• [6.10.3] Intermittent SMB Issues After 6.10.2 Upgrade


    Geoff Bland
    • Urgent

    Myself and many other users are experiencing many issues with SMB shares using Windows Active Directory since upgrading to 6.10.2. Upgrading to 6.10.3 has not fixed this.

     

    This are all listed in the forum thread 

     

    My own issue is that for most of the time since upgrading to 6.10.2 I cannot access any UNRAID share with my own user account - however this is intermittent and occasionally access works fine for a day or two. A few other user accounts are affected but also some accounts are fine and have no problems.

     

    My log drive is 98% full due to very large syslog files. The syslog shows continual refused mount requests for my account and this seems to be as it cannot convert my SID to a UID.
     

    Jul 15 21:58:49 UNRAID01 smbd[****]:   check_account: Failed to convert SID S-1-5-21-XXXXXXXX-XXXXXXXX-XXXXXXXX-1105 to a UID (dom_user[DOMAIN\username)
    

     

    The  /var/log/samba/log.smbd log file is also full of the same error message.

     

    I also note this 

     

    root@UNRAID01:~# wbinfo -i myuser
    failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
    Could not get info for user myuser
    root@UNRAID01:~# wbinfo -i okuser
    okuser:*:NNNNNNNN:NNNNNNNNNN:okuser:/home/DOMAIN/okuser:/bin/false

     

    I can call wbinfo for all users on the UNRAID server and this gets the correct SIDs for all.

    • Upvote 2



    User Feedback

    Recommended Comments



    There is now a sub-forum for Active Directory issues in the Unraid OS 6 Support Section of the forum.  This will allow you an opportunity to ask for assistance and advice about specific issues about Active Directory problems.  By taking your issue there, it will permit many different threads/topics each one addressing a single problem from a single user.  (Please don't hijack a thread/topic!   If the problem looks exactly like the one you are experiencing, follow the thread quietly and see if it can provide an answer/solution to your problem.  If you need a quicker answer, start a new thread/topic and ask for help.)

     

    Here is the link to the sub-forum for Active Directory:

     

            https://forums.unraid.net/forum/102-active-directory/

     

    I am hoping that some of you will take the time to post some guidance/tutorials to those users who are just beginning to use Active Directory.   Remember that all of us were a Noob at some time in the past...

    Edited by Frank1940
    Link to comment
    38 minutes ago, Frank1940 said:

    There is now a sub-forum for Active Directory issues in the Unraid OS 6 Support Section of the forum. 

     

    Thanks.

     

    But... not sure if you are the right person to ask but having NFS, SMB and Active Directory under a subtopic called "Network Protocol Support" seems odd. These are file sharing protocols, users might not expect to find these here. Would "File Sharing Protocol Support" be a better name for this sub-forum. Sorry for looking a gift-horse in the mouth 😐

    Link to comment
    46 minutes ago, Geoff Bland said:

     

    Thanks.

     

    But... not sure if you are the right person to ask but having NFS, SMB and Active Directory under a subtopic called "Network Protocol Support" seems odd. These are file sharing protocols, users might not expect to find these here. Would "File Sharing Protocol Support" be a better name for this sub-forum. Sorry for looking a gift-horse in the mouth 😐

     

    Here is the spot where this whole forum section came about:

             

    It would not be out-of-place for you to make a suggestion about the title.  When I was thinking about it, it was a bit of a struggle to come with a suitable name.  Your idea has definite merit!  Pinging @SpencerJ so he knows the background if you make a suggestion in the above thread/topic. 

    • Like 1
    Link to comment
    1 hour ago, Geoff Bland said:

    Would "File Sharing Protocol Support" be a better name for this sub-forum.

     

    Yeah, this makes more sense.  I'll update- thanks for the suggestion!

    • Upvote 1
    Link to comment

    I just want to chime in and say thank you @Geoff Bland for carrying the ball as far as you did 👍

    Back when I started rattling cages about this issues ages ago I didn't think we would get a workaround/semi-fix like we have now (2 months, 8 hours and 26mins of uptime as I type this).

     

    Thanks to everyone else on the unraid side for finally taking this serious as well. I really wish more was done MUCH sooner, but I'm just happy to get any dev eyeballs at this point.

     

    Here is to hoping for an official patch in a future build, so I won't be terrified to upgrade sometime down the road.

    Link to comment
    10 hours ago, CallOneTech said:

    a workaround/semi-fix like we have now

     

    There is a workaround, but it did not solve the problem in all cases.
    In my case, the problem still exists. It has been going on for over 2 months now. For the business sector (where I would place Active Directory), this is an unacceptably long period of time.

    I very much welcome the fact that the topic of Active Directory now seems to be receiving more attention with the new forum area.
    However, I think it is more important to fix the urgent, still open problems instead of putting energy into new topics.

    Link to comment

    100% agree that this problem isn't solved. But, it was much worse before it got the traction that it has today. It was basically ignored as an edge case issue that's not worth the effort and now we might actually see a proper fix (on of these days?). 

     

    Forward progress is progress... We just need to cross the finish line now.

     

    Link to comment
    22 minutes ago, CallOneTech said:

    Forward progress is progress... We just need to cross the finish line now.

     

    Don't expect this anytime soon for Samba-Active_Directory issues or anything else.  Just remember that MS releases monthly updates to supported versions of Windows to address various issues.  About half the time, one or more of these updates are updated within two weeks of release because of edge-case problems in the updates.

     

    Remember that MS is still updating SMB and often Samba will require an update to keep current with those changes...

    Link to comment
    11 minutes ago, Frank1940 said:

    Remember that MS is still updating SMB and often Samba will require an update to keep current with those changes...

     

    As far as I can tell, this problem was not caused by a Microsoft update, but by the upgrade to Unraid 6.10.2, which led to the discovery of some Samba configuration problems in Unraid.

     

    Furthermore, there are other projects that currently use Samba in a domain environment and do not have such problems.

     

    I therefore see the ball not in Microsoft's or the Samba developers' court, but rather in the court of the Unraid devs.

    • Like 1
    Link to comment
    3 minutes ago, psychofaktory said:

     

    As far as I can tell, this problem was not caused by a Microsoft update, but by the upgrade to Unraid 6.10.2, which led to the discovery of some Samba configuration problems in Unraid.

     

    Furthermore, there are other projects that currently use Samba in a domain environment and do not have such problems.

     

    I therefore see the ball not in Microsoft's or the Samba developers' court, but rather in the court of the Unraid devs.

    I agree, I use UnRaid since 2018, always with AD and never had any problems. Until 6.10.2 update.

    • Upvote 1
    Link to comment
    4 hours ago, CallOneTech said:

    100% agree that this problem isn't solved. But, it was much worse before it got the traction that it has today. It was basically ignored as an edge case issue that's not worth the effort and now we might actually see a proper fix (on of these days?). 

     

    Forward progress is progress... We just need to cross the finish line now.

     

    This is 100% an unraid issue not a Samba issue. I have had no issues with TrueNAS. As others have mentioned, other implementations of Samba are not seeing the issue. Please fix your integration and not blame others, as much as MS does break things all the time. 

    Link to comment

    The problem already arose with the first version of 6.10.
    There are no problems with any 6.9 version.

    We have 10 QNAP NAS systems and not a single system has a problem with Samba. Not even when using ACL.
     

    A newly installed 6.10.x only causes problems. A newly installed 6.9.x causes no problems.

    Link to comment

    Whoops... Looks like I kicked off yet another firestorm of replies.

     

    As a long standing IT veteran (like many of you)  I always say, passing the buck to another vendor is the most toxic thing that happens in this industry.

     

    We routinely deal with problems that are super complex, and that speck of doubt provides enough cover to yell "NOT MY JOB!!!" from the rooftops. It's annoying when my vendors still do it to me 30 years into the game and it really sucks for end-users, because they don't know any better.

     

    I don't think it needs to be repeated that this is a problem with unraid's implementation, and not windows. We can quickly prove that statement by looking at the similar storage solutions out there that work perfectly fine. 

     

    Here is to hoping we can keep this alive until we get a proper fix that gets merged into future unraid updates.

    Link to comment
    19 hours ago, Luke_Starkiller said:

    Has the Unraid developers made any comment regarding using an EOL version of samba?

    Not sure what you mean, latest Unraid release uses Samba 4.17.2 which is the latest Samba release currently available.

    Link to comment

    The error still occurs with the current version 6.11.5.
    also extremely annoying:
    After every Unraid System Update the permissions on all share folders under /mnt/user/ are reset to 0777 (owner "administrator", group "domain-admins"). This causes problems especially with Nextcloud Docker every time!

     

    On 11/13/2022 at 11:07 AM, JorgeB said:

    Not sure what you mean, latest Unraid release uses Samba 4.17.2 which is the latest Samba release currently available.

    I guess @Luke_Starkiller doesn't mean that an EOS version of samba was used, but if the developers have already commented on why Unraid uses an outdated way of SMB configuration to map AD users, even though it has been explicitly unsupported by samba for more than 5 years.

    • Like 1
    Link to comment

    Bumping this.

     

    It happens to my every 3-4 weeks. Usually a reboot will fix it but it's annoying. I haven't attempted to apply any of the workarounds here.

    Link to comment

    FYI  - I ran into the same issue and changing the idmap backend to not use hash worked for me. Seems Unraid knows about this and should change their default as it's been unsupported by Samba for years.

     

    Unraid, change the default idmap backend so more people don't have to waste their time.

    • Like 2
    Link to comment

    We appreciate the level of frustration that the AD issues are causing.  We are paying attention to the feedback we are getting.  AD is an enterprise feature that was added many years ago at the request of a user.  It was fairly simple to implement and was added to Unraid.  Over the years there have been changes made and Unraid did not keep up with those changes - e.g. the idmap backend.

     

    Changing the backend is not as simple as just changing one setting.  Our research has shown there is more to it than that.  We don't want to create more problems than we fix.

     

    AD is not a main stream Unraid feature and unfortunately, doesn't get the attention that users expect.  It is noted in our system as an issue, but is not a high priority at this point because it doesn't affect as many users as other issues.

    • Confused 1
    Link to comment

    That is a terrible cop-out proving once again that the interest of paying customers doesn't matter until it reaches angry mob status. The official response after an update broke this essential feature to almost everyone running MS systems shouldn't be "Sucks to suck... deal with it".

     

    We should not have to start a change.org petition, or get a hoard of twitter and YouTube people to whip the community into a frenzy to get you to do the right thing.

     

    You have a 4 page forum post about an issue right in front of you and a bunch more threads elsewhere. That is just the people that actually brought it to your attention. This works like polling, multiply each of our voices by at least 10x and you will start to scratch the surface about how many users are having this issue.

     

    Finally, AD is the only way to get proper permissions for any windows based network. It may be an "enterprise feature"... but so was DHCP. That makes your reasoning a very strange excuse to ignore a VERY known (AND FIXABLE) bug in unraid.

     

    @dlandon I hope you change your mind of this issue quickly, because your above response is beyond unacceptable and I would expect ALOT of community fallout if that becomes the official hill you folks want to die on.

     

    P.S. We can start knocking out the rest of the SAMBA issues that cause terrible overall user quality of life once we get you folks warmed up fixing this mess.

     

     

    • Like 2
    • Upvote 1
    Link to comment

    @CallOneTech

    I'd just like to point out that the posted fix in the dedicated channel for this issue does work.

    I have 5 Unraid systems with this fix applied in a environment of 70+ users.

    I know your fustration with this. I had random users loose access to files multiple times daily. Was driving me nuts.

     

    This issue with the fix can't be overstated enought: 

    You have to re-apply all the permission to your file structure - this can be rather grizzly but if you planned out your permission structure it shouldn't be that hard. If not, now is the time to get your permissions in order.

    I learned this lesson hard long ago.

     

    @dlandon

    You may not realize how many people use uraid in an enterprise environment. In my tech circle I'm seeing a movement back to self hosting data for small to medium sized companies especially ones with sensitive data. I use unraid with ZFS in a Zentyal domain controller for Windows 10 worktations. VM for terminal servers and application servers. Docker for FTP service, PiHole, MySQL and whatever else I may need. I've been on the developer side of things. Most projects like this take on a form of their own after a while and go in a direction you did not intend.

    Link to comment
    2 hours ago, Holmesware said:

    This issue with the fix can't be overstated enought: 

    You have to re-apply all the permission to your file structure - this can be rather grizzly but if you planned out your permission structure it shouldn't be that hard. If not, now is the time to get your permissions in order.

    I learned this lesson hard long ago.

    This is why just changing the backend to tdb is not an easy solution.  It will break existing permission settings.

    Link to comment
    4 hours ago, Holmesware said:

    You may not realize how many people use uraid in an enterprise environment.

    That is not reflected in the latest survey here.  AD is not an important feature according to the users responding in the survey.  You'll see it as the second from the bottom in importance.

     

     

    Link to comment
    10 hours ago, Holmesware said:

    I'd just like to point out that the posted fix in the dedicated channel for this issue does work.

    That's not right!

    I applied the mentioned fix and the problems are still there, as I already wrote.

     

     

    17 hours ago, dlandon said:

    AD is not a main stream Unraid feature and unfortunately, doesn't get the attention that users expect.  It is noted in our system as an issue, but is not a high priority at this point because it doesn't affect as many users as other issues.

    What kind of reasoning is that, please???

    When we chose Unraid, one of the most important criteria was support for AD connectivity.
    As far as I can tell from the documentation, there is no mention anywhere that this is a feature that is being neglected and may not work.
    If a feature is offered, then a developer should also make sure that it works. Otherwise at least a clear marking would be appropriate that it is an experimental feature or something similar.
    To distance oneself from it afterwards is a slap in the face for all those who - like us - relied on this feature.

     

     

    17 hours ago, dlandon said:

    Changing the backend is not as simple as just changing one setting.  Our research has shown there is more to it than that.  We don't want to create more problems than we fix.

    I can't understand the logic behind this statement.
    Are you telling us that the problem will not be fixed for the time being because it will be very difficult to fix, even though you know that it is a serious problem that affects enterprise customers in particular?
    Seriously?

    Shouldn't bugs be fixed primarily based on their severity?
    It may be that the AD feature is only used by a minority compared to the other features. But this minority are usually customers from the enterprise segment for whom a bug in this area is particularly critical.
    And even though it may be a minority compared to the other features, the absolute number of people affected is probably still quite high. The feedback here in the forum alone shows that.

    Link to comment



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.


    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.