limetech

Changed Status to Closed

Changed Status to Retest

Thank you for the diags. Please retest with 6.11 stable which has update Samba. I was able to perform a complete TM backup from wife's iMac to an Unraid server using 6.11.

Changed Status to Retest

Please retest with 6.11 stable:

Changed Status to Retest Changed Priority to Minor

Added the kernel drivers back into 6.11 stable, not sure how they got omitted. The edac-utils package will come in a patch release.

This change was put into 6.11.0:

reserved

The 6.11 release includes bug fixes, update of base packages, update to 5.19.x Linux kernel, and minor feature improvements. Sorry no major new feature but instead we are paying some "technical debt" and laying the groundwork necessary to add better third-party driver and ZFS support. Although, Samba is updated to version 4.17 and we're seeing some significant performance increases. There are other improvements still a work-in-process which we will publish in patch releases: better support for third-party drivers better macOS integration better Active Directory integration additional VM Manager improvements To upgrade: First create a backup of your USB flash boot device: Main/Flash/Flash Backup If you are running any 6.4 or later release, click 'Check for Updates' on the Tools/Update OS page. If you are running a pre-6.4 release, click 'Check for Updates' on the Plugins page. If the above doesn't work, navigate to Plugins/Install Plugin, select/copy/paste this plugin URL and click Install: https://unraid-dl.sfo2.cdn.digitaloceanspaces.com/stable/unRAIDServer.plg Bugs: If you discover a bug or other issue in this release, please open a Stable Releases Bug Report. ALL USERS are encouraged to upgrade. As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI including new background downloading functionality. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. Also for working with us for better third-party driver integration (still a work-in-process). @SimonF for several improvements including better handling of USB assignments to Virtual Machines. @JorgeB for rigorous testing of storage subsystem Version 6.11.0 2022-09-23 Improvements With this release there have been many base package updates including several CVE mitigations. The Linux kernel update includes mitigation for Processor MMIO stale-data vulnerabilities. The plugin system has been refactored so that 'plugin install' can proceed in the background. This alleviates issue where a user may think installation has crashed and closes the window, when actually it has not crashed. Many other webGUI improvements. Added support for specifying custom VNC ports in VM manager form editor. Custom port number specified using XML editor will be preserved when switching to forms-based editor. Spin down for non-rotational devices now places those devices in standby mode if supported by the device. Similarly, spin up, or any I/O to the device will restore normal operation. Display NVMe device capabilities obtained from SMART info. Added necessary kernel CONFIG options to support Sr-iov with mellanox connectx4+ cards Merged Dynamix SSD Trim plugin into Unraid OS webGUI. Preliminary support for cgroup2. Pass 'unraidcgroup2' on syslinux append line to activate. Included perl in base distro. Bug fixes Fixed issue in VM manager where VM log can not open when VM name has an embedded '#' character. Fixed issue where Parity check pause/resume on schedule was broken. Fixed issue installing registration keys. Updated 'samba' to address security mitigations. Also should get rid of kernel message complaining about "Attempt to set a LOCK_MAND lock via flock(2)." Fixed issue switching from 'test' branch to 'next'. Quit trying to spin down devices which do not support standby mode. Fixed AD join issued caused by outdated cyras-sasl library Do not start mcelog daemon if CPU is unsupported (most AMD processors). Fix nginx not recognizing SSL certificate renewal. wireguard: check the reachability of the gateway (next-hop) before starting the WG tunnel. Ignore "ERROR:" strings mixed in "btrfs filesystem show" command output. This solves problem where libblkid could tag a parity disk as having btrfs file system because the place it looks for the "magic number" happens to matches btrfs. Subsequent "btrfs fi" commands will attempt to read btrfs metadata from this device which fails because there really is not a btrfs filesystem there. Fixed bug in mover that prevented files from being moved from unRAID array to a cache pool (mode Prefer) if the share name contains a space. Change Log vs. Unraid OS 6.10.3 Management: Add sha256 checks of un-zipped files in unRAIDServer.plg. bash: in /etc/profile omit "." (current directory) from PATH docker: do not call 'docker stop' if there are no running containers emhttpd: improve standby (spinning) support mover: fixed issue preventing moving filed from array to cache if share name contains a space rc.nginx: enable OCSP stapling on certs which include an OCSP responder URL rc.nginx: compress 'woff' font files and instruct browser to cache rc.wireguard: add better troubleshooting for WireGuard autostart rc.S: support early load of plugin driver modules SMB: fixed 'fruit' settings for the USB Flash boot device SMB: remove NTLMv1 support since removed from Linux kernel SMB: (temporarily) move vfs_fruit settings into separate /etc/samba/smb-fruit.conf file SMB: (temporarily) get rid of Samba 'idmap_hash is deprecated' nag lines startup: Prevent installing downgraded versions of packages which might exist in /boot/extra upc: version v1.3.0 webgui: Plugin system update Detach frontend and backend operation Use nchan as communication channel Allow window to be closed while backend continues Use SWAL as window manager Added multi remove ability on Plugins page Added update all plugins with details webgui: docker: use docker label as primary source for WebUI This makes the 'net.unraid.docker.webui' docker label the primary source when parsing the web UI address. If the docker label is missing, the template value will be used instead. webgui: Update Credits.page webgui: VM manager: Fix VM log can not open when VM name has an embedded '#' webgui: Management Access page: add details for self-signed certs webgui: Parity check: fix regression error webgui: Remove session creation in scripts webgui: Update ssh key regex Add support for ed25519/sk-ed25519 Remove support for ecdsa (insecure) Use proper regex to check for valid key types webgui: misc. style updates webgui: Management access: HTTP port setting should always be enabled webgui: Fix: preserve vnc port settings webgui: Fix regression error in plugin system webgui: Fix issue installing registration keys webgui: Highlight case selection when custom image is selected webgui: fix(upc): v1.4.2 apiVersion check regression webgui: Update Disk Capabilities pages for NVME drives webgui: chore(upc): v1.6.0 webgui: Plugin system and docker update webgui: System info - style update webgui: Plugins: keep header buttons in same position webgui: Prevent overflow in container size for low resolutions webgui: VM Manager: Add boot order to GUI and CD hot plug function webgui: Docker Manager: add ability to specify shell with container label. webgui: fix: Discord notification agent url webgui: Suppress info icon in banner message when no info is available webgui: Add Spindown message and use -n for identity if scsi drive. webgui: Fix SAS Selftest webgui: Fix plugin multi updates webgui: UPS display enhancements: Add icon for each category Add translation in UPS section on dashboard Add Output voltage / frequency value Add coloring depending on settings Normalize units Make updates near real-time Added UPS model field webgui: JQuery: version 3.6.1 webgui: JQueryUI: version 1.13.2 webgui: improved 'cache busting' on font file urls webgui: Fixed: text color in docker popup window sometimes wrong webgui: Fixed: show read errors during Read Check webgui: VM Manager: Add USB Startup policy; add Missing USB support webgui: Docker: fixed javascript error when no containers exist webgui: added 3rd party system diagnostics added diagnostics for third party plugin packages added diagnostics for /dev/dri devices added diagnostics for /dev/dvb devices added diagnostics for nvidia devices Linux kernel: version 5.19.9 (CVE-2022-21123 (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166) md/unraid: version 2.9.24 CONFIG_IOMMU_DEFAULT_PASSTHROUGH: Passthrough CONFIG_VIRTIO_IOMMU: Virtio IOMMU driver CONFIG_X86_AMD_PSTATE: AMD Processor P-State driver CONFIG_FIREWIRE: FireWire driver stack CONFIG_FIREWIRE_OHCI: OHCI-1394 controllers CONFIG_FIREWIRE_SBP2: Storage devices (SBP-2 protocol) CONFIG_FIREWIRE_NET: IP networking over 1394 CONFIG_INPUT_UINPUT: User level driver support CONFIG_INPUT_JOYDEV: Joystick interface CONFIG_INPUT_JOYSTICK: Joysticks/Gamepads CONFIG_JOYSTICK_XPAD: X-Box gamepad support CONFIG_JOYSTICK_XPAD_FF: X-Box gamepad rumble support CONFIG_JOYSTICK_XPAD_LEDS: LED Support for Xbox360 controller 'BigX' LED CONFIG_MLX5_TLS: Mellanox Technologies TLS Connect-X support CONFIG_MLX5_ESWITCH: Mellanox Technologies MLX5 SRIOV E-Switch suppor CONFIG_MLX5_CLS_ACT: MLX5 TC classifier action support CONFIG_MLX5_TC_SAMPLE: MLX5 TC sample offload support CONFIG_MLXSW_SPECTRUM: Mellanox Technologies Spectrum family support CONFIG_NET_SWITCHDEV: Switch (and switch-ish) device support CONFIG_TLS: Transport Layer Security support CONFIG_TLS_DEVICE: Transport Layer Security HW offload CONFIG_TLS_TOE: Transport Layer Security TCP stack bypass CONFIG_VMD: Intel Volume Management Device Driver added additional sensor drivers: CONFIG_AMD_SFH_HID: AMD Sensor Fusion Hub CONFIG_SENSORS_AQUACOMPUTER_D5NEXT: Aquacomputer D5 Next watercooling pump CONFIG_SENSORS_MAX6620: Maxim MAX6620 fan controller CONFIG_SENSORS_NZXT_SMART2: NZXT RGB & Fan Controller/Smart Device v2 CONFIG_SENSORS_SBRMI: Emulated SB-RMI sensor CONFIG_SENSORS_SHT4x: Sensiron humidity and temperature sensors. SHT4x and compat. CONFIG_SENSORS_SY7636A: Silergy SY7636A CONFIG_SENSORS_INA238: Texas Instruments INA238 CONFIG_SENSORS_TMP464: Texas Instruments TMP464 and compatible CONFIG_SENSORS_ASUS_WMI: ASUS WMI X370/X470/B450/X399 CONFIG_SENSORS_ASUS_WMI_EC: ASUS WMI B550/X570 CONFIG_SENSORS_ASUS_EC: ASUS EC Sensors patch: add reference to missing firmware in drivers/bluetooth/btrtl.c rtl8723d_fw.bin rtl8761b_fw.bin rtl8761bu_fw.bin rtl8821c_fw.bin rtl8822cs_fw.bin rtl8822cu_fw.bin CONFIG_BPF_UNPRIV_DEFAULT_OFF: Disable unprivileged BPF by default patch: quirk for Team Group MP33 M.2 2280 1TB NVMe (globally duplicate IDs for nsid) turn on all IPv6 kernel options: CONFIG_INET6_* CONFIG_IPV6_* CONFIG_RC_CORE: Remote Controller support CONFIG_SFC_SIENA: Solarflare SFC9000 support CONFIG_SFC_SIENA_MCDI_LOGGING: Solarflare SFC9000-family MCDI logging support CONFIG_SFC_SIENA_MCDI_MON: Solarflare SFC9000-family hwmon support CONFIG_SFC_SIENA_SRIOV: Solarflare SFC9000-family SR-IOV support CONFIG_ZRAM: Compressed RAM block device support CONFIG_ZRAM_DEF_COMP_LZ4: Default ram compressor (lz4) turn on all EDAC kernel options CONFIG_EDAC: EDAC (Error Detection And Correction) reporting CONFIG_EDAC_* Base distro: aaa_base: version 15.1 aaa_glibc-solibs: version 2.36 aaa_libraries: version 15.1 at: version 3.2.3 bind: version 9.18.6 btrfs-progs: version 5.19.1 ca-certificates: version 20220622 cifs-utils: version 7.0 coreutils: version 9.1 cracklib: version 2.9.8 cryptsetup: version 2.5.0 curl: version 7.85.0 cyrus-sasl: version 2.1.28 dbus: version 1.14.0 dhcpcd: version 9.4.1 dmidecode: version 3.4 docker: version 20.10.17 (CVE-2022-29526 CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804 CVE-2022-29162 CVE-2022-31030) etc: version 15.1 ethtool: version 5.19 eudev: version 3.2.11 file: version 5.43 findutils: version 4.9.0 firefox: version 105.0.r20220922151854-x86_64 (AppImage) fuse3: version 3.12.0 gawk: version 5.2.0 gdbm: version 1.23 git: version 2.37.3 glib2: version 2.72.3 glibc: version 2.36 glibc-zoneinfo: version 2022c gnutls: version 3.7.7 gptfdisk: version 1.0.9 grep: version 3.8 gzip: version 1.12 hdparm: version 9.65 htop: version 3.2.1 icu4c: version 71.1 inotify-tools: version 3.22.6.0 iperf3: version 3.11 iproute2: version 5.19.0 iptables: version 1.8.8 jemalloc: version 5.3.0 json-c: version 0.16_20220414 json-glib: version 1.6.6 kmod: version 30 krb5: version 1.20 libaio: version 0.3.113 libarchive: version 3.6.1 libcap-ng: version 0.8.3 libcgroup: version 3.0.0 libdrm: version 2.4.113 libepoxy: version 1.5.10 libffi: version 3.4.2 libgcrypt: version 1.10.1 libgpg-error: version 1.45 libidn: version 1.41 libjpeg-turbo: version 2.1.4 libmnl: version 1.0.5 libnetfilter_conntrack: version 1.0.9 libnfnetlink: version 1.0.2 libnftnl: version 1.2.3 libnl3: version 3.7.0 libpng: version 1.6.38 libssh: version 0.10.4 libtasn1: version 4.19.0 libtirpc: version 1.3.3 liburcu: version 0.13.1 libusb: version 1.0.26 libwebp: version 1.2.4 libxml2: version 2.9.14 libxslt: version 1.1.36 libzip: version 1.9.2 logrotate: version 3.20.1 lsof: version 4.95.0 lzip: version 1.23 mc: version 4.8.28 mcelog: version 189 nano: version 6.4 nfs-utils: version 2.6.2 nghttp2: version 1.49.0 nginx: version 1.22.0 ntfs-3g: version 2022.5.17 ntp: version 4.2.8p15 oniguruma: version 6.9.8 openssh: version 9.0p1 openssl: version 1.1.1q (CVE-2022-1292 CVE-2022-2097 CVE-2022-2274) openssl-solibs: version 1.1.1q (CVE-2022-1292) p11-kit: version 0.24.1 pciutils: version 3.8.0 pcre2: version 10.40 perl: version 5.36.0 php: version 7.4.30 (CVE-2022-31625 CVE-2022-31626) pkgtools: version 15.1 rpcbind: version 1.2.6 rsync: version 3.2.6 samba: version 4.17.0 (CVE-2022-2031 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-32742) sqlite: version 3.39.3 sudo: version 1.9.11p3 sysfsutils: version 2.1.1 sysstat: version 12.6.0 sysvinit-scripts: version 15.1 talloc: version 2.3.4 tar: version 1.34 tevent: version 0.13.0 tree: version 2.0.2 util-linux: version 2.38.1 wayland: version 1.21.0 wget: version 1.21.3 xfsprogs: version 5.18.0 xz: version 5.2.6 zlib: version 1.2.12

It's historic... waaay back when AD was first integrated there was no such warning. 'hash' was selected because it uses an algorithmic method of mapping SID's to UID/GID's which didn't require maintaining a database file which would have to be kept on the USB flash device. In Unraid OS users created via the Users webGUI menu item are assigned sequential UID's starting at 1000 and all users are put into the 'users' group (GID 100). The 'nobody' user (UID/GID 99/100) is used for 'guest' access to Public shares. There should be no UID's above 1000 other than created named users. Maybe... But your example is using 'tdb' backend which requires maintenance of a tdb database file. Those statements really should be BOLDED because changing the backend is going to be painful for some users, or an outright security issue. AD integration is pretty complex. One thing we can do before coming up with a definitive answer is that we can patch the Samba code to get rid of that syslog entry. We also want a solution that lets an Unraid server function as an AD Domain Controller (something not possible when we first integrated AD).

Thank you for the bug report. However please post diagnostics.zip obtained after you've made this crash.

Tools/Diagnostics - update the diagnostics.zip file for the -rc release with which crashes occur.

Please try fruit:metadata = netatalk or comment out that line (default for that value is 'netatalk')

In general you DO NOT want this line in the [global] section because if you add a plugin which needs to stack a share-level module (such as the Recycle Bin plugin) then the presence of 'vfs objects' at the share level supersedes the setting in the [global] section. Besides that exact string is already included in every share section.