Only Root user there can login?

[SimonClausen]

Hello everyone :)

I work in a company where i have installed a truenas, but i hit a problem.

Can i really not create a other user there have the access to login intro truenas via web interface, or is it really only the root user there have that access?

Or old freenas could create a another user.

 

[Kris Moore]

UI access is only done via root user right now.

 

[sretalla]

You might want to consider using TrueCommand to manage your TrueNAS instances.

You can have multiple accounts in TrueCommand and can delegate admin access to your TrueNAS servers in that RBAC system.

 

[sackerman]

Is this something that will eventually be addressed? Many compliance models require for example 'Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions' (NIST 800-171). This kind of seems like 'Security 101' to me. We cannot currently implement this control on our FreeNAS/TrueNAS systems.

 

[c77dk]

Is this something that will eventually be addressed? Many compliance models require for example 'Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions' (NIST 800-171). This kind of seems like 'Security 101' to me. We cannot currently implement this control on our FreeNAS/TrueNAS systems.

With TrueCommand you have RBAC - maybe try it out?

 

[sackerman]

Doesn't really solve the core issue. I have multiple sysadmins that need to login to administer TrueNAS but as the current documentation clearly states "Only the root user account can log in to the TrueNAS web interface". So there is no way of determining which admin did what. Again, this is not an uncommon requirement.

 

[Samuel Tai]

@sackerman, consider the root account an emergency failsafe. Generate API keys and use that in TrueCommand for routine admin access. TrueCommand can be tied to LDAP/AD for RBAC.

 

[sackerman]

Since we have more than 50 drives we would have to purchase the license on the iXSystems private cloud. Is the iXSystems private cloud FedRamp Moderate compliant? if not then I am still stuck. Again, this is not an unusual request or an unusual feature built into platforms.

 

[winnielinnie]

The fact that the login screen has a "username" field was something I brought up as redundant and confusing to users (back in June 2020), since it implies you can enter a different username in this field. Since "root" is the only one who can login via the login page, there should only be a password-prompt (a la Pi-hole).

Until different users are allowed to login to the dashboard, having this "username" input field is redundant and confusing.

 

[Patrick M. Hausen]

Since we have more than 50 drives we would have to purchase the license on the iXSystems private cloud. Is the iXSystems private cloud FedRamp Moderate compliant? if not then I am still stuck. Again, this is not an unusual request or an unusual feature built into platforms.

You can buy a license for on-premises deployment, too.

 

[sackerman]

Great, thanks! That was not clear on the website. We will go that route.