The “easiest” would be if TrueNAS were able to provide its local user database via e.g. LDAP to containers and VMs. Obviously, that’s not the case. So an alternative would be to set up a container or VM with some sort of directory server, which is then used by both TrueNAS and the rest of the containers/VMs.
Of course, there are issues regarding booting, as of course, the VM/container will boot after TrueNAS, so there can’t be any dependencies there.
Any best practices recommendations? What do others use in such cases?
The only real option here is to set up an Active Directory server, whether a Windows Server instance or Samba with appropriate configuration. TrueNAS can then join the domain and inherit its users. Other software that can talk to AD can handle users that way, and/or you can set up a SSO solution like Authentik using the AD server as a backend.
SSO authentication for the TrueNAS GUI is said to be coming soon, but that wouldn’t work for share authentication.
Is there a specific reason why you hone in on AD vs e.g. LDAP?
Yes: AIUI, LDAP can’t be used to authenticate for SMB shares. See:
and
1 Like
Thanks!