Active Directory User Login to FreeNAS GUI

[Andrew480]

I have setup a FreeNAS server as a virtual machine running in VMware ESXi 6.7. I have joined my domain and setup a windows share with the appropriate AD group being able to access the share. AD logins to the share have been tested and is working correctly. Where my issue arises is with login to the GUI to manage the FreeNAS server. Currently I'm only able to login with the root user and this is a violation of security policy. For all systems, I require users to always login as themselves and administrator accounts, such as the root user, are to be used only as a last resort. However, I have been unable to figure out or find instructions on how to setup AD logins for the GUI itself. Any help with this would be greatly appreciated.

 

[dlavigne]

Unfortunately, only the root user is able to login to the UI at this time.

However, TrueCommand might work with your security policy: https://www.ixsystems.com/truecommand/.

 

[anodos]

I have setup a FreeNAS server as a virtual machine running in VMware ESXi 6.7. I have joined my domain and setup a windows share with the appropriate AD group being able to access the share. AD logins to the share have been tested and is working correctly. Where my issue arises is with login to the GUI to manage the FreeNAS server. Currently I'm only able to login with the root user and this is a violation of security policy. For all systems, I require users to always login as themselves and administrator accounts, such as the root user, are to be used only as a last resort. However, I have been unable to figure out or find instructions on how to setup AD logins for the GUI itself. Any help with this would be greatly appreciated.

What administrative actions do you need to perform? If it's merely logging modifying share ACLs, viewing and closing open files, etc, you can do this through AD accounts and Computer Management. I have plans to expand the capabilities here to allow share creation and a few other things. This will give a rudimentary RBAC for windows clients.

 

[Andrew480]

What administrative actions do you need to perform? If it's merely logging modifying share ACLs, viewing and closing open files, etc, you can do this through AD accounts and Computer Management. I have plans to expand the capabilities here to allow share creation and a few other things. This will give a rudimentary RBAC for windows clients.

It's administration of the NAS itself (i.e. everything in the WebUI). In order to be able to use FreeNAS I would need to be able to assign an AD user group for controlling access to the web interface. We do not allow common logins except in cases of emergency. So allowing multiple people to login as the "root" user is a violation of security policy. At this point I'm just going to create a file server and move on.