I’m a newbie switching from synology to TRUENAS. However, in passing, many of the conveniences in synology are not here and that’s why it makes me think.
For example:;
Adding a user and assigning SMB permissions to it is much more difficult than in Synology. What is the obstacle to making this easier?
Why isn’t there a tool for creating an “automatic password” when creating a user? (I couldn’t see the password complexity setting either. Those who know can tell me)
Is there a firewall in Sftp for “IP banning” and other settings for a certain number of wrong entries from the IP address for a brute force attack from the outside. If so, how is it done?
I think Truenas has nexcloud instead of Synology drive. Is this more useful?
What are the pros of nextcloud?
My questions will continue as I tamper with the system…
The answers from you will also shed light on those who want to switch to this platform. Thanks in advance.
My suspicion on this is, “lack of a coherent plan that works in all the use cases covered by the current method, and makes it significantly easier.” I’ve seen lots of people say it should be easier, but I don’t think I’ve seen anyone give a detailed plan for what that should look like.
Because nobody’s ever asked for it or seen the need for it, AFAIK. It doesn’t necessarily sound like a bad thing, but I’m not sure it’d be very valuable.
I don’t believe there is one. Why do you think it’s needed? For both this and the last question, if you join TrueNAS to an Active Directory or LDAP server, that server would handle the respective issues.
TrueNAS isn’t a firewall and doesn’t act as one, and shouldn’t be exposed to the outside.
Maybe someone here is familiar enough with “Synology Drive” to answer this, but that person isn’t me. But as to the pros of Nextcloud, I’d expect visiting nextcloud.com would be the best way to learn them.
A large part of the difference is that TrueNAS is designed to be a highly secure Enterprise solution that offers a free version for end-users. We have many federal and military customers.
At iX, we are always looking to simplify processes (e.g Dragonfish makes adding new shares/datasets easier), but we generally avoid processes that are less secure.
The other major focus of TrueNAS is data reliability… with OpenZFS. Synology use BTRFS which is not reliable for RAID5/6 and doesn’t expand or scale as well.
By all means join the Community and make suggestions… the community and IX review them, We try to take the most popular ideas that will be useful to Enterprise users a well.
I didn’t expect you to answer my questions so quickly and with interest. You are all wonderful. thanks.
I also have pfsense firewall.
However, for SFTP it is mandatory to open a port. and the attack comes to the relevant open port. What can pfsense do in this case?
pfsense can only block on a regional basis.
For example, in synology/Qnap, if you try to log in from the same IP address 3 times with the wrong username and password, it blacklists that IP address. Thus, it prevents the attacker from performing a brute force attack with thousands of passwords.
Such a feature shouldn’t be too difficult for an advanced software like Truenas.
If you say don’t use SFTP / FTP (I use SFTP) etc., what is your alternative suggestion?
OPENVPN is much more difficult to install and resiliency. not practical.
Now I requested
Think of a place with 200 users. It wouldn’t be bad if the system did it automatically instead of creating passwords for them one by one.
I don’t think it’d be a bad thing, but such a place is almost certainly going to be using Active Directory, in which case accounts on the NAS aren’t especially meaningful.
If you’re at an org with 200 users I’d expect/hope there was already a directory system in place that you would integrate TrueNAS into, rather than creating 200 new users
While creating a user, the folders that this user will access are listed on the same screen and permissions can be given to the desired folder by selecting it here. (You don’t have to go back to the sharing section and do it from there)
In this window, user quota can be given to the relevant folder.
or it may be in more specific useful settings.
When the user is clicked, you should be able to see which folders this user has access to.
If you have 200 users then you probably should be using a centralized user management solution (e.g. Active Directory) and not creating individual local user accounts on the NAS. This is a fundamental design problem.
You’re talking about something like Fail2Ban. TrueNAS doesn’t have this installed already, and apt is disabled because it’s an appliance. You could run it (and an SFTP server) in a jail, but in terms of user management within that jail you’d be on your own.
I see there is also the SFTPgo app, maybe have a look at that too.
My current active users are not 200, I gave that as an example. But of course there is a possibility that it will increase in the future. Currently the real users are around 70.
active directory is more accurate. But unfortunately there is no server available for it. Will I have any problems if I install a VM windows server (for active directory) on Truenas for now?
Yes. That creates a circular dependency. When TrueNAS is joined to active directory the AD domain controller provides DNS and identity services for the TrueNAS server. You should never have this provided by something residing on the server itself.
You should have at a minimum two domain controllers for an environment (fault tolerance) and all clients should be joined to the domain they provide.
Identity services are typically mission-critical for a business and so should be designed appropriately since an outage of them can cause work to come to a standstill.
If you are unfamiliar with Active Directory I strongly recommend reading documentation and perhaps consulting an SME prior to deploying at your place of work. It’s easy to get in over your head (but these are skills that are required for managing IT in a business environment).
TrueNAS is a NAS product (with a lot of add-ons via container), it’s not:
a firewall
a directory
a AAA system
a VPN concentrator
It’s meant to integrate into an ecosystem where these functions are either already provided elsewhere, or not necessary.
You seem to be looking for an all-in-one solution like QNAP, Synology or Windows Small Business Server (is that even A Thing any more? It’s been a long time since I supported Windows ). I suspect TrueNAS is maybe not the right solution for your requirements.
Even that probably warrants an AD or other LDAP environment. I’d also vote for running Windows Server (or whatever other LDAP server you’d want to use) somewhere other than on the NAS.
I’ve already tested it on proxmox so far.
Frankly, I couldn’t risk connecting the storage there. (The migration issue for disks seemed a bit complicated. I finally did it, but I still didn’t trust it.) Maybe I’ll use it as a backup.