Sihnon wiki

User Tools

Site Tools

You are here: start » truenas
truenas

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

truenas [2025/12/12 22:11] – created bentruenas [2025/12/14 09:50] (current) ben
Line 43: Line 43:
  
 When connecting from a non-domain joined Windows, it won't prompt for credentials and will fail. Must explicitly map a drive, using IPA domain creds first. Subsequent connections to the same hostname will reuse the credentials, so not all shares need to be mapped. When connecting from a non-domain joined Windows, it won't prompt for credentials and will fail. Must explicitly map a drive, using IPA domain creds first. Subsequent connections to the same hostname will reuse the credentials, so not all shares need to be mapped.
 +
 +====== ACME ======
 +
 +For the first server, follow the below instructions.
 +
 +  * Create a tsig key for nsupdate: <code bash>
 +tsig-keygen -a HMAC-SHA512
 +</code>
 +  * Update the key name to ''truenas.''
 +  * Distribute the key to nameservers via puppet (hiera key ''profile::freeipa::named::keys''), and make sure bind has been restarted to pick up the change
 +  * Create ''data/system/acme'' datasets
 +  * SSH to the host as ''truenas_admin'' and run the following: <code bash>
 +sudo chown truenas_admin /mnt/data/system/acme
 +git clone --depth 1 https://github.com/acmesh-official/acme.sh.git
 +</code>
 +  * Save the tsig key to ''/mnt/data/system/acme/.nsupdate.key'' (making sure the key name and secret match puppet)
 +  * 
 +
 +For subsequent servers, clone the ''acme'' filesystem
 +
 +For all servers:
 +
 +  * Navigate to ''Credentials->Certificates''
 +  * Add an ''ACME DNS-Authenticator''
 +    * Name: freeipa
 +    * Authenticator: shell
 +    * Script: ''/mnt/data/system/dns_acme.sh''
 +    * User: ''root''
 +    * Timeout: 60
 +    * Delay: 90
 +  * Add a ''Certificate Signing Request''. Follow the wizard. LetsEncrypt doesn't use any of the subject attributes so set any values.
 +  * Once added, click three dots next to the CSR ''Create ACME certificate''
 +    * Name: letsencrypt
 +    * Accept ToS
 +    * Directory UI: LetsEncrypt Production
 +    * Set Freeipa for each domain
 +  * Once the ''letsencrypt'' CSR appears in the list, navigate to ''System-General''
 +  * Click the GUI ''Settings'' button
 +  * Select ''letsencrypt'' certificate under ''GUI SSL Certificate'' and save changes, confirming thr restart
  
truenas.txt · Last modified: by ben
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki