I won't give anything to reinstall to SCALE, so I guess I'll give it a try because I regret the $4000 for the hardware. I will see how it behaves and what I will put everything into operation, but on forums where CORE vs SCALE are compared, most recommend CORE.
-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Enable user to login to webui
- Thread starter rmccullough
- Start date
-
- Tags
- 11.2 rc1
- Joined
- Jul 12, 2022
- Messages
- 3,222
You could use 2FA to sort of implement it.
Each time a junior admin wants to connect, they need to ask you for the code; not very pratical, but a solution nonetheless.
Or, go SCALE: it has things CORE is missing, be it features or bugs/limitations.
- Joined
- Nov 12, 2015
- Messages
- 1,471
This is correct, on SCALE today we have support for multiple "Admin" accounts that can each use the UI to handle administrative tasks. In the upcoming version 24.04, we are adding full auditing of UI and SMB Client actions, as well as some limited RBAC so you can have lesser privileged Admins, I.E. admins who cannot perform destructive actions, like deleting datasets, or snapshots, etc.
- Joined
- Nov 12, 2015
- Messages
- 1,471
Some additional information on how to set it up here:
www.truenas.com
Using Rootless Login
Explains rootless login and related functions. Provides instructions on properly configuring SSH and working with the admin and root user passwords.
- Joined
- Nov 12, 2015
- Messages
- 1,471
Good deal! Right now all admins are created "equal" so to speak, but the Dragonfish beta will be coming quick enough around Feb time-frame, so you'll have some new options for R/O admins, as well as restricted admins.
I must have messed something up with the setup because it's awfully slow. It takes terribly long when mounting disks and browsing through folders. Because of this, ubuntu, which is like a client, is slow to start. The same problem is with NFS and SMB. It also takes about 15 minutes to start copying files. Then it starts up and runs at 1GB as standard. There was no problem with that at CORE. I'm trying to find something in the NFS and SMB settings, but there isn't much to set up. Additionally, I always have to reboot the NAS for NFS or SMB configuration changes to take effect. I haven't got FTP working at all yet. Maybe I'll delete the whole thing again and start from the beginning.
- Joined
- Jul 12, 2022
- Messages
- 3,222
I would advise so too, what you are describing is not standard behaviour. If you continue to encounter this even after a clean install I suggest opening a dedicated thread.
No progress, I've already tried different NFS and SMB settings probably a hundred times, but nothing helped. I disconnected the drives and left only two in the single pool. The result is still the same. I reinstalled CORE and both NFS and SMB work normally. I'll give it another chance and delete the whole thing and install clean SCALE. I don't really believe it anymore.
somethingweird
Contributor
- Joined
- Jan 27, 2022
- Messages
- 183
For core - develop an proxy GUI (that use truenas API) that will control access via login?
MrGuvernment
Patron
- Joined
- Jun 15, 2017
- Messages
- 268
Even if it is a single account, a proper set up would be
1. A PAM solution (CyberArk example, or Bitwarden on prem, what ever) for storing shared credentials - users use their own account to login and access said account (audit trail of who and when)
2. RFC / Change process in place. The person who is doing the change, has submitted a proper change request, documenting what is to be changed and why and when, which is then approved by whom ever. This gives governance and an audit trail of changes in the environment.
I do understand the desire for accounts on devices, clients I work with, all systems that can, need to be LDAP joined and proper security and resource groups configured for Admins, Read only, auditors , et cetera. Zero trust and people have access they need. It is becoming a requirement for any type of cyber insurance and it is interesting TrueNAS CORE has not done this.
Sure, we can all trust our admins, and if you dont, they should not be working for you, but their is a very strong need for audit trails for many industries. But in this case, the above 1/2 options should be in place which would cover any need to know who did what and when.
Last edited:
- Joined
- Jul 12, 2022
- Messages
- 3,222
Well, CORE has seen a stop to almost all active development.
- Joined
- Mar 6, 2014
- Messages
- 9,554
DragonFish is using pam for API authentication (e.g. WebUI and external API users). Enterprise users will be able to use AD / LDAP accounts for API authentication. Auditing for administrative ops is WIP but will be complete when DragonFish officially released.
MrGuvernment
Patron
- Joined
- Jun 15, 2017
- Messages
- 268
Now port similar over to CORE :D
1) Deploying a PAM solution just for NAS management is like cracking a nut with a hammer. Despite the fact that I don't know of any good and functional free ones.
2) In the case of RFC, the situation is even worse, because if I had to approve everything for everyone, I can do it myself based on someone's request, for example by email.
But to the topic. After a clean install, I created a Pool from two 6TB drives and created a DataSet. I created an SMB and NFS share with anonymous permissions. I didn't add any users or change anything else. The result is the same as last time. Apparently there is a problem with establishing a connection or listing the contents of a folder. Initialization is always problematic, the actual process of copying or deleting is fast as usual. I tried accessing from Windows 10 and Ubuntu 22.04 and it makes no difference.
So this was the last attempt and I'm done with SCALE. I don't have free time for that anymore. I scrap the hardware, even if it's new, but I have no other use for it, maybe sometime later. I ordered a new QNAP, it is verified and except for one that is already 12 years old, they work perfectly reliably.
I'm still listing the hardware here in case someone is dealing with a similar problem.
MB: ASUS Pro WS WRX80E-SAGE SE
CPU: AMD Ryzen Threadripper PRO 5965WX
RAM: 8x Kingston Fury Renegade DIMM DDR4 32GB 3600MHz
Driver: 2x AXAGON PCES-SA4X4
HDD: 4x WD Gold 16TB, 6x WD Red Pro 10TB, 6x WD Gold 6TB
Taken 12/12/2023 / Price without discs: $4,279 (with discs: $8,977)
Finally, I would like to thank everyone involved for their time and willingness. Maybe sometime later I will decide to use TrueNAS and in that case I will definitely need advice again and so I will ask for advice again.
2) In the case of RFC, the situation is even worse, because if I had to approve everything for everyone, I can do it myself based on someone's request, for example by email.
But to the topic. After a clean install, I created a Pool from two 6TB drives and created a DataSet. I created an SMB and NFS share with anonymous permissions. I didn't add any users or change anything else. The result is the same as last time. Apparently there is a problem with establishing a connection or listing the contents of a folder. Initialization is always problematic, the actual process of copying or deleting is fast as usual. I tried accessing from Windows 10 and Ubuntu 22.04 and it makes no difference.
So this was the last attempt and I'm done with SCALE. I don't have free time for that anymore. I scrap the hardware, even if it's new, but I have no other use for it, maybe sometime later. I ordered a new QNAP, it is verified and except for one that is already 12 years old, they work perfectly reliably.
I'm still listing the hardware here in case someone is dealing with a similar problem.
MB: ASUS Pro WS WRX80E-SAGE SE
CPU: AMD Ryzen Threadripper PRO 5965WX
RAM: 8x Kingston Fury Renegade DIMM DDR4 32GB 3600MHz
Driver: 2x AXAGON PCES-SA4X4
HDD: 4x WD Gold 16TB, 6x WD Red Pro 10TB, 6x WD Gold 6TB
Taken 12/12/2023 / Price without discs: $4,279 (with discs: $8,977)
Finally, I would like to thank everyone involved for their time and willingness. Maybe sometime later I will decide to use TrueNAS and in that case I will definitely need advice again and so I will ask for advice again.
- Joined
- Mar 6, 2014
- Messages
- 9,554
Umm... Unix has had PAM since the 90s. It is quite functional. In Core and SCALE we use pam_winbind (Active Directory) and pam_ldap (LDAP) PAM modules for cases where users have centralized identity management.
MrGuvernment
Patron
- Joined
- Jun 15, 2017
- Messages
- 268
PAM solution would be for everything, company wide, not just for the NAS. All companies should be using some form of password management as there are often many shared accounts (especially in IT) vs the old shared excel file with a weak password, or 1 person using keepass, or everyone using a shared keepass with 1 shared password (defeats the purpose as well) With options like an on-prem BitWarden these days, it isnt too bad to manage.
RFC can be a pain, especially if it is a smaller shop, but personally living through far too many "who made that change!" and no on speaks up situations. Sure email is nice, but when you need to convey to the business a change, having a proper paper trail can save your butt, cause in the end, RFCs often get visibility from higher ups, so no excuses of "I didnt know that was happening, why are we down". I mean if you are the top dog in approving everything, it is one more system to use and get people trained on, but if you win the lottery one day...who gets to sift through your emails... vs a change management system.
I know about PAM or RFC and I understand their benefits, but it's too complicated and expensive, and the existing measures work more than enough, so I'm not even thinking about implementing PAM or RFC, and I won't implement them just to solve the limitations on the NAS side. I'd rather buy a NAS that doesn't have that limitation.
As I already wrote, I have not yet encountered a device with a similar limitation. I haven't even heard of such a device, so I just wasn't expecting it and therefore didn't test it in a VM. Just a lesson for next time, that I should pay more attention to such things. I have ordered a QNAP with 4 slots, some of the disks will be used and the rest of the hardware will remain here, hopefully it will be used over time.
Another thing I miss is the File Manager in the web interface, I thought it would be installed later, but I couldn't find it anywhere. So I don't know why it's so limited and I don't see how anyone can even use it. I only regret the time spent and the considerable money, both of which I could have used differently before Christmas.
As I already wrote, I have not yet encountered a device with a similar limitation. I haven't even heard of such a device, so I just wasn't expecting it and therefore didn't test it in a VM. Just a lesson for next time, that I should pay more attention to such things. I have ordered a QNAP with 4 slots, some of the disks will be used and the rest of the hardware will remain here, hopefully it will be used over time.
Another thing I miss is the File Manager in the web interface, I thought it would be installed later, but I couldn't find it anywhere. So I don't know why it's so limited and I don't see how anyone can even use it. I only regret the time spent and the considerable money, both of which I could have used differently before Christmas.
