Nick2253
Wizard
- Joined
- Apr 21, 2014
- Messages
- 1,633
I think I already know the answer to this, but is there a way to login to the web console with a domain account, instead of root?
What we'd love to do is make certain administrators "NAS Administrators" who have access to log in to the web GUI to make changes. Once there, I really don't care if they have root permission. I just want a better way to control who gets access and who doesn't other than changing the root password.
The reason this came up is because we let one of our network admins go, and it wasn't pretty. Though we shut down his network credentials and removed his access, the one thing we didn't think about was the FreeNAS root password, which was shared by the sysadmins. Long story short, he got on the network, and did major damage to our FreeNAS server (yay for backups!).
In our security audit, the only system that we allow remote non-domain root/admin access is the FreeNAS system because of the web GUI, which makes me uncomfortable. I'd love to change that somehow, but unfortunately, I don't think that's an option. As I recall, root is the only web login option.
Someone prove me wrong!
What we'd love to do is make certain administrators "NAS Administrators" who have access to log in to the web GUI to make changes. Once there, I really don't care if they have root permission. I just want a better way to control who gets access and who doesn't other than changing the root password.
The reason this came up is because we let one of our network admins go, and it wasn't pretty. Though we shut down his network credentials and removed his access, the one thing we didn't think about was the FreeNAS root password, which was shared by the sysadmins. Long story short, he got on the network, and did major damage to our FreeNAS server (yay for backups!).
In our security audit, the only system that we allow remote non-domain root/admin access is the FreeNAS system because of the web GUI, which makes me uncomfortable. I'd love to change that somehow, but unfortunately, I don't think that's an option. As I recall, root is the only web login option.
Someone prove me wrong!