Leaderboard

Popular Content

Showing content with the highest reputation on 06/26/21 in all areas

  1. The attachment in this post is a joint effort between @Batter Pudding and myself. @Batter Pudding supplied much of the technical part of the Attached Document and I provide most of the background information. What we are attempting to do is to show that it is easy to actually use Unraid with all of the security features that Microsoft has incorporated into Windows 10. What many of us have been doing (myself included) is to reverse those enhancements to security and use our Unraid network in what is basically a 2010 security environment. @limetechhas announced in the release thread for version 6.9.2 that they are about to increase security on Unraid in future releases. Unfortunately, this list is going to impact a lot of current Unraid users as many have setup their Unraid servers and networking to use these very features. Each user will have two choices. Either embrace security or spend time to undo each new security addition that either LimeTech or MS adds in their updates. If you decide to continue to bypass security, just realize that the number of folks prepared to assist you with any problems doing this will probably decline as more folks adopt increased security as a necessity. In some cases, this is going to present some difficult decisions. For example, I have an old Netgear NTV-550 set top media player (last firmware/software update was in early 2011) that only supports SMBv1 or NFS. Do I open up a security hole to use a well-functioning piece of equipment or do I replace it? (The choice, obviously, is one that only I can make...) Two Important things! Do not post up any problems that you have with networking between Windows 10 and Unraid in this thread! Start a new thread in the General Support forum. Please don’t tell us that there is another way to do something and that we should change our recommendation to employ that method. If you feel you have a better way, you are encouraged to write it up in detail and post it in this thread pointing out the advantages of your way. (One well regarded Windows 10 networking book has over 400 pages in it. Our document is 16 pages long…) EDIT: November 30, 2021. Recently, something has come to my attention about Unraid and SMB. There have been incidences where access to Unraid shares is restricted or blocked completely from users who should have access to it. What has been found in these cases is that a feature, has been enable on the Unraid side, called Access Control Lists (ACL for short). This will show up as an ‘+’ at the end of the Linux permissions. See the screen capture below: Note that the ‘+’ is also on the file as well as the share/directory. ACL changes the way that Linux is going to control access to these resources. After some research, I found out that Windows has used ACL for a long time. The SAMBA group has added ACL into its version of SMB. Unraid does not use ACL in its security scheme. At the present time, I can think of only one way that a ACL could be found on any Unraid server. It was done by a Windows user who was trying to change how SMB worked by applying Windows security features to an Unraid share by changing the default Security settings. (Basically, right-clicking on the Share in Windows Explorer, selecting ‘Properties’, then the ‘Security’ tab and working from there.) The point I am making is that you can’t fix a share access problem by trying to change a Unraid share security using Windows security tools on that share. If you try, you will probably make things worst! (Unless you are a Windows SMB Networking Guru…) It is important to realize that if you are denied permission to an Unraid share resource, the problem can only be fixed on the Unraid side using the Tools in the Unraid GUI (or via the command line for specific problems). If you are having an access problem to a Unraid share and can’t solve it with the tools in the GUI, start a thread in the General Support sub-forum and let the community help you fix it. EDIT: February 25, 2024. It has come to my attention that there is one more setting that was not previously covered. The Network type should be set as 'Private'. For Windows 10 Open up Settings Pick Network & Internet In right panel, click on Properties button In the Network Properties, select the 'Private' radio button. For Windows 11 Open up Settings In left panel, pick Network & Internet In the Right Panel at the top, click on Properties Under Network Profile type, click on the 'Private network' radio button EDIT: March 15, 2024 It has come to my attention that there can be problems in linking the Network Neighborhood folder into Windows File Explorer in Windows 11. While there is a solution to that problem, it has some other side effects and the full scope of those has not been evaluated. In addition, I have become aware of another way to integrate access of servers into Windows File Explorer that works quite well if you have only a few servers. (Things start to look messy if one adds more than two or three servers but that is a matter of each individual’s perception of “messy”.) So if you have having any problems with implementing "Network Neighborhood", try this new approach! This new method is actually quite simple to set up. This method is described in the attached PDF file named: “An Alternative Method to Network Neighborhood.PDF” Unraid & Windows 10 SMB Setup.pdf An Alternative Method to Network Neighborhood.pdf
    3 points
  2. Maybe it would be worth having @limetech include swamp in the unraid kernel in future releases given that MS suggests not meeting the requirements in VMs might mean a reduced feature set. I wouldn’t think including swamp in the kernel would impose much extra work or introduce any problems into the process. I could, of course, be very very wrong here.
    2 points
  3. Overview: Support for Docker image tquinnelly/clamav-alpine which uses clamav, freshclam, and clamscan to scan your array. Application: ClamAV https://www.clamav.net/ Docker Hub: https://hub.docker.com/r/tquinnelly/clamav-alpine GitHub: https://www.github.com/tquizzle/clamav-alpine Expectations: This container will run when started, scan, then stop. If you want to scan again, just start it again. Before you post; are you using my image? There is another CA that is using my forum post for the "Official" image, which is often the cause of issues. Notification script from Squid: Logs This container logs to stdout. To see the logs you will have to execute the docker logs command. docker logs ClamAV Buy me a coffee?
    1 point
  4. I explained it earlier but might of not posted the exact command, basically you set it to syslog and then a remote server but with an invalid ip address. Put this in the "Extra Parameters:" section of the docker settings. --log-driver syslog --log-opt syslog-address=udp://192.168.1.100:514 This seems to work to disable the internal logging of the docker without breaking it. The worst offenders so far seem to be the VPN enabled containers and binhex containers for some reason. Healthchecks I am not sure about yet, have not had time to dig into that.
    1 point
  5. Upon further investigation, it does appear that telegraf isn't able to store data for some keys when in custom network mode. I'm going to do some research and report back if I can figure out a workaround. UPDATE: I moved telegraf back to host mode and all of the stats that seemed to be missing before are back, however I'm seeing errors regarding writing to InfluxDB in my telegraf logs. today at 1:22:52 PM 2021-06-26T20:22:52Z I! [agent] Config: Interval:10s, Quiet:false, Hostname:"teraserver", Flush Interval:10s today at 1:23:21 PM 2021-06-26T20:23:21Z W! [agent] ["outputs.influxdb"] did not complete within its flush interval today at 1:23:21 PM 2021-06-26T20:23:21Z E! [outputs.influxdb] When writing to [http://10.3.3.138:8086]: failed doing req: Post "http://10.3.3.138:8086/write?db=telegraf": context deadline exceeded (Client.Timeout exceeded while awaiting headers) today at 1:23:21 PM 2021-06-26T20:23:21Z E! [agent] Error writing to outputs.influxdb: could not write any address today at 1:23:31 PM 2021-06-26T20:23:31Z W! [agent] ["outputs.influxdb"] did not complete within its flush interval today at 1:23:31 PM 2021-06-26T20:23:31Z E! [outputs.influxdb] When writing to [http://10.3.3.138:8086]: failed doing req: Post "http://10.3.3.138:8086/write?db=telegraf": context deadline exceeded (Client.Timeout exceeded while awaiting headers) today at 1:23:31 PM 2021-06-26T20:23:31Z E! [agent] Error writing to outputs.influxdb: could not write any address today at 1:23:41 PM 2021-06-26T20:23:41Z W! [agent] ["outputs.influxdb"] did not complete within its flush interval today at 1:32:11 PM 2021-06-26T20:32:11Z W! [outputs.influxdb] Metric buffer overflow; 102 metrics have been dropped today at 1:32:22 PM 2021-06-26T20:32:22Z W! [outputs.influxdb] Metric buffer overflow; 8 metrics have been dropped The data is most certainly being written to InfluxDB. I can see the POSTs in the InfluxDB and as mentioned above, I'm seeing the data in Grafana. I'm not sure if this is a data validation issue or cosmetic. I'd prefer not to spam my telegraf logs. Perhaps a telegraf expert might be able to weigh in why I'd be seeing these messages even though the data appears to be written to InfluxDB.
    1 point
  6. iSCSI Target install components have now been added to the iSCSI-GUI plugin. On the next update the ICON will move from the Tools Menu to the settings. You no longer need to have ich777s target plugin installed and he is planning to remove as we have combined into a single plugin. Let us know if there are functions you would like adding.
    1 point
  7. Yes. I haven't tried not forwarding the GUI port, but I guess in theory it might work if all the other needed ports are forwarded correctly. I need remote access to the GUI, as 90% of my managed AP's are outside my LAN. It's https with a strong password, so I'm not too worried about it. Here is the article I used when configuring my setup. https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used
    1 point
  8. /usr/local/sbin/emcmd cmdSpinup=disk3 Oder eben cmdSpindown und zb "parity".
    1 point
  9. https://docs.nextcloud.com/server/19/admin_manual/configuration_user/reset_admin_password.html You could try that. In the logs above there isn't much to use, other than you tried and failed to login. Here is another post for things to check https://help.nextcloud.com/t/cannot-login-to-nextcloud-with-correct-admin-password-and-no-browser-errors/85892/5
    1 point
  10. (12 threads) Total plot creation time was 6534.52 sec (108.909 min) (24 threads) Total plot creation time was 3947.82 sec (65.797 min)
    1 point
  11. I think he meant this one: https://forum.kodi.tv/showthread.php?tid=252916 You might also want to check this one: https://discourse.coreelec.org/t/best-device-for-coreelec-in-2021/14348
    1 point
  12. Thanks to your advice, I was able to find I was using "backup" in my Roon container. I changed it to "backups" now. I got a feeling that will fix it. Thanks very much. Edit: I found nzbHydra2 also created a "backup" folder as a default. Fixed that too.
    1 point
  13. Great, thanks for letting me know and for trying us out. Have a great weekend!
    1 point
  14. Yup, the 403 is gone. I was able to start a trial. Thanks!
    1 point
  15. The plugin stops all dockers, then begins the backup. I'm assuming this is done so there's a complete snapshot at that point in time? My problem is the backup is now taking 4 hrs to complete. I was wondering if it would be possible to stop a container, back it up, then start it, move on to the next. If that's a good idea or not I don't know? Or maybe stop docker, make incremental backup (fast), start docker, then recreate the tar from the incremental and delete the incremental? There's not really a good time to stop docker for 4 hrs. It takes down my smart home. If one of the kids get up in the night during the backup, the lights don't work. I can't think of a solution?
    1 point
  16. I'm not sure how I was meant to know that.
    1 point
  17. Make sure to read the github artical too, I have learned alot since then... mostly by breaking things.
    1 point
  18. Well, what does cannot login mean? Nextcloud webui not loading? It says wrong password? It says user not found? Is there any errors? Any logs in /data/nextcloud.log?
    1 point
  19. try to do one step at a time. My guess is, that your pfsense is missing the interface for vlan-150 and unraid is missing this as gateway. You only showed one screen where you only defined the tag, but no interface and network using it. consider the network at br0 as the untagged/default PVID net....this is working create the same setup for VLAN-150...mimik the setup from br0 Example: unraid-br0: IP: 192.168.0.50, netmask: 255.255.255.0 (192.168.0.0/24), gateway: 192.168.0.1 /virtio-pfsense-opt3 unraid-br0.150 192.168.150.50 netmask 255.255.255.0 (192.168.150.0/24) gateway 192.168.150.1 /virtio-pfsense-opt??? -> with VLAN-ID: 150 create an interface on pfsense and add IP/net 192.168.150.1/24 - also in unraid add IP 192.168.150.50 with gateway 192.168.150.1 ...then test if are you able to ping unraid-br0.150 (192.168.150.50, from IF 192.168.150.1 and vice versa. only after that, try to ping accross networks with routing&firewall involved.
    1 point
  20. So had a go with this, so for anyone else interested, who finds it in a search, or @Tydell then I hope this helps somewhat. My efforts were foiled by my hotswap cage/backplane being faulty, so never got to actually get the drives installed and use it in 'anger' as it were. The cage/backplane I tried was the Icybox IB-564SSK. So to take apart the horizontal section at the front right of the case, there are several screws that need undoing. The ones I have labelled with green and red hold some metal plates in place, which in effect act as runners for any 5.25" devices you want to install. The screws labelled in blue hold the I/O front panel in place. This photo (sorry for the quality, it was taken one handed and 'blind') shows the screws holding the I/O front panel in place.... This picture shows the front I/O panel and the vertical metal plate, retained by the red screws, can be seen as well. I undid the screws but couldn't get it out of the case, so it's possibly I missed a fixing somewhere or needed to be more medieval with it.... And as soon as you undo the blue screws, the front I/O panel succumbs to gravity.... This next photo shows that the I/O panel will indeed fit vertically - however there appears to be no way of fixing it permanently to the chassis using existing holes. Probably the best solution would be to attach the I/O panel to the edge of the chassis or the side of a drive cage using 3M stick pads or tape etc. And this picture shows the mechanism used to retain the default drive cages and fan assemblies - the metal clips on top spring up and hold the cage in place. This picture shows the vertical metal plate that was held in place by the green screws - I was able to remove it quite easily once the three screws had been undone: And this photo shows how the drive cage would fit inside the case using the retaining clips provided with the chassis. Note that they don't screw in to the exterior of the drive cage - they simply clip in: Finally, here's a photo of the IcyBox cage/backplane with the I/O panel in a vertical setup, mirroring the Rosewill RSV-L4412: So with a little effort, I think it will be quite doable. Depending upon which drive cages are used, there may be some small gaps between each of the drive cages - but they could easily be blanked off. Indeed, if you look closely at a RSV-L4412, there appear to be small gaps with that anyway....
    1 point
  21. During one of our Private Message discussions, @Batter Pudding suggested that ‘Short Sheets’ of the steps involved in each procedure could be beneficial. I know that when I am doing any multi-step procedure, I like have have a printout of the procedure and check off each step as I complete it. The attachments to this posting are the short sheets for each procedure in the document in the first post. EDIT: March 15, 2024 Added the PDF for "An Alternative Method to Network Neighborhood". How To #1-Advance Network Settings.pdf How to #2-Fixing the Windows Explorer Issue.pdf How to #3– Turning Off “SMB 1.0_CIFS File Sharing Support”.pdf How to #4-Adding a SMB User to Unraid.pdf How to #5-Adding a Windows Credential.pdf An Alternative Method to Network Neighborhood.pdf
    1 point
  22. Don't see anything out of the ordinary logged, you should probably post on the OpenVPN docker support thread.
    1 point
  23. This is actually by design with Docker. We've discussed this at length before and your options each with their own caveats are: enable host access to docker networks in the Settings | Docker (Advanced View) my screenshot is disabled since I don't use it Enable VLANs in Settings | Network Settings and add custom networks in Docker settings If you have a spare Network card, you can keep it separate from the default bond between the other network interfaces (usually bond0) and then setup a custom network there for docker It is best to setup Unraid so it only has an IP in an interface that is not the same as the one being used by docker else the issue with connectivity will occur Some older threads for more details:
    1 point
  24. Lösung für den nächsten der genau wie ich im dunklen tappt. 1. Einstellung Docker: Host Zugang zu benutzerdefinierten Netzwerken: Aktiviert. 2. Einstellungen WireGuard: Local server uses NAT: Nein 3. FRITZBOX Netzwerkeinstellung/Statische Routingtabelle Netzwerk: 10.253.0.0 (Docker Netzwerk) Subnetzmaske: 255.255.255.0 Gateway: 192.168.178.5 (Unraid Server) Danke an alle Beteiligten für die Hilfe. Gesendet von meinem SM-G998B mit Tapatalk
    1 point
  25. Very much appreciate I can secure my unRaid now w/traditional passwords. I request that if the boot-flash contains an authorized_keys file preloaded with SSH public keys, that this file is used for SSH based login and SSHD config is appended with: PasswordAuthentication no This would further harden root SSH access and effectively secure this entry point from any brute force attacks, likely internally from another compromised machine.. If desired web access can already be hardened w/client based tokens via firewalls and a reverse proxy, but that would be pretty cool it supported like a 2FA app for web auth since you can gain a root shell via web-ui.
    1 point
  26. You would make another instance of the container. Each instance scans whatever is specified
    1 point
  27. So I had the same issue but the solution made me feel like an absolute idiot....spent a good 20-30 minutes trying to figure this out but eventually got it: 1. Enable advanced config options on your UPS via the on screen display 2. Open configuration options and scroll down until you find ModBus 3. Change ModBus to Enabled. It is disabled by default on all APC UPS units. 4. In unRAID UPS Setting menu, set the "UPS Cable" to USB and set "UPS Type" to ModBus. No additional settings like /dev/tty** are required. It may take a minute or two for the info to load but it will. ***Make sure you use the USB-A to USB-B cable to connect your UPS to the server, not the RJ-45 to USB-A. ModBus does not seem to work with the RJ-45 port on the UPS***
    1 point
  28. Not there, if you expand the template view to advanced (toggle is top left right) it will expose extra fields including one called Extra Parameters.
    1 point
  29. chown -R nobody:users /mnt/user/unRAID/ appears to have resolved the SMB permission denied. The file were likely incorrectly owned because I used rsync, run as root, to copy them to /mnt/user/unRAID/ Thx
    1 point