Joining TrueNAS to a Windows Active Directory Domain

Joining a TrueNAS server to a Windows Active Directory (AD) allows you to use AD user and group accounts in TrueNAS permissions.

Requirements

What you will need:

• A Windows AD domain controller
• A domain user account that is an “administrator” (perhaps less)
• A TrueNAS server

TrueNAS configurations

1. Under Network and Global Configurations, set nameserver(s) to the IP address(es) of the domain controller(s). Set the Hostname and Domain appropriate for the domain you are going to join to.
2. Under System and General, set the timezone properly
3. Under General and NTP servers, remove all of the NTP servers and add in the AD domain controller IP address.
4. Under Directory Services and Active Directory, add in the following information:
   • Domain name (“company.com”)
   • A domain user account and it’s password
   • Tick Enable
   • Click on Save
5. To check on the domain connection, go to the TrueNAS shell and run this commands:

   wbinfo --test-secret
   wbinfo --domain-users
   wbinfo --domain-groups
   

Now domain users and groups will be listed in TrueNAS for permissions.

You can press the “REBUILD DIRECTORY SERVICE CACHE” at any time. Normally it is run once a day as defined in /etc/cron.d/middlewared. If in your environment you add or delete a lot of users/groups, you may wish to increase the interval. Be careful.

AD Connection Information

# midclt call activedirectory.domain_info | jq
{
  "LDAP server": "192.168.1.125",
  "LDAP server name": "DC01.HOMEDOM.FUN",
  "Realm": "HOMEDOM.FUN",
  "Bind Path": "dc=HOMEDOM,dc=FUN",
  "LDAP port": 389,
  "Server time": 1593026080,
  "KDC server": "192.168.1.125",
  "Server time offset": 5,
  "Last machine account password change": 1592423446
}

Source for some of this information: https://www.youtube.com/watch?v=Zf70Ry3uTcI