TrueNAS SCALETrueNAS SCALE Version Documentation
This content follows the TrueNAS SCALE 24.04 (Dragonfish) releases. Use the Product and Version selectors above to view content specific to different TrueNAS software or major version.

Active Directory Screens

Active Directory Widget

The Active Directory widget displays after you configure SCALE settings for your Active Directory instance. The widget includes Status, and the Domain Name and Domain Account Name you configured.

ActiveDirectoryWidget

Settings opens the Active Directory screen with a subset of settings you can edit.

Active Directory - Add and Edit Screens

The Active Directory configuration screen has two screens, Basic Options the default view, and Advanced Options. After configuring Active Directory, the edit Active Directory screen includes both the basic and advanced options, but the basic options are a limited subset of settings of what is available when you add AD.

Rebuild Directory Service Cache resyncs the cache if it gets out of sync or there are fewer users than expected are available in the permissions editors.

Leave Domain disconnects the TrueNAS system from the Active Directory server.

Active Directory Basic Options

The edit version of the Basic Options screen only includes the Domain Name and Enable options. The Basic Options settings are included on the Advanced Options screen.

Basic Option Settings

ActiveDirectoryBasicOptions

SettingDescription
Domain Name(Required) Enter the Active Directory domain (example.com) or child domain (sales.example.com). Editable after save.
Domain Account Name(Required) Enter the Active Directory administrator account name. Not editable after you save.
Domain Account Password(Required) Password for the Active Directory administrator account. Required the first time you configure a domain. After initial configuration, the password is not needed to edit, start, or stop the service. After the initial configuration or joining, SCALE uses the Kerberos Principal instead of the password.
Enable (requires password or Kerberos principal)Select to enable the Active Directory service. Clear to disable Active Directory. After disabling Active Directory, the Directory Services screen returns to the default and provides the options to configure AD or LDAP. SCALE creates a Kerberos realm and keytab from what it detects in Active Directory, then populates the Kerberos Realm and Kerberos Principal settings on the Advanced Options screen.

Active Directory Advanced Options

The Advanced Options screen displays the same settings on both the add and edit versions of the Active Directory screen. On the add Active Directory screen, the Advanced Options screen includes the Basic Options settings. On the edit screen, the Advanced Options displays the subset found on the Basic Options screen.

Advanced Options Settings

ActiveDirectoryAdvancedOptions

SettingDescription
Site NameEnter the Relative Distinguished Name (RDN) of the site object in the AD server. This is the first component of the distingishedName in AD. For more info read Configuring Active Directory.
Kerberos RealmSelect an existing realm from the dropdown list of options. Options are those configured in Kerberos Realms. After selecting Enable (requires password or Kerberos principal), SCALE populates the Kerberos Realm and Kerberos Principal fields with what it discovered in AD.
Kerberos PrincipalSelect the location of the principal in the keytab created in Directory Services > Kerberos Keytabs. After selecting Enable (requires password or Kerberos principal), SCALE populates the Kerberos Realm and Kerberos Principal fields with what it discovered in AD.
Enable (requires password or Kerberos principle)Select to enable AD service. The first time you select this option you must enter the password for the domain admin account. After selecting Enable (requires password or Kerberos principal), SCALE populates the Kerberos Realm and Kerberos Principal fields with what it discovered in AD.
Verbose LoggingSelect to log attempts to join the domain in /var/log/messages.
Allow Trusted DomainsSelect if you do not want the username to include a domain name. Leave cleared to force the domain names to be prepended to usernames. One possible reason to not select this is to prevent username collisions when this is selected and there are identical usernames across multiple domains.
Use Default DomainSelect to prepend the domain name to the username. Leave clear to prevent name collisions when Allow Trusted Domains is selected and multiple domains use the same username.
Allow DNS UpdatesSelect to enable Samba to do DNS updates when joining a domain.
Disable AD User/Group CacheSelect to disable caching AD users and groups, which can help when unable to bind to a domain with a lot of users or groups.
Restrict PAMSelect to restrict SSH access in certain circumstance to members in BUILTIN\Administrators.
Computer Account OUEnter the organizational unit (OU) that creates new computer accounts. Enter the OU string from top to bottom without RDNs. Uses forward slashes (/) as delimiters, like Computers/Servers/NAS. Use backslashes (\) to escape characters but do not use as separator. TrueNAS interprets backslashes at multiple levels, so you might have to use several for them to work. If left blank, TrueNAS creates new computer accounts in the AD default OU.
AD TimeoutEnter the number of seconds before timeout. To view the AD connection status, open the interface Task Manager, click History to open the Jobs screen.
DNS TimeoutEnter the number of seconds before a timeout. Increase this value if AD DNS queries time out.
Winbind NSS InfoSelect the schema to use when querying AD for user/group info. rfc2307 uses the Windows 2003 R2 schema support, sfu is for Service For Unix 3.0 or 3.5, and sfu20 is for Service For Unix 2.0.
Netbios Name(Required) Enter a netbios name of this NAS if not using the default. The name must differ from the Workgroup name and not exceed 15 characters. Default setting is truenas.
NetBIOS AliasAlternative names (no greater than 15 characters) that SMB clients can use when connecting to this NAS.
Leave DomainDisconnects the TrueNAS system from the AD server.