An Access Control List (ACL) is a set of account permissions associated with a dataset and applied to directories or files within that dataset. These permissions control the actions users can perform on the dataset contents. ACLs are typically used to manage user interactions with shared datasets and are created when a …

Read More

Active Directory (AD) is a service for sharing resources in a Windows network. Because AD provides authentication and authorization services for the users in a network, it is not necessary to recreate the same user accounts on TrueNAS. AD can be configured on a Windows server that is running Windows Server 2000 or …

Read More

TrueNAS includes an Open LDAP client for accessing information from an LDAP server. An LDAP server provides directory services for finding network resources such as users and their associated permissions. LDAP authentication for SMB shares is disabled unless the LDAP directory has been configured for and populated with …

Read More

You can encrypt the root dataset of a new storage pool to further increase data security. Please note that you will be responsible to remember or otherwise back up passphrases or other access methods to your encrypted data. Data-at-rest encryption is available with: Self Encrypting Drives (SEDs) using OPAL or FIPS …

Read More

Notice TrueNAS replaced GELI encryption with ZFS native cryptography in the version 12.0 release. This article is provided as a historical reference for encryption management in FreeNAS/TrueNAS 11.3 and earlier. GELI Encryption FreeNAS/TrueNAS 11.3 and earlier used GELI …

Read More

The iXsystems Security Team cryptographically signs TrueNAS ISO files so that users can verify the integrity of their downloaded file. This article demonstrates how to verify an ISO file using the Pretty Good Privacy (PGP) and SHA256 methods. PGP ISO Verification You will need an OpenPGP encryption application for this …

Read More

Kerberos is a web authentication protocol that uses strong cryptography to prove the identity of both client and server over an insecure network connection. Kerberos uses “realms” and “keytabs” to authenticate clients and servers. A Kerberos realm is an authorized domain that a Kerberos server …

Read More

This feature was introduced in TrueNAS 12.0 You can adjust which Transport Layer Security (TLS) cipher suites TrueNAS accepts for secure connections to the web interface. For best security, only use TLS 1.2 or newer versions. By default, all options are available if you need to adjust this setting to match your …

Read More

Microsoft LDAP defaults 2020 “LDAP channel binding and LDAP signing provide ways to increase the security of network communications between an Active Directory Domain Services (AD DS) or an Active Directory Lightweight Directory Services (AD LDS) and its clients. There is a vulnerability in the default configuration …

Read More

When using services on TrueNAS, especially services that allow outside connections, there are some best practices to follow to ensure your system is safe and secure. The main services that will be discussed in this article are SSH, SMB, NFS, and iSCSI. SSH Using Secure Shell (SSH) to connect to your TrueNAS can be very …

Read More

Self-Encrypting Drives TrueNAS version 11.1-U5 introduced Self-Encrypting Drive (SED) support. These SED specifications are supported: Legacy interface for older ATA devices. Not recommended for security-critical environments TCG Opal 1 legacy specification TCG OPAL 2 standard for newer consumer-grade devices TCG …

Read More

Introduction TrueNAS can act as a Certificate Authority (CA). When encrypting SSL or TLS connections to the TrueNAS system, either import an existing CA, or create a CA and certificate on the TrueNAS system. This certificate will appear in the drop-down menus for services that support SSL or TLS. If desired, a new CA …

Read More

Introduction By default TrueNAS comes equipped with an internal, self-signed certificate. This enables encrypted access to the web interface. If desired, a new certificate can be created or an existing certificate can be imported. To add or import a certificate, go to System > Certificates and click ADD. First, …

Read More

Do not use SBM1 SMB1, also known as SMBv1, is an early version of the Windows SMB file-sharing protocol. Microsoft has deprecated the SMB1 protocol for security reasons and strongly recommends removing SMB1. SMB1 is disabled by default in FreeNAS and TrueNAS. Current SMB networking clients use later versions of the SMB …

Read More

Secure Socket Shell (SSH) is a network protocol that provides a secure method to access and transfer files between two hosts while using an unsecure network. SSH can use user account credentials to establish secure connections, but often uses key pairs shared between host systems for authentication. When TrueNAS is …

Read More