Using Administrator Logins

The initial implementation of the TrueNAS SCALE administrator login permitted users to continue using the root user but encouraged users to create a local administrator account when first installing SCALE. Starting with SCALE Bluefin 22.12.0, root account logins are deprecated for security hardening and to comply with Federal Information Processing Standards (FIPS). All TrueNAS users should create a local administrator account with all required permissions and begin using it to access TrueNAS.
Read full post gdoc_arrow_right_alt

Advanced Settings Screen

Advanced settings have reasonable defaults in place. A warning message displays for some settings advising of the dangers of making changes. Changing advanced settings can be dangerous when done incorrectly. Use caution before saving changes. Make sure you are comfortable with ZFS, Linux, and system configuration, backup, and restoration before making any changes. The Advanced settings screen provides configuration options for the console, syslog, audit, kernel, sysctl, storage (system dataset pool), replication, websocket sessions, cron jobs, init/shutdown scripts, allowed IP addresses, isolated GPU device(s), self-encrypting drives, and global two-factor authentication.
Read full post gdoc_arrow_right_alt

Security Recommendations

Follow these best practices to administer TrueNAS securely. These generally apply to either TrueNAS CORE or TrueNAS SCALE, but each software might place the related options in slightly different web interface locations. General Recommendations Modifying the base TrueNAS firmware image is unsupported and can create security issues. Keep TrueNAS up to date with the most recent updates for your supported version. Upgrade to new major releases in a timely manner consistent with the deployment use case.
Read full post gdoc_arrow_right_alt

Two-Factor Authentication Screen

Two-factor authentication is time-based and requires a correct system time setting. The Two-Factor Authentication screen has buttons to manage two-factor authentication (2FA) credentials, and it displays a different message depending on if you have 2FA enabled or disabled. To configure 2FA settings go to the Advanced settings screen. For more information, see the Managing Global 2FA tutorial. Figure 1: 2FA Screen with Disabled Message Figure 2: 2FA Screen with Enabled Message Actions Renew Secret changes the system-generated Secret and Provisioning URI values.
Read full post gdoc_arrow_right_alt

Managing Global 2FA (Two-Factor Authentication)

Global Two-factor authentication (2FA) is great for increasing security. TrueNAS offers global 2FA to ensure that entities cannot use a compromised administrator root password to access the administrator interface. Advanced settings have reasonable defaults in place. A warning message displays for some settings advising of the dangers of making changes. Changing advanced settings can be dangerous when done incorrectly. Use caution before saving changes. Make sure you are comfortable with ZFS, Linux, and system configuration, backup, and restoration before making any changes.
Read full post gdoc_arrow_right_alt

two_factor

The TrueNAS CLI guide for SCALE is a work in progress! New namespace and command documentation is continually added and maintained, so check back here often to see what is new! auth two_factor commands are based on authentiation functions found in the SCALE API and web UI. Use to set up user two-factor authentication and view status for the user. Enter auth ls to view the list of available commands and namespaces.
Read full post gdoc_arrow_right_alt

Using Two-Factor Authentication

We recommend two-factor authentication (2FA) for increased security. TrueNAS offers 2FA to ensure that a compromised administrator (root) password alone cannot grant access to the administrator interface. To utilize 2FA, you need a mobile device with Google Authenticator installed. Other authenticator applications can be used, but you will need to confirm the settings and QR codes generated in TrueNAS are compatible with your particular app before permanently activating 2FA. What is 2FA, and why would I want to enable it?
Read full post gdoc_arrow_right_alt

2FA (Two-Factor Authentication)

TrueNAS offers Two-Factor Authentication (2FA) to ensure that a compromised administrator (root) password cannot be used by itself to gain access to the administrator interface. 2FA Configuration User Settings Name Description One Time Password (OTP) Digits The number of digits in the One-Time Password. The default is 6, which is Google’s standard OTP length. Check your app/device settings before selecting this. Interval The lifespan (in seconds) of each OTP. Default is 30 seconds.
Read full post gdoc_arrow_right_alt