TrueNAS
Products
Support & Resources
Solutions
Company
  1. TrueNAS 25.10
  2. /
  3. TrueNAS Tutorials
  4. /
  5. Credentials
  6. /
  7. Setting Up Directory Services
  8. /
  9. Configuring IPA
Edit page
TrueNAS TrueNAS Stable Version Documentation
This content follows TrueNAS 25.10 (Goldeye) releases.
Use the Product and Version selectors above to view content specific to a different software release.

Configuring IPA

  3 minute read.

TrueNAS supports IPA (Identity, Policy, and Audit) as a comprehensive identity management solution. IPA integrates LDAP, Kerberos, NTP, and DNS services in a single package, providing centralized authentication and authorization for network resources.

You can have either Active Directory, LDAP, or IPA configured on TrueNAS but not multiple directory services simultaneously.
Does IPA work with SMB? IPA can work with SMB shares when properly configured. IPA includes integrated Samba support and can provide user and group information for SMB authentication. TrueNAS validates the full certificate chain when certificate validation is enabled. TrueNAS does not support non-CA certificates when certificate validation is required.

Configuring IPA

Configure TrueNAS to use an IPA directory server:

  1. Go to Credentials > Directory Services and click Configure Directory Services to open the Directory Services Configuration form.

  2. Select IPA from the Configuration Type dropdown list.

  3. Enter the Basic Configuration settings:

    • Select the Enable Service checkbox to activate the IPA configuration. Selected by default.

    • Select the Enable Account Cache checkbox to cache user and group information. Caching makes directory users and groups available in UI dropdown menus. Selected by default.

    • Select the Enable DNS Updates checkbox to allow the directory service to update DNS records. Selected by default.

    • Enter the number of seconds (1-40) before the directory service connection times out in Timeout (seconds). Required.

    • Enter the domain name in Kerberos Realm. This is usually the uppercase version of the domain name, for example, EXAMPLE.COM.

  4. Enter the Credential Configuration settings:

    • Select Kerberos User from the Credential Type dropdown list. Required.

    • Enter the IPA user account username in Username. Required.

    • Enter the password for the user account in Password. Required.

  5. Enter the IPA Configuration settings:

    • Enter the IPA server hostname or IP address in Target Server. Required.

    • Enter the hostname for your TrueNAS system in TrueNAS Hostname. Required.

    • Enter the domain name in Domain. Required.

    • Enter the base distinguished name for the IPA directory in Base DN. Required. For example, dc=example,dc=com.

    • (Optional) Select the Validate Certificates checkbox to verify certificate authenticity when connecting to the IPA server. TrueNAS validates the full certificate chain when this option is selected.

  6. Configure SMB domain settings:

    Select Use Default SMB Domain Configuration to use default SMB domain settings. Selected by default.

    To customize SMB domain settings, clear Use Default SMB Domain Configuration to reveal additional configuration options: Name, Domain Name, Range Low, Range High, and Domain SID.

  7. Click Save.

Disabling IPA

Clear the Enable Service checkbox to disable the IPA directory server. This does not remove the configuration. The main Directory Services screen returns to the default view showing the option to configure directory services.

Click Configure Directory Services to open the Directory Services Configuration form with the saved IPA configuration to enable IPA again. Select Enable Service again to reactivate your IPA directory server configuration.

Removing IPA from TrueNAS

Click Settings to open the IPA screen to remove the IPA configuration. Clear all settings and click Save.

Related Content

Tutorials
UI Reference

Have more questions?

For further discussion or assistance, see these resources:

Found content that needs an update?  You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).