Problem/Justification
Migration from plain SAMBA or proprietary QNAP QTS solution without LDAP/AD but local users to TrueNAS without having to reset all existing user passwords or the need to know all plaintext passwords.
Impact
The effort to migrate to TrueNAS is reduced. Existing Server can be replaced without the need to set new passwords for each user.
User Story
Currently if a user is created in TrueNAS Web interface a UNIX- and a NTLM-Password hash is generated and saved to internal database.
In order to keep the NTLM hashes it is necessary to manually do the following:
- Creating user with TrueNAS Web interface
- Extracting the NTLM Hashes from the old system from e.g.
/etc/config/smbpasswd - Retrieving internal user id and setting NTLM hash for user id manually in database
- Rebooting the system to automatically regenerate SAMBA user DB from internal database
Suggestion
My suggestion would be to make it possible to input the NTLM hash while creating a new user in the web interface. I understand that dealing with NTLM hashes may be insecure but at this step the plain text password would be entered from which the hash could be computed anyway.
So instead of generating the NTLM hash from the password please make it possible to input it directly. So the password would be used for UNIX password hash and the old hash for SAMBA.
So it would be possible to migrate to TrueNAS without any impact for the users.
Not knowing how to migrate users like that would have prevented my migration to TrueNAS entirely.