithm from the dropdown list. Dropdown list options are LZ0 or LZ4. Leave the field empty to send data uncompressed. LZ0 is the standard compression algorithm. It is backwards compatible with previous (pre-2.4) versions of OpenVPN. LZ4 is a newer option that is typically faster with less system resources required.
Protocol
Select the protocol to use when connecting with the remote system. Select from the dropdown list options UDP, UDP4, UDP6, TCP, TCP4 or TCP6. Select UDP or TCP. UDP sends packets in a continuous stream. It is generally faster and less strict about dropped packets than TCP. TCP sends packets sequentially. To force the connection to be IPv4 or IPv6 choose the UDP or TCP version with the 4 or 6 respectively.
Device Type
Select a virtual network interface from the dropdown list. Options are TUN or TAP. The client and server Device Type must be the same. For information see here.
Nobind
Select to enable and to prevent binding to local address and port. Required if running OpenVPN client and server at the same time.
TLS Crypt Auth Enabled
Select to enable or clear checkbox to disable TLS Web Client Authentication.
Additional Parameters
Enter any extra parameters for the client. This manually configures any of the core OpenVPN config file options. Refer to the OpenVPN Reference Manual for descriptions of each option.
TLS Crypt Auth
Encrypts all TLS handshake messages to add another layer of security. OpenVPN server and clients share a required static key. Enter the static key for authentication/encryption of all control channel packets. Must enable tls_crypt_auth_enabled.
OpenVPN Server
Use OpenVPN Server to configure the server settings.
Configure and save your OpenVPN server settings. Click DOWNLOAD CLIENT CONFIG to generate the certificate file you need from the client system.
Click Client Certificate to generate the configuration file you need from the client system already imported on the system.
General Options
Name
Description
Server Certificate
Select a valid server certificate from the dropdown list. The option is freenas_default. A certificate must exist on this system that is current and not revoked. Find more about generating certificates and CAs for OpenVPN here.
Root CA
Select the root Certificate Authority used to sign the Client and Server certificates. Find more about generating certificates and CAs for OpenVPN here.
Server
Enter the IP address and netmask of the server.
Port
Enter a port number to use for the connection.
Authentication Algorithm
Select an algorithm to authenticate packets. The dropdown list provides a list of algorithms to choose from. Your network environment might require a specific algorithm. If not, select SHA1 HMAC which is a good standard algorithm to use.
Cipher
Select a cipher algorithm to encrypt data channel packets sent through the connection. While not required, using a cipher increases connection security. Verify if your networking environment requires a particular cipher. If not, AES-256-GCM is a good default choice. The dropdown list provides a list of encryption ciphers to choose from.
Compression
Select a compression algorithm from the dropdown list. Dropdown list options are LZ0 or LZ4. Leave the field empty to send data uncompressed. LZ0 is the standard compression algorithm. It is backwards compatible with previous (pre-2.4) versions of OpenVPN. LZ4 is a newer option that is typically faster with less system resources required.
Protocol
Select the protocol to use when connecting with the remote system. Select from the dropdown list options UDP, UDP4, UDP6, TCP, TCP4 or TCP6. Select UDP or TCP. UDP sends packets in a continuous stream. It is generally faster and less strict about dropped packets than TCP. TCP sends packets sequentially. To force the connection to be IPv4 or IPv6 choose the UDP or TCP version with the 4 or 6 respectively.
Device Type
Select a virtual network interface from the dropdown list. Options are TUN or TAP. The client and server Device Type must be the same. For more information see here.
Topology
Select to configure virtual addressing topology when running in TUN mode. Dropdown list options are NET30, P2P or SUBNET. TAP mode always uses a SUBNET topology.
TLS Crypt Auth Enabled
Select to enable or clear checkbox to disable TLS Web Client Authentication.
Additional Parameters
Enter any extra parameters.
TLS Crypt Auth
Encrypting TLS handshake messages adds another layer of security. OpenVPN server and clients share a required static key. Enabling tls_crypt_auth_enabled generates a static key if tls_crypt_auth is not provided. The generated static key is for use with OpenVPN client. Enter that key here.
Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.) is an industry standard. S.M.A.R.T. performs disk monitoring and testing. It checks drive reliability and predicts hardware failures.
S.M.A.R.T. tests run on disks.
Running tests can reduce drive performance. We recommend scheduling tests when the system is in a low-usage state.
Avoid scheduling disk-intensive tests at the same time!
For example, do not schedule S.M.A.R.T. tests on the same day as a disk scrub or resilver.
Name
Description
Check Interval
Enter the time in minutes for smartd to wake up and check if any tests are configured to run.
Power Mode
Select the power mode from the dropdown list. Options are Never, Sleep, Standby or Idle. S.M.A.R.T. only tests when the Power Mode is Never.
Difference
Enter a number of degrees in Celsius. S.M.A.R.T. reports if a drive temperature changes by N degrees Celsius since the last report.
Informational
Enter a threshold temperature in Celsius. S.M.A.R.T. sends a message with a LOG_INFO log level if the temperature is above the threshold.
Critical
Enter a threshold temperature in Celsius. S.M.A.R.T. sends a message with a LOG_CRIT log level and send an email if the temperature is above the threshold.
Describes the S3 screen in TrueNAS CORE. This service is deprecated.
Due to security vulnerabilities and maintainability issues, the S3 service is deprecated in TrueNAS 13.0 and removed in TrueNAS 22.12 and newer versions.
Beginning in CORE 13.0-U6, the CORE web interface generates an alert when the deprecated service is either actively running or is enabled to start on boot.
TrueNAS Enterprise
Beginning in CORE 13.0-U6, Enterprise customers with the S3 service running or enabled are prevented from upgrading to the next major version.
Please contact iX Support to review options for migrating to a TrueNAS release that has Minio applications available.
Customers who purchase iXsystems hardware or that want additional support must have a support contract to use iXsystems Support Services. The TrueNAS Community forums provides free support for users without an iXsystems Support contract.
Use the Services SMB screen to configure SMB service settings.
Unless a specific setting is needed or configuring for a specific network environment, it is recommended to use the default settings for the SMB service.
Basic Options
Name
Description
NetBIOS Name
Populates with the original host name of the system truenas. Enter a name that does not exceed 15 characters and is not the same name in Workgroup.
NetBIOS Alias
Enter any aliases, separated by spaces. Each alias can be up to 15 characters long.
Workgroup
Value must match Windows workgroup name. If unconfigured, TrueNAS uses Active Directory or LDAP to detect and select the correct workgroup. Active Directory or LDAP must be active for TrueNAS to do this.
Description
Optional. Enter a server description.
Enable SMB1 support
Select to allow legacy SMB clients to connect to the server. Note that SMB1 is being deprecated. The recommendation is to upgrade the client OS. The OS upgrade should support modern versions of the SMB protocol.
NTLMv1 Auth
Select to allow smbd(8) attempts to authenticate users with NTLMv1 encryption. NTLMv1 is not secure and is a vulnerability. NTLMv1 authentication is off by default. This setting allows backward compatibility with older versions of Windows. It is not recommended. Do not use on untrusted networks.
Advanced Options
Name
Description
Unix Charset
Select an option from the dropdown list. Default is UTF-8 which supports all characters in all languages.
Log Level
Select an option from the dropdown list. Options are None, Minimum, Normal, Full or Debug. Records SMB service messages up to the specified log level. Logs error and warning level messages by default.
Use Syslog Only
Select to log authentication failures in /var/log/messages instead of the default /var/log/samba4/log.smbd.
Local Master
Select to determine if the system participates in a browser election. Leave checkbox clear when the network contains an AD or LDAP server. Leave checkbox clear when Vista or Windows 7 machines are present.
Enable Apple SMB2/3 Protocol Extensions
Select to allow macOS to use these protocol extensions. Improves the performance and behavioral characteristics of SMB shares. Required for Apple Time Machine support.
Administrators Group
Select an option from the dropdown list. Members of this group are local admins. Local admins have privileges to take ownership of any file in the SMB share. They can reset permissions. Local admins can administer the SMB server through the Computer Management MMC snap-in.
Guest Account
Select an account to use for guest access from the dropdown list. Default is nobody. The selected account must have permissions to the shared pool or dataset. To adjust permissions, edit the dataset Access Control List (ACL). Add a new entry for the selected guest account, and configure the permissions in that entry. Deleting the selected user in Guest Account resets the field to nobody.
File Mask
Overrides default file creation mask of 0644. File creation mask 0644 creates files with read and write access for everybody.
Directory Mask
Overrides default directory creation mask of 0755. Directory creation mask 0755 grants directory read, write and execute access for everybody.
Bind IP Addresses
Select from the dropdown list. These are the static IP addresses which SMB listens on for connections. If not selected, defaults to listen on all active interfaces.
Auxiliary Parameters
Enter additional smb.conf options. See the Samba Guide for more information on these settings. To log more details when a client attempts to authenticate to the share, add log level = 1, auth_audit:5.
Simple Network Management Protocol (SNMP) is an Internet Standard protocol. SNMP gathers and sorts data about managed devices on IP networks, such as LANs and WANs. Use the SNMP screen to configure SNMP service on your TrueNAS.
After selecting SNMP v3 Support more configuration fields display.
After filling in all required fields with appropriate values, the SAVE button activates. Click SAVE to save settings.
Click CANCEL to exit without saving and display the Services screen.
Field Descriptions
General Options
Name
Description
Location
Enter the location of the system.
Contact
Enter the email address to receive SNMP service messages.
Community
Enter a community other than the default public to increase system security. Value can only contain alphanumeric characters, underscores (_), dashes (-), periods (.), and spaces. Not required and can leave this empty for SNMPv3 networks.
Secure Socket Shell (SSH) is a network communication protocol. It provides encryption to secure data. Use the SSH services screen to configure SSH File Transfer Protocol (SFTP). SFTP is available by enabling SSH remote access to the TrueNAS system.
Allowing external connections to TrueNAS is a security vulnerability!
Enable SSH only when there is a need for external connections.
See Security Recommendations for more security considerations when using SSH.
General Options
Name
Description
TCP Port
Open a port for SSH connection requests. Enter the port number.
Log in as Root with Password
Select to allow root logins. It is not recommended to allow root logins! A password must be set for the root user account.
Allow Password Authentication
Select to allow password authentication. Enabling allows SSH login authentication using a password. Warning: Determine if directory services are enabled. If so, this setting grants access to all users imported by directory service. When disabled, authentication requires keys for all users. Involves extra SSH client and server setup.
Allow Kerberos Authentication
Select to allow Kerberos authentication. Before enabling this option, valid entries must exist in: Directory Services > Kerberos Realms Directory Services > Kerberos Keytabs The system must be able to communicate with the Kerberos domain controller.
Allow TCP Port Forwarding
Select to let users bypass firewall restrictions using the SSH port forwarding feature.
ADVANCED OPTIONS displays additional configuration fields to set up SSH for specific uses cases.
Advanced Options
Name
Description
Bind Interfaces
Select interfaces on your system from the dropdown list for SSH to listen on. Leave all options unselected for SSH to listen on all interfaces.
Compress Connections
Select to attempt to reduce latency over slow networks.
SFTP Log Level
Select the syslog(3) facility of the SFTP server option from the dropdown list. Options are Quiet, Fatal, Error, Info, Verbose, Debug, Debug2 or Debug3.
SFTP Log Facility
Select the syslog(3) facility of the SFTP server option from the dropdown list. Options are Daemon, User, Auth and Local 0 through Local7.
Weak Ciphers
Select a cipher from the dropdown list. Options are None or AES128-CBC. To allow more ciphers for sshd(8) in addition to the defaults in sshd_config(5). Use None to allow unencrypted SSH connections. Use AES128-CBC to allow the 128-bit Advanced Encryption Standard. WARNING: these ciphers are security vulnerabilities. Only allow them in a secure network environment.
Auxiliary Parameters
Add any more sshd_config(5) options not covered in this screen. Enter one option per line. Options added are case-sensitive. Misspellings can prevent the SSH service from starting.
Trivial File Transfer Protocol (TFTP) is a basic protocol designed for simple file transfer. It provides no user authentication or the ability to browse a directory hierarchy. Use the TFTP service screen to configure TFTP service on the TrueNAS.
TFTP Service Screen Settings
Path
Name
Description
Directory
Browse to an existing directory to use for storage. Some devices can require a specific directory name. Consult the documentation for that device to see if there are any restrictions. Click the > to the left of /mnt to open a list of directories.
Connection
Name
Description
Host
The default host to use for TFTP transfers. Enter an IP address. For example, 192.0.2.1 or in Shell192.0.2.1
Port
The UDP port number that listens for TFTP requests. For example, 8050 or in Shell8050.
Username
Select the account to use for TFTP requests from the dropdown list. Options include but are not limited to root, daemon, operator, nobody and all other user names on the system. This account must have permission to what is specified in Directory.
Access
Name
Description
File Permissions
Adjust the User and Group file permissions. Use the Read, Write and Execute checkboxes. Select all that apply.
Allow New Files
Select when network devices need to send files to the system.
Other Options
Name
Description
Auxiliary Parameters
Add more options from tftpd. Add one option on each line.
An uninterruptible power supply is a hardware device that provides a backup source of power in the event of a power outage. Use the UPS services screen to configure a UPS for your TrueNAS.
TrueNAS Enterprise
TrueNAS High Availability (HA) systems are not compatible with uninterruptible power supplies (UPS).
SAVE activates after all required fields are populated.
CANCEL exits without saving and returns you to the Services screen.
Type a description for the UPS device. You can use alphanumeric, period (.), comma (,), hyphen (-), and underscore (_) characters. This is a required field.
UPS Mode
Select mode from the dropdown list. Master is an option if the UPS plugs directly into the system serial port. Select Slave to have this system shut down before the master system. The UPS remains the last item to shut down. See the Network UPS Tools Overview.
Driver
Select the device driver from the dropdown list. See the Network UPS Tools compatibility list for a list of supported UPS devices. This is a required field.
Port or Hostname
Select the serial or USB port connected to the UPS from the dropdown list. Options include a list of ports on your system and auto. Select auto to automatically detect and manage the USB port settings. Enter the IP address or host name of the SNMP UPS device when selecting an SNMP driver. If the UPS Mode field is set as Master, this is a required field. If set to Slave this field is not required.
Monitor
Name
Description
Monitor User
Enter a user to associate with this service. Keeping the default is recommended.
Monitor Password
Change the default password to improve system security. The new password cannot include a space or #.
Extra Users
Enter accounts that have administrative access. See upsd.users(5) for examples.
Remote Monitor
Select to have the default configuration listen on all interfaces using the known values of user: upsmon and password: fixmepass.
Select the battery option to use when the UPS initiates shutdown. Dropdown list options are UPS reaches low battery or UPS goes on battery.
Shutdown Timer
Enter a value in seconds for the UPS to wait before initiating shutdown. Shutdown does not occur if power is restored while the timer is counting down. This value only applies when Shutdown Mode is set to UPS goes on battery.
Shutdown Command
Enter a command to shut down the system when either battery power is low or the shutdown timer ends.
Power off UPS
Select for the UPS to power off after shutting down the system.
Email
Name
Description
Send Email Status Updates
Select to enable sending messages to the address defined in the Email field.
Email
Enter any email addresses to receive status updates. Separate entries by pressing Enter.
Email Subject
Enter the subject for status emails.
Other Options
Name
Description
No Communication Warning Time
Enter the number of seconds to wait before alerting that the service cannot reach any UPS. Warnings continue until situation resolved.
Host Sync
Length of time in seconds for upsmon to wait while in master mode for the slaves to disconnect. This applies during a shutdown situation.
The WebDAV protocol contains extensions to HTTP. These extensions expand the capabilities of a webserver. It can act as a collaborative authoring and management tool for web content. Use the Services WebDAV screen to enable WebDAV services on your TrueNAS.
Click ADD to open the WebDAV settings screen.
General Options
Name
Description
Protocol
Select the protocol from the dropdown list. HTTP keeps the connection unencrypted. HTTPS encrypts the connection. HTTP+HTTPS allows both types of connections.
HTTP Port
Specify a port for unencrypted connections. The default port 8080 is recommended. Do not reuse a port.
HTTP Authentication
Select the HTTP authentication type from the dropdown list. Basic Authentication is unencrypted. Digest Authentication is encrypted. Select No Authentication when you don’t want to use authentication.
Webdav Password
Change the default of davtest as davtest is a known value.
11 - Jails, Plugins and Virtual Machines (Obsolete)
Reference documentation for the obsolete Jails, Plugins, and Virtual Machines screens.
Following the upstream FreeBSD 13.2 end-of-life, announced July 1, 2024, virtualization features (plugins, jails, and virtual machines) in TrueNAS 13.0 are now obsolete.
Enterprise users or community users with a critical need to use containers or virtualization solutions in production should migrate to the tested and supported virtualization features available in TrueNAS SCALE.
TrueNAS Enterprise customers can contact iXsystems to schedule a TrueNAS 24.04 or newer deployment.
See CORE to SCALE Migrations for more information.
Jails (Obsolete): Reference documentation for the obsolete Jails screens.
Plugins (Obsolete): Reference documentation for the obsolete Plugins screens.
Reference documentation for the obsolete Jails screens.
Following the upstream FreeBSD 13.2 end-of-life, announced July 1, 2024, virtualization features (plugins, jails, and virtual machines) in TrueNAS 13.0 are now obsolete.
Enterprise users or community users with a critical need to use containers or virtualization solutions in production should migrate to the tested and supported virtualization features available in TrueNAS SCALE.
TrueNAS Enterprise customers can contact iXsystems to schedule a TrueNAS 24.04 or newer deployment.
See CORE to SCALE Migrations for more information.
The Jails screen displays a list of jails installed on your system. Use to add, edit or delete jails.
Use the blue Columns dropdown list to display options to change the information displayed in the lis to of tables. Options are Select All, JID, Boot, State, Release, IPv4, IPv6, Type, Template, Basejail or Reset to Defaults.
Use the settings icon to set the pool to use for jail storage.
Use ADD to display the first configuration Wizard screen and to access the ADVANCED JAIL CREATION button to display advanced jail configuration screens.
Individual Jail Screen
Click the chevron_right icon to display the individual jail screen with its primary settings and additional action options for that jail.
Click the expand_more icon to collaspe the individual jail screen.
Name
Description
EDIT
Used to modify the settings described in Advanced Jail Creation. You cannot edit a jail while it is running. You can only view the settings that are read only until you stop the jail operation.
MOUNT POINTS
Select an existing mount point to edit. Either click EDIT or click ACTIONS > Add Mount Point to create a mount point for the jail. A mount point gives a jail access to storage located elsewhere on the system. You must stop a jail before adding, editing, or deleting a mount point. See Additional Storage for more details.
RESTART
Stops and immediately starts a jail that is running or up.
START
Starts a jail that has a current STATE of down.
STOP
Stops a jail that has a current STATE of up.
UPDATE
Runs freebsd-update to update the jail to the latest patch level of the installed FreeBSD release.
SHELL
Displays the Shell screen which provides access a root command prompt to interact with a jail directly from the command line. Type exit to leave the command prompt and display the Jails screen.
DELETE
Deletes the selected jail. Caution: deleting the jail also deletes all of the jail contents and all associated snapshots. Back up the jail data, configuration, and programs first. There is no way to recover the contents of a jail after deleting it!
Action options change based on the jail state. For example, a stopped jail does not have a STOP or SHELL option.
Jail Creation Options
TrueNAS has two options to create a jail. The Jail Wizard makes it easy to create a jail. ADVANCED JAIL CREATION opens the advanced configuration screens with all possible configuration settings. This form is recommended only for advanced users with ver specific requirements for a jail.
Use the jail-creation Wizard to add a new jail by following and completing required fields in a pre-determimed order. The wizard provides the simplest process to create and configure a new jail.
Click ADD to display the first of three Wizard configuration screens.
Wizard Navigation
Use Next to advance to the next screen.
Use Back to return to the previous screen.
Use SUBMIT to save all settings and create the Jail.
Use Cancel to close the current screen exit the configuation process without saving.
Setting
Description
Name
Required field. Enter a name that can include letters, numbers, periods (.), dashes (-), and underscores (_).
Jail Type
Select an option from the dropdown-list. Options are Default (Clone Jail) or Basejail. Use Default (Clone Jail) to clone jails that are clones of the specified value in Release. They are linked to that release, even if they are upgraded. Use Basejails to mount the specified release directories as nullfs mounts over the jail directories. Basejails are not linked to the original release when upgraded. Versions of FreeBSD are downloaded the first time they are used in a jail. Additional jails created with the same version of FreeBSD are created faster because the download is already complete.
Release
Select an option from the dropdown list. Options are 12.2-RELEASE or 13.0-RELEASE. This is the FreeBSD release to use as the jail operating system. Jails can run FreeBSD versions up to the same version as the host system. Newer releases are not shown.
Advanced Jail Creation
Opens the advanced configuration screens. This form is recommended only for advanced users with ver specific requirements for a jail
Name
Description
DHCP Autoconfigure IPv4
Select to auto-configure jail networking with the Dynamic Host Configuration Protocol (DHCP). Also select VNET and Berkeley Packet Filter with this selected option.
NAT
Network Address Translation (NAT) to transform local network IP addresses into a single IP address. Select when the jail shares a single connection to the Internet with other systems on the network.
VNET
Select to use VNET(9) to emulate network devices for the jail. A fully virtualized per-jail network stack is installed.
vnet_default_interface
Select the default VNET interface from options on the dropdown list. Options are none, auto, or specific interfaces on your system. Only takes effect when VNET is selected. Choose a specific interface or set to auto to use the interface that has the default route. Choose none to not set a default VNET interface.
IPv4 Interface
Select the IPv4 interface for the jail from the dropdown list.
IPv4 Address
Enter the IPv4 address for VNET(9) and shared IP jails.
IPv4 Netmask
Select the IPv4 netmask for the jail from the dropdown list.
IPv4 Default Router
Enter a valid IPv4 address to use as the default route. Enter none to configure the jail with no IPv4 default route. A jail without a default route is not be able to access any networks.
AutoConfigure IPv6
Select to use Stateless Address Auto Configuration (SLAAC) to autoconfigure IPv6 in the jail.
IPv6 Interface
Select the IPv6 interface for the jail from the dropdown list.
IPv6 Address
Enter the IPv6 address for VNET(9) and shared IP jails.
IPv6 Prefix
Select the IPv6 prefix for the jail from the dropdown list.
IPv6 Default Router
Enter a valid IPv6 address to use as the default route. Enter none to configure the jail without an IPv6 default route. A jail without a default route is not be able to access any networks.
Displays a screen that summarizes the Jail settings entered or selected on the Wizard screens.
The Advanced Jail Creation screens include four expandable configuration areas:
Basic Properties
Jail Properties
Network Properties
Custom Properties
Click the expand_more icon to collaspe any area of configuration settings.
Use Next to advance to the next configuration settings section, or click the expand_less icon to expand the configuration settings area.
Name
Description
Name
Required field. Enter a name that can include letters, numbers, periods (.), dashes (-), and underscores (_).
Jail Type
Select an option from the dropdown-list. Options are Default (Clone Jail) or Basejail. Use Default (Clone Jail) to clone jails that are clones of the specified value in Release. They are linked to that release, even if they are upgraded. Use Basejails to mount the specified release directories as nullfs mounts over the jail directories. Basejails are not linked to the original release when upgraded.
Release
Select an option from the dropdown list. Options are 12.2-RELEASE or 13.0-RELEASE. This is the FreeBSD release to use as the jail operating system. Jails can run FreeBSD versions up to the same version as the host system. Newer releases are not shown.
DHCP Autoconfigure IPv4
Select to auto-configure jail networking with the Dynamic Host Configuration Protocol (DHCP). Also select VNET and Berkeley Packet Filter with this selected option.
NAT
Network Address Translation (NAT) to transform local network IP addresses into a single IP address. Select when the jail shares a single connection to the Internet with other systems on the network.
VNET
Select to use VNET(9) to emulate network devices for the jail. A fully virtualized per-jail network stack is installed.
Select the default VNET interface from options on the dropdown list. Options are none, auto, or specific interfaces on your system. Only takes effect when VNET is selected. Choose a specific interface or set to auto to use the interface that has the default route. Choose none to not set a default VNET interface.
IPv4 Interface
Select the IPv4 interface for the jail from the dropdown list.
IPv4 Address
Enter the IPv4 address for VNET(9) and shared IP jails.
IPv4 Netmask
Select the IPv4 netmask for the jail from the dropdown list.
IPv4 Default Router
Enter a valid IPv4 address to use as the default route. Enter none to configure the jail with no IPv4 default route. A jail without a default route is not be able to access any networks.
AutoConfigure IPv6
Select to use Stateless Address Auto Configuration (SLAAC) to autoconfigure IPv6 in the jail.
IPv6 Interface
Select the IPv6 interface for the jail from the dropdown list.
IPv6 Address
Enter the IPv6 address for VNET(9) and shared IP jails.
IPv6 Netmask
Select the IPv6 prefix for the jail from the dropdown list.
IPv6 Default Router
Enter a valid IPv6 address to use as the default route. Enter none to configure the jail without an IPv6 default route. A jail without a default route is not be able to access any networks.
Auto Start
Select to auto-start the jail at system boot time. Jails are started and stopped based on iocage priority. Set in the Custom Properties priority field.
Name
Description
devfs_ruleset
The devfs(8) ruleset number to enforce when mounting devfs in the jail. The default 0 means no ruleset is enforced. Mounting devfs inside a jail is only possible when the allow_mount and allow_mount_devfs permissions are enabled and enforce_statfs is set to a value lower than 2.
exec_start
Commands to run in the jail environment after the jail is created. Example: sh /etc/rc. The pseudo-parameters section of JAIL(8) describes exec.start usage.
exec_stop
Commands to run in the jail environment before the jail is removed and after exec.prestop commands complete. Example: sh /etc/rc.shutdown.
exec_prestart
Commands to run in the system environment before a jail is started.
exec_poststart
Commands to run in the system environment after a jail is started and after any exec_start commands are finished.
exec_prestop
Commands to run in the system environment before a jail is stopped.
exec_poststop
Commands to run in the system environment after a jail is stopped.
exec_jail_user
Enter either root or another valid username. Inside the jail, this user runs the commands.
exec_system_user
Run commands in the jail as this user. By default, the current user runs these commands.
securelevel
The value of the jail securelevel sysctl. A jail never has a lower securelevel setting than the host system. Setting this parameter allows a higher securelevel setting. If the host system securelevel* setting is changed, the jail secure level is at least as secure.
sysvmsg
Allows or denies access to SYSV IPC message primitives. Use the dropdown list to select from Inherit, New or Disable. Select Inherit to make all IPC objects on the system visible to the jail. Select *New to make only objects the jail creates using the private key namespace visible. The system and parent jails have access to the jail objects but not private keys. Select Disable when the jail cannot perform any sysvmsg related system calls.
sysvsem
Allows or denies access to SYSV IPC semaphore primitives. Use dropdown list to select from Inherit, New or Disable. Use Inherit to make all IPC objects on the system visible to the jail. Select New to make only objects the jail creates using the private key namespace visible. The system and parent jails have access to the jail objects but not private keys. Select Disable when the jail cannot perform any sysvmem related system calls.
sysvshm
Allows or denies access to SYSV IPC shared memory primitives. Use dropdown list to select from Inherit, New or Disable. Select Inherit to make all IPC objects on the system visible to the jail. Select New to make only objects the jail creates using the private key namespace visible. The system and parent jails have access to the jail objects but not private keys. Select Disable when the jail cannot perform any sysvshm related system calls.
vnet_interfaces
A space-delimited list of network interfaces attached to a VNET enabled jail after it is created. Interfaces are released when the jail is removed.
Select to choose whether a process in the jail has access to System V IPC primitives. Equivalent to setting sysvmsg, sysvsem, and sysvshm to Inherit. Deprecated in FreeBSD 11.0 and newer! Use sysvmsg, sysvsem, and sysvshm instead.
allow_raw_sockets
Select to allow raw sockets. Utilities like ping(8) and traceroute(8) require raw sockets. When selected, source IP addresses are enforced to comply with the IP addresses bound to the jail, ignoring the IP_HDRINCL flag on the socket.
allow_chflags
Select to treat jail users as privileged and allow the manipulation of system file flags. Secure level constraints are still enforced.
allow_mlock
Enables running services that require mlock(2) in a jail.
allow_vmm
Allows the jail to access the bhyve virtual machine monitor (VMM). The jail must have FreeBSD 12.0 or newer installed with the vmm(4) kernel module loaded.
allow_quotas
Select to allow the jail root to administer quotas on jail file systems. This includes file systems the jail shares with other jails or with non-jailed parts of the system.
allow_socket_af
Select to allow access to other protocol stacks beyond IPv4, IPv6, local (UNIX), and route. Warning, jail functionality does not exist for all protocol stacks.
allow_mount
Select to allow privileged users inside the jail to mount and unmount file system types marked as jail-friendly. Also use dropdown list to select from list of options allow_mount_devfs, allow_mount_fusefs, allow_mount_nullfs, allow_mount_procfs, allow_mount_tmpfs or allow_mount_zfs.
Name
Description
Interfaces
Use to enter up to four interface configurations in the format interface:bridge, separated by a comma (,), where the left value is the virtual VNET interface name and the right value is the bridge name where to attach the virtual interface.
Use to set the jail host name. Defaults to the jail UUID.
resolver
Use to add lines to the jail resolv.conf. For example, nameserver IP;search domain.local. Delimit fields with a semicolon (;), this translates as new lines in resolv.conf. Enter none to inherit resolv.conf from the host.
exec_fib
Enter the routing table (FIB) to use when running commands inside the jail.
ip4.saddrsel
Select to disable IPv4 source address selection for the jail in favor of the primary IPv4 address of the jail. Only available when the jail is not configured to use VNET.
ip6.saddrsel
Select to disable IPv6 source address selection for the jail in favor of the primary IPv6 address of the jail. Only available when the jail is not configured to use VNET.
ip4
Controls the availability of IPv4 addresses. Use the dropdown list to select from options inherit, New or Disable. Select Inherit to allow unrestricted access to all system addresses. Select New to restrict addresses with ip4_addr. Select Disable to stop the jail from using IPv4 entirely.
ip6
Controls the availability of IPv6 addresses. Use the dropdown list to select from options inherit, New or Disable. Select Inherit to allow unrestricted access to all system addresses. Select New to restrict addresses with ip6_addr. Select Disable to stop the jail from using IPv6 entirely.
mac_prefix
Enter a valid MAC address vendor prefix. For example, E4F4C6.
vnet0_mac
Use to assign a fixed MAC address. Leave this field empty to generate random MAC addresses for the host and jail. To assign fixed MAC addresses, enter the MAC address to assign to the host, a space, then the MAC address to assign to the jail.
Name
Description
priority
Enter a numeric start priority for the jail at boot time. Valid priorities are between 1 and 99. Smaller values are higher priority. At system shutdown the priority is reversed. For example, 99.
hostid
Enter a new jail host id, if desired. For example, the hostid: 1a2bc345-678d-90e1-23fa-4b56c78901de.
comment
Enter comments about the jail.
template
Select to set this jail as a template.
host_time
Select to set system host time to synchronize the time between jail and host.
jail_zfs
Select to enable automatic ZFS jailing inside the jail. The jail fully controls the assigned ZFS dataset.
jail_zfs_dataset
Enter a ZFS file system name without a pool name to define the jailed dataset and fully hand over to a jail. You must set jail_zfs for this option to work.
jail_zfs_mountpoint
Enter the mount point for the jail_zfs_dataset. For example, /data example-dataset-name.
allow_tun
Select to reveal tun devices for the jail with an individual devfs ruleset. Allows the creation of tun devices in the jail.
Autoconfigure IPv6 with rtsold
Select to use rtsold(8) as part of IPv6 auto-configuration. Send ICMPv6 router solicitation messages to interfaces to discover new routers.
ip_hostname
Select to use DNS records during jail IP configuration to search the resolver and apply the first open IPv4 and IPv6 addresses. See jail(8).
assign_localhost
Select to add network interface lo0 to the jail and assign it the first available localhost address, starting with 127.0.0.2. The Basic PropertiesVNET checkbox must be cleared. Jails using VNET configure a localhost as part of their virtualized network stack.
Reference documentation for the obsolete Plugins screens.
Following the upstream FreeBSD 13.2 end-of-life, announced July 1, 2024, virtualization features (plugins, jails, and virtual machines) in TrueNAS 13.0 are now obsolete.
Enterprise users or community users with a critical need to use containers or virtualization solutions in production should migrate to the tested and supported virtualization features available in TrueNAS SCALE.
TrueNAS Enterprise customers can contact iXsystems to schedule a TrueNAS 24.04 or newer deployment.
See CORE to SCALE Migrations for more information.
Use the Plugins screen to install and maintain 3rd party applications on your TrueNAS storage systems.
Use the blue Columns dropdown list to display options to change the information displayed in the lis to of tables. Options are Select All, Status, Admin Portals, IPv4 Address, IPv6 Address, Version, Plugin, Release, Boot, Collection or Reset to Defaults.
Use the settings icon to set the pool to use for Plugin and Jail Manager storage.
Use Browse a Collection to select 3rd party applications from either the iXsystems or Community libraries.
Use REFRESH INDEX to update the index of applications.
Use INSTALL to display the Plugins Add configuration screen and to access the ADVANCED PLUGIN INSTALLATION button to display advanced Plugin and jail configuration screens.
Individual Plugin Screen
Click the chevron_right icon to display the individual plugin screen with its IP address, plugin name, release and version and the Github location for the collection. It includes additional action options for that plugin.
Click the expand_more icon to collaspe the individual plugin screen.
Name
Description
Manage
Displays the System Overview screen for that application. For example, the netdatajail system overview with CPU and load graphics and options to view other information about this application.
MOUNT POINTS
Displays the Jails Mount Points of nameofpluginjail screen. Click ACTIONS and select either Add to create a mount point for the jail used by the plugin, or Go Back to Jails to open the Jails screen. A mount point gives a jail access to storage located elsewhere on the system. You must stop a jail before adding, editing, or deleting a mount point. See Additional Storage for more details.
RESTART
Starts a stopped plugin.
STOP
Stops a plugin and the associated jail.
UPDATE
Displays the Update plugin dialog where you can select the option to Update jail as well. Select Confirm to activate the UPDATE button.
Uninstall
Displays a verification dialog for the plugin and related jail. Type the name displayed in the dialog and select Confirm to activate the DELETE button.
Plugin Add Screen
Use the Add screen to install the plugin highlighted on the Plugins screen for a simple basic install of a third party application. Use the
ADVANCED PLUGIN INSTALLATION button to open the advanced configuration screens with all possible configuration settings for the plugin and related jail. This form is recommended only for advanced users with ver specific requirements for a jail.
Setting
Description
Plugin Name
Displays the name of the plugin highliged on the Plugin screen.
Jail Name
Required field. Enter a name that can include letters, numbers, periods (.), dashes (-), and underscores (_).
DHCP
Select to allow DHCP to configure networking for the Jail**.
NAT
Network Address Translation (NAT) to transform local network IP addresses into a single IP address. Select when the jail shares a single connection to the Internet with other systems on the network.
IPv4 Interface
Select the IPv4 interface for the jail from the dropdown list.
IPv4 Address
Enter the IPv4 address for VNET(9) and shared IP jails.
IPv4 Netmask
Select the IPv4 netmask for the jail from the dropdown list.
IPv6 Interface
Select the IPv6 interface for the jail from the dropdown list.
IPv6 Address
Enter the IPv6 address for VNET(9) and shared IP jails.
IPv6 Prefix
Select the IPv6 prefix for the jail from the dropdown list.
Advanced Plugin Installation
Opens the advanced configuration screens. This form is recommended only for advanced users with ver specific requirements for a jail
Advanced Plugin Installation
The Advanced Plugin Installation screens include four expandable configuration areas:
Basic Properties
Jail Properties
Network Properties
Custom Properties
Click the expand_more icon to collaspe any area of configuration settings.
Use Next to advance to the next configuration settings section, or click the expand_less icon to expand the configuration settings area.
Name
Description
Plugins Name
Displays the name of the Plugin highlighed on the Plugins screen. This field is not editable.
Name
Required field. Enter a name that can include letters, numbers, periods (.), dashes (-), and underscores (_).
DHCP Autoconfigure IPv4
Select to auto-configure jail networking with the Dynamic Host Configuration Protocol (DHCP). Also select VNET and Berkeley Packet Filter with this selected option.
NAT
Network Address Translation (NAT) to transform local network IP addresses into a single IP address. Select when the jail shares a single connection to the Internet with other systems on the network.
VNET
Select to use VNET(9) to emulate network devices for the jail. A fully virtualized per-jail network stack is installed.
Select the default VNET interface from options on the dropdown list. Options are none, auto, or specific interfaces on your system. Only takes effect when VNET is selected. Choose a specific interface or set to auto to use the interface that has the default route. Choose none to not set a default VNET interface.
IPv4 Interface
Select the IPv4 interface for the jail from the dropdown list.
IPv4 Address
Enter the IPv4 address for VNET(9) and shared IP jails.
IPv4 Netmask
Select the IPv4 netmask for the jail from the dropdown list.
IPv4 Default Router
Enter a valid IPv4 address to use as the default route. Enter none to configure the jail with no IPv4 default route. A jail without a default route is not be able to access any networks.
AutoConfigure IPv6
Select to use Stateless Address Auto Configuration (SLAAC) to autoconfigure IPv6 in the jail.
IPv6 Interface
Select the IPv6 interface for the jail from the dropdown list.
IPv6 Address
Enter the IPv6 address for VNET(9) and shared IP jails.
IPv6 Netmask
Select the IPv6 prefix for the jail from the dropdown list.
IPv6 Default Router
Enter a valid IPv6 address to use as the default route. Enter none to configure the jail without an IPv6 default route. A jail without a default route is not be able to access any networks.
Auto Start
Select to auto-start the jail at system boot time. Jails are started and stopped based on iocage priority. Set in the Custom Properties priority field.
Name
Description
devfs_ruleset
The devfs(8) ruleset number to enforce when mounting devfs in the jail. The default 0 means no ruleset is enforced. Mounting devfs inside a jail is only possible when the allow_mount and allow_mount_devfs permissions are enabled and enforce_statfs is set to a value lower than 2.
exec_start
Commands to run in the jail environment after the jail is created. Example: sh /etc/rc. The pseudo-parameters section of JAIL(8) describes exec.start usage.
exec_stop
Commands to run in the jail environment before the jail is removed and after exec.prestop commands complete. Example: sh /etc/rc.shutdown.
exec_prestart
Commands to run in the system environment before a jail is started.
exec_poststart
Commands to run in the system environment after a jail is started and after any exec_start commands are finished.
exec_prestop
Commands to run in the system environment before a jail is stopped.
exec_poststop
Commands to run in the system environment after a jail is stopped.
exec_jail_user
Enter either root or another valid username. Inside the jail, this user runs the commands.
exec_system_user
Run commands in the jail as this user. By default, the current user runs these commands.
securelevel
The value of the jail securelevel sysctl. A jail never has a lower securelevel setting than the host system. Setting this parameter allows a higher securelevel setting. If the host system securelevel* setting is changed, the jail secure level is at least as secure.
sysvmsg
Allows or denies access to SYSV IPC message primitives. Use the dropdown list to select from Inherit, New or Disable. Select Inherit to make all IPC objects on the system visible to the jail. Select *New to make only objects the jail creates using the private key namespace visible. The system and parent jails have access to the jail objects but not private keys. Select Disable when the jail cannot perform any sysvmsg related system calls.
sysvsem
Allows or denies access to SYSV IPC semaphore primitives. Use dropdown list to select from Inherit, New or Disable. Use Inherit to make all IPC objects on the system visible to the jail. Select New to make only objects the jail creates using the private key namespace visible. The system and parent jails have access to the jail objects but not private keys. Select Disable when the jail cannot perform any sysvmem related system calls.
sysvshm
Allows or denies access to SYSV IPC shared memory primitives. Use dropdown list to select from Inherit, New or Disable. Select Inherit to make all IPC objects on the system visible to the jail. Select New to make only objects the jail creates using the private key namespace visible. The system and parent jails have access to the jail objects but not private keys. Select Disable when the jail cannot perform any sysvshm related system calls.
vnet_interfaces
A space-delimited list of network interfaces attached to a VNET enabled jail after it is created. Interfaces are released when the jail is removed.
Select to choose whether a process in the jail has access to System V IPC primitives. Equivalent to setting sysvmsg, sysvsem, and sysvshm to Inherit. Deprecated in FreeBSD 11.0 and newer! Use sysvmsg, sysvsem, and sysvshm instead.
allow_raw_sockets
Select to allow raw sockets. Utilities like ping(8) and traceroute(8) require raw sockets. When selected, source IP addresses are enforced to comply with the IP addresses bound to the jail, ignoring the IP_HDRINCL flag on the socket.
allow_chflags
Select to treat jail users as privileged and allow the manipulation of system file flags. Secure level constraints are still enforced.
allow_mlock
Enables running services that require mlock(2) in a jail.
allow_vmm
Allows the jail to access the bhyve virtual machine monitor (VMM). The jail must have FreeBSD 12.0 or newer installed with the vmm(4) kernel module loaded.
allow_quotas
Select to allow the jail root to administer quotas on jail file systems. This includes file systems the jail shares with other jails or with non-jailed parts of the system.
allow_socket_af
Select to allow access to other protocol stacks beyond IPv4, IPv6, local (UNIX), and route. Warning, jail functionality does not exist for all protocol stacks.
allow_mount
Select to allow privileged users inside the jail to mount and unmount file system types marked as jail-friendly. Also use dropdown list to select from list of options allow_mount_devfs, allow_mount_fusefs, allow_mount_nullfs, allow_mount_procfs, allow_mount_tmpfs or allow_mount_zfs.
Name
Description
Interfaces
Use to enter up to four interface configurations in the format interface:bridge, separated by a comma (,), where the left value is the virtual VNET interface name and the right value is the bridge name where to attach the virtual interface.
Use to set the jail host name. Defaults to the jail UUID.
resolver
Use to add lines to the jail resolv.conf. For example, nameserver IP;search domain.local. Delimit fields with a semicolon (;), this translates as new lines in resolv.conf. Enter none to inherit resolv.conf from the host.
exec_fib
Enter the routing table (FIB) to use when running commands inside the jail.
ip4.saddrsel
Select to disable IPv4 source address selection for the jail in favor of the primary IPv4 address of the jail. Only available when the jail is not configured to use VNET.
ip6.saddrsel
Select to disable IPv6 source address selection for the jail in favor of the primary IPv6 address of the jail. Only available when the jail is not configured to use VNET.
ip4
Controls the availability of IPv4 addresses. Use the dropdown list to select from options inherit, New or Disable. Select Inherit to allow unrestricted access to all system addresses. Select New to restrict addresses with ip4_addr. Select Disable to stop the jail from using IPv4 entirely.
ip6
Controls the availability of IPv6 addresses. Use the dropdown list to select from options inherit, New or Disable. Select Inherit to allow unrestricted access to all system addresses. Select New to restrict addresses with ip6_addr. Select Disable to stop the jail from using IPv6 entirely.
mac_prefix
Enter a valid MAC address vendor prefix. For example, E4F4C6.
vnet0_mac
Use to assign a fixed MAC address. Leave this field empty to generate random MAC addresses for the host and jail. To assign fixed MAC addresses, enter the MAC address to assign to the host, a space, then the MAC address to assign to the jail.
Name
Description
priority
Enter a numeric start priority for the jail at boot time. Valid priorities are between 1 and 99. Smaller values are higher priority. At system shutdown the priority is reversed. For example, 99.
hostid
Enter a new jail host id, if desired. For example, the hostid: 1a2bc345-678d-90e1-23fa-4b56c78901de.
comment
Enter comments about the jail.
template
Select to set this jail as a template.
host_time
Select to set system host time to synchronize the time between jail and host.
jail_zfs
Select to enable automatic ZFS jailing inside the jail. The jail fully controls the assigned ZFS dataset.
jail_zfs_dataset
Enter a ZFS file system name without a pool name to define the jailed dataset and fully hand over to a jail. You must set jail_zfs for this option to work.
jail_zfs_mountpoint
Enter the mount point for the jail_zfs_dataset. For example, /data example-dataset-name.
allow_tun
Select to reveal tun devices for the jail with an individual devfs ruleset. Allows the creation of tun devices in the jail.
Autoconfigure IPv6 with rtsold
Select to use rtsold(8) as part of IPv6 auto-configuration. Send ICMPv6 router solicitation messages to interfaces to discover new routers.
ip_hostname
Select to use DNS records during jail IP configuration to search the resolver and apply the first open IPv4 and IPv6 addresses. See jail(8).
assign_localhost
Select to add network interface lo0 to the jail and assign it the first available localhost address, starting with 127.0.0.2. The Basic PropertiesVNET checkbox must be cleared. Jails using VNET configure a localhost as part of their virtualized network stack.
Related Content
11.3 - Virtual Machines (Obsolete)
Reference documentation for the obsolete Virtual Machines screens.
Following the upstream FreeBSD 13.2 end-of-life, announced July 1, 2024, virtualization features (plugins, jails, and virtual machines) in TrueNAS 13.0 are now obsolete.
Enterprise users or community users with a critical need to use containers or virtualization solutions in production should migrate to the tested and supported virtualization features available in TrueNAS SCALE.
TrueNAS Enterprise customers can contact iXsystems to schedule a TrueNAS 24.04 or newer deployment.
See CORE to SCALE Migrations for more information.
The Virtual Machines screen displays a list of virtual machines (VM) configured on your system.
Use the blue COLUMNS button to display a list of options to customize the list view. Options are Select All, Autostart, Virtual CPUs, Cores, Threads, Memory Size, Boot Loader Type, System Clock, VNC Port, Com Port, Description, Shutdown Timeout or Reset to Defaults.
Use ADD to display the Virtual Machines configuration Wizard.
The State toggle indicates the current state of the VM. Hover over the toggle with your mouse to see the state as STOPPED or RUNNING. The toggle turns blue when it is running.
Select the Autostart checkbox to set the VM to start automatically after a system reboot, or clear the checkbox to require manually starting the VM after a system reboot.
Virtual Machine Wizard
The Wizard consists of six individual configuration screens.
Confirmation Options displays the summary of settings. You can use BACK to return to previous screens to make changes or use SUBMIT to save settings and create the virtual machine.
After saving the VM, if you want to make changes you can select the the VM on the list, expand it and select EDIT to make changes.
VM Wizard Navigation
You cannot advance to the next screen if the current screen has required fields.
After entering all required information you can advance to the next screen.
Use Next to advance to the next wizard configuration form.
Use Back to return to a previous wizard configuration form.
Use Cancel to exit the configuration wizard.
The blue edit icons preceding each Wizard screen name, at the top of the screen, allow you to jump to the screen you selected but only if you have populated all required fields on the current screen and any screen that follows in the sequence of screens.
If you select a screen that follows a Wizard screen that has required fields and you have not provided the information those required fields wants, the screen you selected does not display.
You must enter all required fields before you can freely move around in the Wizard screens.
Name
Description
Guest Operating System
Required field. Select the VM operating system type from the dropdown list three operating systems listed Windows, Linux or FreeBSD.
Name
Enter an alphanumeric name for the virtual machine.
Description
(optional) Enter a description for the OS.
System Clock
Required field. Specifies the VM system time. Select from the dropdown list options Local or UTC. Default is Local.
Boot Method
Select from the dropdown list options UEFI, UEFI-CSM or Grub. Select UEFI for newer operating systems or UEFI-CSM (Compatibility Support Mode) for older operating systems that only support BIOS booting. Grub is not recommended but can be used when the other options do not work.
Shutdown Timeout
The time in seconds the system waits for the VM to cleanly shut down. During system shutdown, the system initiates power-off for the VM after the shutdown timeout expires.
Start on Boot
Select to start this VM when the system boots.
Enable VNC
Select to enable a VNC (Virtual Network Computing) remote connection. Requires UEFI booting.
Delay VM Boot Until VNC Connects
Select to wait to start VM until VNC client connects.
Bind
Required field. Select from the dropdown list options 0.0.0.0, ::, ::1 or the system IP addresses provided on the list. VNC network interface IP address. The primary interface IP address is the default. A different interface IP address can be chosen.
Name
Description
Virtual CPUs
Number of virtual CPUs to allocate to the virtual machine. The maximum is 16, or fewer if the host CPU limits the maximum. The VM operating system might also have operational or licensing restrictions on the number of CPUs.
Cores
Specify the number of cores per virtual CPU socket. The product of vCPUs, cores, and threads must not exceed 16.
Threads
Specify the number of threads per core. The product of vCPUs, cores, and threads must not exceed 16.
Memory Size
Allocate RAM for the VM. Minimum value is 256 MiB. This field accepts human-readable input (Ex. 50 GiB, 500M, 2 TB). If units are not specified, the value defaults to bytes.
Name
Description
Create new disk image
Select to create a new zvol on an existing dataset. This is used as a virtual hard drive for the VM. Select Use existing disk image to use an existing zvol or file for the VM.
Select Disk Type
Select desired disk type from the dropdown list options AHIC or VirtIO.
Zvol Location
Rerquired field. Select a dataset for the new zvol.
Size
Allocate space for the new zvol. (Examples: 500 KiB, 500M, 2 TB) MiB. Units smaller than MiB are not allowed.
Name
Description
Adapter Type
Required field. Select an adapter from the dropdown list. Intel e82545 (e1000) emulates the same Intel Ethernet card. This provides compatibility with most operating systems. VirtIO provides better performance when the operating system installed in the VM supports VirtIO paravirtualized network drivers.
Mac Address
Enter the desired address into the field to override the randomized MAC address.
Attach NIC
Required field. Select the physical interface to associate with the VM from the dropdown list options.
Name
Description
Choose Installation Media Image
Browse to the operating system installer image file.
Upload an Installer Image File
Set to display image upload options.
Individual Virtual Machine Screen
The individual virtual machine screens display the VM settings and provide optional operation buttons for that VM.
Click the icon to expand that virtual machine and access current settings and operation actions.
The following operations are available on each VM screen:
Operation
Icon
Description
RESTART
replay
Retarts the VM.
POWER OFF
power_settings_new
Powers off and halts the VM, similar to turning off a computer power switch.
STOP
stop
Stops a running VM. Because a virtual machine doesn’t always respond well to STOP use the option to force the stop when prompted.
START
Starts a VM. The toggle turns blue when the VM switches to running.
EDIT
mode_edit
Displays the Virtual Machines > Edit screen. You cannot edit a VM while it is running. You must first stop the VM and then you can edit the properties and settings.
DELETE
delete
Deletes a VM. You cannot delete a virtual machine that is running. You must first stop the VM and then you can delete it.
DEVICES
device_hub
Displays the list of devices for this virtual machine. See xxx
CLONE
Makes an exact copy or clone of the VM that you can select and edit. A Name dialog displays where you can enter a name for the cloned VM. Naming the clone VM is optional. The cloned VM displays on the Virtual Machines list with the extension _clone0. if you clone the same VM again the extension for the second clone is clone1.
VNC
settings_ethernet
Opens a noVCN window that allows you to connect to a
SERIAL
keyboard_arrow_right
Opens the TrueNAS Shell screen.
The STOP button and the system State toggle both try to send an ACPI power-down command to the VM operating system. Sometimes the commands time out, so it is better to use the POWER OFF button instead.
Related Content
12 - Reporting
Contains information about the graphs displayed on the Reporting screen in TrueNAS CORE.
The Reporting screen displays graphs of system information for CPU, disk, memory, network, NFS, partition, target, UPS, ZFS and system functions.
TrueNAS uses Graphite for metric gathering and visualizations.
TrueNAS uses collectd to provide reporting statistics.
Reporting data is saved to permit viewing and monitoring usage trends over time.
This data is preserved across system upgrades and restarts.
Data files are saved in /var/db/collectd/rrd/.
Because reporting data is frequently written it should not be stored on the boot pool or operating system device.
Reporting Screen Display Options
Setting
Description
CPU
Displays the CPU Temperature, CPU Usage, and System Load graphs.
Disk
Displays graphs for each disk in the system.
Memory
Displays both the Physical memory utilization and Swap utilization graphs.
Network
Displays an Interface Traffic graph for each interface in the system.
NFS
Displays the NFS Stats (Operations) and NFS Stats (Bytes) graphs.
Partition
Displays graphs showing disk space allocations.
System
Displays both the Processes and Uptime graphs.
Target
Displays graphs only for systems with iSCSI ports configured and shows the bandwidth statistics for iSCSI ports.
UPS
Displays the graphs only if the system is configured for and uses a UPS.
ZFS
Displays the ARC Size, ARC Hit Ratio, ARC Requests demand_data, ARC Requests demand_metadata, ARC Requests prefetch_data, and ARC Requests prefetch_metadata graphs with the Arc and L2 gigabytes and hits (%), and the hits, misses and total number of requests.
Interacting with Graphs
Click on and drag a certain range of the graph to expand the information displayed in that selected area in the Graph.
Click on the icon to zoom in on the graph.
Click on the icon to zoom out on the graph.
Click the to move the graph forward.
Click the to move the graph backward.
Graphs
CPU graphs shows the amount of time spent by the CPU in various states such as executing user code, executing system code, and being idle.
Graphs of short-, mid-, and long-term load are shown, along with CPU temperature graphs.
Diskgraphs shows read and write statistics on I/O, percent busy, latency, operations per second, pending I/O requests, and disk temperature.
Use the Devices dropdown list to select one or all system disks for which you want to display a graph. Use the Metrics dropdown list to select one or all disk measurements to display.
Disk Metrics Options
Setting
Description
Select All
Displays all available graphs for any or all disks selected on the Devices dropdown list.
Disk Temperature
Displays the minimum, maximum and mean temperature reading for the disk selected.
Disk Busy
Displays the percent the selected disk is busy.
Disk Latency
Displays the disk latency in time,msec, for read, write and delete operations.
Disk Operations detailed
Displays the read, write and delete operations for the selected disk.
Pending I/O
Displays then length of pending I/O requests for the selected disk.
Disk I/O
Displays the disk read and write I/O stats in bytes/s.
Temperature monitoring for the disk is disabled if HDD Standby is enabled. Check the Storage > DisksEdit Disk* configuration form for any or all disks in the system if you do not see the temperature monitoring graph.
Memory graphs display memory usage and swap graphs display the amount of free and used swap space.
Network graphs report received and transmitted traffic in megabytes per second for each configured interface.
NFS graphs show information about the number of procedure calls for each procedure and whether the system is a server or client.
Partition graphs displays free, used, and reserved space for each pool and dataset. However, the disk space used by an individual zvol is not displayed as it is a block device.
System graphs displays the number of processes. It is grouped by state.
UPSgraphs show statistics about an uninterruptible power supply (UPS) using Network UPS tools. Statistics include voltages, currents, power, frequencies, load, and temperatures.
ZFS graphs shows compressed physical ARC size, hit ratio, demand data, demand metadata, and prefetch data.
Describes the web interface for the web shell on TrueNAS CORE.
The web interface has a web shell that makes it convenient to run command line tools from the web browser as the root user.
The prompt shows that the current user is root@truenas, the host name is truenas, and the current working directory is ~, where root is the user, truenas is the home directory of the logged-in user, and the symbol between the square brackets is the working directory.
The Shell screen includes three UI elements:
UI Element
Description
Set font size slider
Adjusts the size of text displayed in the shell main area.
RESTORE DEFAULT
Resets the shell font and size.
?
Displays the shell tooltip with helpful information about the screen. For example, CTRL+C kills a foreground process. It also lists built-in utilities such as: Iperf, Netperf, IOzone, arcstat, tw_cli, MegaCli, freenas-debug, tmux, and Dmidecode.
Shell command history is available for the current session.
The default shell for a new installations is zsh. See Changing the Default Shell for instructions on changing to a different shell.
See Using Shell for information on navigating in shell, typing commands, and other general instructions.
icon next to the iXsystems logo shows 
