I ran into the same issue as the OP, and just thought I would add a couple of things from a much more inexperienced point of view.
Under Users->todd there is a "Primary Group ID" dropdown box. This should be set to a primary group ID which is not "wheel". In my case, it is "todd". This is what I got out of the Add a User guide in the FreeNAS documentation.
Under Users->View All Users, the "Group" column indicates that my user is in "todd". This confused me for a second, and after reading this thread, this is not the group that the user is really in.
Now, to resolve the issue of not being able to su to root, I want to Groups->View All Groups, and for wheel, clicked the "Memebers" button. Here, I added "todd" from the "Member users" list and hit OK. At this point, I was able to ssh into the box as todd and then su to root, without the OS telling me sorry. At least it is polite.
Hope this helps and I have not spread misinformation.