Leaderboard

Hey everyone, this issue with repeated lock outs should now be resolved, you should no longer have to manually delete any cookies.

Dear community, Some thoughts following CNN article about: "hackers repeatedly took advantage of several known flaws and one newly discovered vulnerability in Pulse Secure VPN, a widely used remote connectivity tool, to gain access to dozens of organizations in the defense industrial sector" I am pretty sure others vpn like wireguard and openvpn may have the same flaws. But there is another point of failure in our network. Our ISP routers. Bypassing vpn by direct access using them is possible. Even sometime easy as they have built in login as admin/admin most of the time... Yesterday, using burp, hydra and kali I gained access to a test network through the wifi as a demonstration to one of my friend, trying to show him how to hardened his Isp routers. Once done, I hit his openmediavault Gui, trying log in. Using an eset network scanner, I highlight a login failure as admin/openmediavault was still used. The only thing stoping me by the lack of time was his F2A protection. My point here, is unRAID might be in the same trouble, and don't have F2A login protection. What are your tought on this subject ?

Posting this here in the hope that it assists someone in the future. I host my instance of HomeAssistant in a VM on unRAID. I have recently purchased a ConBee II USB-Gateway so I can add Zigbee devices. I added the USB using the unRAID VM GUI, like I imagine most would, by just checking the tick box next to the device. This didn't work. While Home Assistant found the device, the integration would not add (there were communication errors). The trick was to add the device as a serial-usb device. AFAIK you cannot do this via the GUI. So I added the following code to my VM config: <serial type='dev'> <source path='/dev/serial/by-id/<yourusbid>'/> <target type='usb-serial' port='1'> <model name='usb-serial'/> </target> <alias name='serial1'/> <address type='usb' bus='0' port='4'/> </serial> I was then able to add the integration easily. Interestingly, it didn't auto discover, but that's just an aside. Note, <yourusbid> can be found via the command line - it contains the device serial so its not to be posted.

the ideal tower case has external 5.25" drive cages top to bottom (i.e. Antec 900). I was reading some articles on SilentPCReview and found a list! brand / model / (5.25 bay count) AeroCool VX/VS-9 Pro Antec 1200 - (12) Antec 900 - (9) AZZA Helios 910 Chieftec Smart WH-01 Coolermaster Centurion 590 - (9) Coolermaster Stacker 810 - (11) Lianli PC-P80 Lianli PC-P50 Lian Li PC-A77FB - (12) Nexus Prominent 9 - (9) NZXT Evo - (9) Sharkoon Rebel 12 Eco / Value Silverstone KL01 & KL02 Silverstone TJ-07 Sunbeam AC9B-T Acrylic Thermaltake V5 - (9) (discontinued) Thermaltake V6 - ( (9 removal of top mount eSata for hotswap bay) XCLIO Nighthawk (9) Xigmatek Utgard CPC-T90DB Xigmatek Utgard Window CPC-T90DB-U02 Xigmatek Elysium Black Server Edition (non window) CCC-HSA0DS-U03 All Black Aluminum / Steel ATX Super Tower Computer Case - (12) Xigmatek Elysium Black CCC-HSA0DS-U01 All Black Aluminum / Steel ATX Super Tower Computer Case - (12) Xigmatek Elysium Silver CCC-HSA0DS-U02 Black / Silver Aluminum / Steel ATX Super Tower Computer Case - $220 + shipping Zalman MS1000 Zalman Z7 Plus ------------------------------------------------------------------------------------ hopefully this will help some new members find their cases for builds. I myself spent a few days looking at cases, this should speed things up a bit cheers! MOD EDIT: added the AZZA Helios 910 and Nexus Prominent 9 to the list EDIT (01/11/12): added CM 810 and a note in brackets for count (xx) = 5.25" drive bay count. EDIT (01/12/12): added Xigmatek cases (12 bays) with pics/links.

In two words ; Machine Type Q35, VNC driver CIRRUS. Download NiceHashOS from : https://www.nicehash.com/download-center Download and install OSFMount : https://www.osforensics.com/tools/mount-disk-images.html On a Windows VM : - Extract the NHos archive with Winrar or 7Zip. - With OSFMount, select tthe extracted .img file and mount the DDOS3.31+FAT16 partition. - Uncheck "read-only drive" - Open the mounted partition in the explorer and edit the configuration.txt by adding your BTC address (from your Nicehash account) and worker's name (as you like). - Save the file and unmount the partition - Mount again the .img file and ensure that your changes have been recorded - You can now move the .img file in your domains/vm disks folder Create a new VM with Ubuntu Template. Ensure to have these settings : - At least 2GB of ram - Save on CPU cores as it will bring no benefits Mandatory : - Of course point to the edited .img file. - Machine Type Q35 - Change VNC driver for CIRRUS - Add a secondary nvidia GPU. You should be all set :). You can control the GPU OC settings from the web interface. Your nvidia GPU should have no more rest.

In Unraid 6.9 I would recommend against using SSL for the webgui if you are running your router in a VM, since true SSL requires DNS resolution of the FQDN. In Unraid 6.10 there is a little more flexibility, and you can have a self-signed cert on https://[servername].[localTLD] in addition to the real cert that uses https://hash.unraid.net Either way, for workarounds see: https://wiki.unraid.net/My_Servers#How_to_access_your_server_when_DNS_is_down

Explicitly specify https when accessing via the ip address

Sorry for the trouble, nice job figuring out it was related to the license. I've recreated this and confirmed the problem is in the My Servers plugin, we'll get that fixed.

I think you should always be running the latest stable. Personally, my two production servers always run either the latest stable or the latest RC (whichever is newer).

good day, yes that was it, I had an unuse pool, once I deleted it everything came back to normal. thank all for the help.

Pls avoid this PSU, you should check user comment, no reason to buy PSU don't have APFC, still have 110-220 voltage switch, very low tech and low end. Problem not on how many watts, it is about quality problem. There are some much much better choice @ Amazon 45 USD ( 50% off, suggest order ASAP ) https://www.amazon.com/gp/product/B084RGH8W4/ref=ox_sc_act_title_2?currency=USD&language=en_US&psc=1&smid=ATVPDKIKX0DER * SILENT, LONG-LASTING 135MM FLUID-DYNAMIC BEARING FAN WITH ECO MODE The ultra-quiet 135mm Fluid-Dynamic Bearing fan becomes silent when coupled with EVGA ECO mode to turn off the fan in low to medium loads. The larger fan and carefully tuned profile creates a quieter experience than the B3 power supplies. * * EFFICIENCY AND REGULATION DESIGNED FOR THE MODERN PC Featuring an LLC Resonant design + DC to DC converter, EVGA B5 power supplies are up to 89% efficient - well above 80 Plus Bronze requirements. Moreover, the B5 power supplies are designed with modern standards, including ATX V2.52, for performance and stability. * * 100% Japanese Capacitors *

some people get this because the default timeouts for stopping VMx, docker, disks are too short for their system so you get a forced shutdown which then leads to an automatic parity check on the next boot. you might want to try simply stopping the array (rather than doing a shutdown) when it is running its normal workload and time how long that takes. You can then make sure the timeouts are large enough. If the array disks will never unmount cleanly you need to look into what is stopping that from happening and rectify that.

User scripts docker restart mariadb

Tatsache, dann nehme ich alles zurück. Bliebe dann allerdings immer ncoh der Vorteil dass die Platten (ohne SMART-Trick) schneller sind als die WDs. Habe meinen Post korrigiert/angepasst, für die Nachwelt und so.

It does suggest a flash drive problem, but not because it hasn't completed a parity check. You will always get a parity check for unclean shutdown.

I thought that the idea was UnRaid would only try and read SMART data from drives that it thinks are spun up. If this is correct the real problem could be in how UnRaid decides drives are spun down not working as expected.

If you look on the flash drive under ‘config/pools’ here should be a .cfg file defining each pool. You seem to have 3 .cfg files but only 2 active pools? Maybe one is a remnant of a previous attempt at setting up a pool that no longer exists?

Die hat nur 4TB - die Parity aber 8TB 👍

Yes

Just checking in. Uptime is now 3 days 13 hours 9 minutes since I last issued the netfilter fix command. Not one call trace in the log or hard lock up / crash since.

Das gleiche Problem hatte ich auch. Es liegt an der Rechtevergabe des benutzten Nutzers bzw. daran wenn ein sudo Befehl abgesetzt wird, er noch einmal das Passwort bestätigen muss. Somit wird der dd Befehl nicht ausgeführt und läuft auf Fehler. Lösung: (Gegenteil hier ausführlich erklärt) Kurzfassung: 1. Einloggen in deinen Pi 2. Befehl "sudo visudo" ausführen 3. Folgende Zeile hinzufügen "pi ALL=(ALL) NOPASSWD: ALL" -> pi durch den gewünschten Nutzer ersetzen. (Befehle natürlich ohne "")

My container has default settings and I can't reproduce this behavior either. @kri kri I also think that a reinstallation should help here.

Better to re-post there, there's some danger with this forum when attempting to merge threads.

Email has been sent with the regular debug file.

This is a fresh install from CSMM without any existing data in it? I see an error where it says that jq is missing and also that something is wrong with the databse. Will look into this ASAP and report back.

nope, luckily my gvt-g VM is running just fine about the types the i915...._4 <- means in theory 4 simultan 4 gpu*s are possible the i915...._8 <- means in theory 4 simultan 8 gpu*s are possible but i cant use that many simultan, if i add more and more simultan i run into memory page errors and the VM's crashes

Those were removed because they no longer apply.

Thanks for this release. I'm having trouble with the login credentials. I can't see any default login and password nor can I find a way to crease one.

@Jarrodr Google VFAT You will find that the VFAT has the following restriction:

I did start a new appdata folder and install a couple days ago, but I can try again if you updated something. It is not a huge deal really, but I will test.

Within the VM template it connects via vendor and product and doesnt support multiple of the same vendor product. My usb manager plugin supports multiple devices of same vendor product. search usb in CA

Parity is about recovering a failed drive, and has no understanding of the data on any drive as it works at the physical sector level so it cannot be used to recover individual files.

It's a bug, fixed for rc2, but if you remove the empty pool it should appear.

A piece of information, 72-100 hours is a good burn-in period for hard drives. While you think this may shorten the life of the drive, I have one drive in my test bed server with 86,570 hours on it (approximately 10years)!

Are you sure that is all the results? There should be a total when it is finished and it should say

Thanks I reverted the Nerdpack python 2 Sent from my SM-N970U using Tapatalk

I had the same issue and solved it that way: 1. Uninstall Python2 from the Nerd Pack Plugin 2. cli into your unraid 3. Download Python2 for Slackware: wget https://slackware.uk/slackware/slackware64-14.2/slackware64/d/python-2.7.11-x86_64-2.txz 4. Install Python2: upgradepkg --install-new python-2.7.11-x86_64-2.txz For the last step I went to Settings, VM Manager, Advanced View enabled, Libvirt wake on lan disable, then enable again. Status: Running :)

Or how often people don't read the FAQ's before posting.

I have found this fix in another thread: Change the mariadb docker repository to "linuxserver/mariadb:110.4.21mariabionic-ls31" (without the " of course) and let it run. Then edit the docker repository again to "linuxserver/mariadb:latest" and it should run fine again.

You can disable SMBv1 in Unraid by going to Settings -> SMB Settings and setting Enable NetBIOS to No. Perhaps Network Discovery is happening through WSD

I don't agree. Unraid users are power users. We wouldn't be here otherwise. We run duplicity, duplicati, s3cmd, etc and all kinds of other configurations to backup array data and everything else we can rig up. We are capable, but we need to have an official and updated DOCUMENTATION of what needs to be backed up, how to back it up and how to restore it. What is needed is the knowledge to be able to backup and restore (and test the system). Really, without official backup and restore Unraid becomes a toy. I dint understand why there is resistance to this notion that we should be informed and prepared for the inevitable. Limetech claims on the homepage that Unraid allows users "to have ultimate control over their data" and thats nice, and Unraid is a great product. Ultimately, however, if Limetech doesnt share and maintain the knowledge of how we can backup and restore our systems perfectly, or perhaps doesn't provide that, then we have no control at all. Documentation is a minimum, import/export tools/scripts will go the extra mile. Silence and third party support are cop outs.

As I read over this thread, I realize that most of the problems are being caused by those of us (myself included) who are trying to run their Unraid network with the same LAN security protocols that existed in 2010! In one of these support threads, I was quoted by @Batter Pudding in his/her take about this practice. The post is shown below: https://forums.unraid.net/topic/109278-cant-access-unraid-share-on-win10/?tab=comments#comment-1000312 @Batter Pudding and I started a Private Message discussion about SMB, Windows 10, Unraid, and using up-to-date security practices. I pointed out that many of us did not have the expertise to get things setup properly. Starting from that point, we assembled a detailed set of instructions with explanations as to how things work and walk you through the required steps. We even did a set of “How to” guides for each step... Next point is that LimeTech is about to release version 6.10.0 ‘soon’™ and they have promised that it will have a 2021 security model! All that SMB security stuff that we have turning off in Windows 10, LimeTech is going to be turning-on in Unraid (and in a lot more other areas besides SMB)! Let’s admit it. We have been playing Windows 10 “Whack-a-Mole” too long in attempting to run the Unraid SMB network with the absolute minimum of protection. It is time to bite the bullet and get our Unraid LAN networks secured to the requirements that are necessary today. Just click on the link to this thread for more details: https://forums.unraid.net/topic/110580-security-is-not-a-dirty-word-unraid-windows-10-smb-setup/

During one of our Private Message discussions, @Batter Pudding suggested that ‘Short Sheets’ of the steps involved in each procedure could be beneficial. I know that when I am doing any multi-step procedure, I like have have a printout of the procedure and check off each step as I complete it. The attachments to this posting are the short sheets for each procedure in the document in the first post. EDIT: March 15, 2024 Added the PDF for "An Alternative Method to Network Neighborhood". How To #1-Advance Network Settings.pdf How to #2-Fixing the Windows Explorer Issue.pdf How to #3– Turning Off “SMB 1.0_CIFS File Sharing Support”.pdf How to #4-Adding a SMB User to Unraid.pdf How to #5-Adding a Windows Credential.pdf An Alternative Method to Network Neighborhood.pdf

Err? All of that is probably why nothing worked. Ripping Win10 apart and downgrading it to a broken old protocol is not the best trick in the book. There seems to be a strange idea from some Linux hacks that dismantling security and putting back to the previous century's broken standards is a good idea. Win10 will work out of the box. Untouched. UNRAID is happy to talk Win10's language. Just set the share to private\secure\public as per the manual. Select the user to have read\write as needed. And all will be well. That's all I needed to do an I am no UNRAID expert. Using the IP Address is not a "back door". That is walking in the front door but without some daft human friendly name attached. The hack to get the username recognised doesn't seem too weird with WORKGROUPNAME attached. Think i have seen it before. Certainly see it with MACHINENAME\USERNAME paired. You are just telling Windows where to find that variant of a username when there is a clash. Or could be a knock on from all those other switches you hit at random. My main investigation would be retyping workgroup names \ check they are all in caps on all computers on the network, reboot all of them. These seems to imply a clash of usernames or slightly different WorkGroup Capitals. Are you logging into the Win10 box as a local user? Or with a Windows account? Both can mess with your SMB name in unexpected ways. Though you should still get the login prompt. I wonder if this is why being more specific on your username worked? I expect \UNRAIDSERVERNAME\USERNAME would also work in a similar way. Did you look into "Credential Manager" On win10? See what it had stored for that server? Including the capitals? Be aware that Win10 may well attempt to heal itself of those downgrading of the SMB security. I know I have turned on SMB 1.0 for old printer shares for people before, only for a bigger Win10 upgrade to come along and turn it back off again. I would strongly suggest undoing some of those old hacks and let Win10 and UNRAID talk clean SMB 2\3 or whatever they need. Trying to talk the old protocols will lead to confusions on both sides. Though ultimately - who cares how you got there. It works now.

While I agree with you that the security in UnRAID seems pretty weak at default settings, your router admin page should not be accessible from the outside if you configure it correctly and keep it up to date. You highlight a big problem though, default settings in all these docker containers we pull, and I think that boils down to the individual user and the software being used. Your friend is tech savvy enough to setup his own OMV on UnRAID so he should definitely be techy enough to know to change the default admin password. And the software should be made in such a way that default passwords are a major error event that fires warnings everytime you log in to it. 2FA is in my opinion a complementary security feature that should not keep a software secure on its own. But I hope some big steps are taken in regards to security by the UnRAID team going forwards. I'm still on my trial period with 12 days left and I really love UnRAID but I keep being scared on some security defaults (SSH enabled with password even though the keys are generated and stored on flash, no simple switch in UI to disable PW logons, why???). Root as default user, major functionality put in the hands of the community (Fix Common Problems etc) which is a huge attack surface because I guess these plugins in UnRAID run as root? It only takes one big community addon to be hit and a lot of servers will be infected, and I guess UnRAIDs stance on this issue will be something along the lines of "you used community addons on your own risk", which is true. Sorry if I'm ranting in an somewhat unrelated thread as this post is more about general security on UnRAID.

I agree. Greet's

See, guys, this whole thing boils down to knowledge. Knowledge about which disk exactly is carrying the mismatched byte at certain position. Knowledge that can't be had with single parity, but can be had with dual parity. It amazes me that some people would not want that knowledge. Like, life is easier without that knowledge -- just assume that the parity is wrong and sync it. Like, if they are suddenly given the knowledge that, say, disk#4 is carrying the corrupted byte at that point, then they would be stumped about what to do with that knowledge. Let me ease the anxiety: You could always chose to do what you have been doing all along -- sync the corrupted byte onto the parity disks. Personally, I would take the other option -- recover the corrupted byte from parity.

I know, I know, but the file system on the data disk has it all. Simply said: P holds 101010 at a certain position. Data disks report 1, 0, 0, 0, 1, 0. So there's a mismatch for the data disk 3 at that position. Now check if that bit is part of non-allocated space, metadata, ..., or a file on that _data disk_. If this bit belongs to a file --> report it and then sync that bit. I don't know if it's possible to find blocks that belong to a file with the help of a given bit or block. But this is IMHO what would help in many situations. So the question is: I have a bit/block at a given position on a known data disk. Is it possible to identify to what that bit/block belongs on that data disk? If it's possible it would add a small performance drawback whenever a mismatch occurs but it would allow to restore corrupt files from backup. The restore would "repair" parity then. If the bit/block does not belong to a file, sync would happen as usual. As I said: I have no idea if this sounds reasonable, but this one puzzles me since over 10 years, when my Unraid server synced over 1400 errors to parity because of a bad cable and I didn't notice that.

Unraid always requires that it be booted from a USB drive. Making a backup of the current working USB drive will suffice to recover from a future USB failure. The easiest way to make this backup is go to Main under the Boot Device section/tab, click on the blue 'Flash' listing under the 'Device' column. Under the Flash Device Settings section/tab, you will find a "Flash Backup" button. You can find more details on the exact procedure for getting a new .key file for your new USB drive here: https://wiki.unraid.net/UnRAID_6/Changing_The_Flash_Device LimeTech tries to make it very easy to get a replacement key. If you have a proper backup of your Unraid boot drive, you can be up and running in a few minutes after a USB failure. IF you should have a problem, you can always contact Customer Support. That will take a bit longer but they have always been very accommodating to reasonable requests.

You can always click on the flash drive on the Main tab and select the option to download a backup as a zip file.