start846432

Members
  • Posts

    13
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

start846432's Achievements

Noob

Noob (1/14)

0

Reputation

  1. Recently had a problem where I frequently was unable to browse secure shares on my AD joined Unraid instance - whenever I tried to access a share using my account, I would continually be prompted for a username and password. Using any other AD account worked fine. Suspect this is due to my trying to create a user in the webUI with the same username - it appears that while the user is not created and passwd/shadow remain clear, the user is still created in the samba user directory (tdbsam?). When trying to browse secure shares, it would authenticate using my AD account and then try to authenticate using the tdbsam one. Details of what (I believe) the problem is in the thread below: I haven't tried to reproduce this issue as I do not want to go through that hassle again. Also, there was no error generated when the user creation failed - the Unraid 'loading' logo was present for a few seconds then just disappears.
  2. Unjoined and rejoined the domain and it looks to be working for now. Will see if its still working in a couple of days: root@unraid-server:~# smbstatus Samba version 4.11.4 PID Username Group Machine Protocol Version Encryption Signing ---------------------------------------------------------------------------------------------------------------------------------------- 35566 stuart domain users 192.168.20.101 (ipv4:192.168.20.101:55358) SMB3_11 - partial(AES-128-CMAC) Service pid Machine Connected at Encryption Signing --------------------------------------------------------------------------------------------- IPC$ 35566 192.168.20.101 Tue Aug 11 09:18:34 PM 2020 BST - - Movies 35566 192.168.20.101 Tue Aug 11 09:18:39 PM 2020 BST - - TV Series 35566 192.168.20.101 Tue Aug 11 09:18:34 PM 2020 BST - -
  3. So that problem above has gone away, but now have another. Aug 11 18:43:53 unraid-server smbd[5215]: [2020/08/11 18:43:53.857174, 2] ../../source3/auth/token_util.c:719(finalize_local_nt_token) Aug 11 18:43:53 unraid-server smbd[5215]: WARNING: Failed to create BUILTIN\Administrators group! Can Winbind allocate gids? Aug 11 18:43:53 unraid-server smbd[5215]: [2020/08/11 18:43:53.857380, 2] ../../source3/auth/token_util.c:739(finalize_local_nt_token) Aug 11 18:43:53 unraid-server smbd[5215]: WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
  4. Its still trying to lookup that old SID: Aug 11 10:20:39 unraid-server winbindd[4975]: winbindd_getpwuid_send: [nss_winbind (8365)] getpwuid 697828434 Aug 11 10:20:39 unraid-server winbindd[4975]: [2020/08/11 18:20:39.219803, 1, pid=4975, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug) Aug 11 10:20:39 unraid-server winbindd[4975]: wbint_LookupSid: struct wbint_LookupSid Aug 11 10:20:39 unraid-server winbindd[4975]: in: struct wbint_LookupSid Aug 11 10:20:39 unraid-server winbindd[4975]: sid : * Aug 11 10:20:39 unraid-server winbindd[4975]: sid : S-1-5-21-3082517578-424073282-931750821-1000 Which doesn't appear to exist: root@unraid-server:/# wbinfo -s S-1-5-21-3082517578-424073282-931750821-1000 failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND Could not lookup sid S-1-5-21-3082517578-424073282-931750821-1000 Not sure what service would need restarting or what cache needs flushing, so in the interests of speed and effort I think I will go full Windows on this problem and restart the Unraid server.
  5. Not sure if your comment is in response to something I have done or said directly, but I am in agreement. In my case, my normal daily account (stuart) is a standard user with no extra privs outside of those granted on Unraid shares. An admin account (stuart.admin) is used for any admin tasks.
  6. There she blows: root@unraid-server:/# pdbedit -L INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 doing parameter syslog = 10 WARNING: The "syslog" option is deprecated doing parameter syslog only = Yes WARNING: The "syslog only" option is deprecated doing parameter show add printer wizard = No doing parameter disable spoolss = Yes doing parameter load printers = No doing parameter printing = bsd doing parameter printcap name = /dev/null doing parameter invalid users = root doing parameter unix extensions = No doing parameter wide links = Yes doing parameter use sendfile = Yes doing parameter aio read size = 0 doing parameter aio write size = 4096 doing parameter allocation roundup size = 4096 WARNING: The "allocation roundup size" option is deprecated doing parameter acl allow execute always = Yes doing parameter ntlm auth = Yes doing parameter include = /boot/config/smb-extra.conf doing parameter include = /tmp/unassigned.devices/smb-settings.conf doing parameter include = /etc/samba/smb-shares.conf pm_process() returned Yes lp_servicenumber: couldn't find homes Netbios name list:- my_netbios_names[0]="UNRAID-SERVER" Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to find a passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb pdb_set_username: setting username stuart, was pdb_set_domain: setting domain UNRAID-SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Stuart, was Home server: unraid-server pdb_set_homedir: setting home dir \\unraid-server\stuart, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: unraid-server pdb_set_profile_path: setting profile path \\unraid-server\stuart\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-3082517578-424073282-931750821-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3082517578-424073282-931750821-1000 from rid 1000 pdb_set_username: setting username stuart, was pdb_set_domain: setting domain UNRAID-SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Stuart, was Home server: unraid-server pdb_set_homedir: setting home dir \\unraid-server\stuart, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: unraid-server pdb_set_profile_path: setting profile path \\unraid-server\stuart\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-3082517578-424073282-931750821-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3082517578-424073282-931750821-1000 from rid 1000 Finding user stuart Trying _Get_Pwnam(), username as lowercase is stuart Get_Pwnam_internals did find user [stuart]! stuart:697828434:Stuart And then its gone: root@unraid-server:/# pdbedit -x -u stuart INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 doing parameter syslog = 10 WARNING: The "syslog" option is deprecated doing parameter syslog only = Yes WARNING: The "syslog only" option is deprecated doing parameter show add printer wizard = No doing parameter disable spoolss = Yes doing parameter load printers = No doing parameter printing = bsd doing parameter printcap name = /dev/null doing parameter invalid users = root doing parameter unix extensions = No doing parameter wide links = Yes doing parameter use sendfile = Yes doing parameter aio read size = 0 doing parameter aio write size = 4096 doing parameter allocation roundup size = 4096 WARNING: The "allocation roundup size" option is deprecated doing parameter acl allow execute always = Yes doing parameter ntlm auth = Yes doing parameter include = /boot/config/smb-extra.conf doing parameter include = /tmp/unassigned.devices/smb-settings.conf doing parameter include = /etc/samba/smb-shares.conf pm_process() returned Yes lp_servicenumber: couldn't find homes Netbios name list:- my_netbios_names[0]="UNRAID-SERVER" Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to find a passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb pdb_set_username: setting username stuart, was pdb_set_domain: setting domain UNRAID-SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Stuart, was Home server: unraid-server pdb_set_homedir: setting home dir \\unraid-server\stuart, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: unraid-server pdb_set_profile_path: setting profile path \\unraid-server\stuart\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-3082517578-424073282-931750821-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3082517578-424073282-931750821-1000 from rid 1000 account_policy_get: name: maximum password age, val: -1 Finding user stuart Trying _Get_Pwnam(), username as lowercase is stuart Get_Pwnam_internals did find user [stuart]! Opening cache file at /var/cache/samba/gencache.tdb xid_to_sid: GID 697827841 -> S-1-5-21-118681608-2407770303-1789361243-513 from cache Forcing Primary Group to 'Domain Users' for stuart account_policy_get: name: password history, val: 0 pdb_set_username: setting username stuart, was pdb_set_domain: setting domain UNRAID-SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Stuart, was Home server: unraid-server pdb_set_homedir: setting home dir \\unraid-server\stuart, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: unraid-server pdb_set_profile_path: setting profile path \\unraid-server\stuart\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-3082517578-424073282-931750821-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3082517578-424073282-931750821-1000 from rid 1000 pdb_set_group_sid: setting group sid S-1-5-21-3082517578-424073282-931750821-513 dbwrap_lock_order_lock: check lock order 1 for /var/lib/samba/private/passdb.tdb lock order: 1:/var/lib/samba/private/passdb.tdb 2:<none> 3:<none> dbwrap_lock_order_unlock: release lock order 1 for /var/lib/samba/private/passdb.tdb dbwrap_lock_order_lock: check lock order 1 for /var/lib/samba/private/passdb.tdb lock order: 1:/var/lib/samba/private/passdb.tdb 2:<none> 3:<none> dbwrap_lock_order_unlock: release lock order 1 for /var/lib/samba/private/passdb.tdb Restart samba, make sure there are no SMB sessions, and delete all sessions on Windows and..... still doesnt work.... fault finding continues.... root@unraid-server:/# samba restart Starting Samba: /usr/sbin/smbd -D /usr/sbin/wsdd /usr/sbin/winbindd -D root@unraid-server:/# smbstatus Samba version 4.11.4 PID Username Group Machine Protocol Version Encryption Signing ---------------------------------------------------------------------------------------------------------------------------------------- Service pid Machine Connected at Encryption Signing --------------------------------------------------------------------------------------------- No locked files PS C:\Users\stuart> net use New connections will be remembered. Status Local Remote Network ------------------------------------------------------------------------------- OK \\unraid-server\Movies Microsoft Windows Network The command completed successfully. PS C:\Users\stuart> net use * /d You have these remote connections: \\unraid-server\Movies Continuing will cancel the connections. Do you want to continue this operation? (Y/N) [N]: y The command completed successfully.
  7. Ok so there is definately some entry locally for my username - that SID I dont recognise is local: root@unraid-server:/# wbinfo -s S-1-5-21-3082517578-424073282-931750821-1000 UNRAID-SERVER\stuart 1 root@unraid-server:/# wbinfo -s S-1-5-21-118681608-2407770303-1789361243-1106 ad\stuart 1
  8. I've dialed the logging up to 10 in smb.conf and grabbed a copy of syslog after trying to access a share. I'm not that conversant with SMB as a protocol but it appears that I do login successfully, although the wheels come off after samba has read the smb-shares.conf file - windbindd appears to try and convert a SID to a username, but its using a SID I don't recognise (S-1-5-21-3082517578-424073282-931750821-1000 rather than S-1-5-21-118681608-2407770303-1789361243-1106 - line 1508 in the attached log). syslog_fail1.txt
  9. I read the link above and don't believe it applies to me. So the plot thickens... If I ssh to the server and run id stuart, it cant find my account. If I run id <any other account in AD>, it works fine: root@unraid-server:~# id stuart id: ‘stuart’: no such user root@unraid-server:~# id stuart.admin uid=697828445(stuart.admin) gid=697827841(domain users) groups=697827841(domain users),697827840(domain admins) <blah> So I am leaning towards the issue being limited to my account. Not sure if its relavant, but I had tried creating an account within the Unraid webUI with the username stuart, although this always failed - having learnt a bit more, I'm thinking this is because you cant have a user in both AD and passwd with the same username? I'm also thinking if this is potentially where the problem is - maybe there is some artifact of that local account creation lying around somewhere. passwd and shadow appear to be clear though: root@unraid-server:~# grep stuart /etc/passwd root@unraid-server:~# grep stuart /etc/shadow root@unraid-server:~# grep stuart /etc/group root@unraid-server:~#
  10. Thanks for the reply. All shares are Secure, and as domain accounts will be used the issue of single user per SMB server only won't (shouldn't) affect me. When you say domain master, are you talking about an Active Directory domain controller? Unraid is a domain member now (computer account created).
  11. Hello, Currently trialing Unraid and am hitting a problem with SMB shares in a domain setup. Unraid is domain joined and everything works well - I've setup privs on shares through Windows such that my normal account I logon to the computer with can access them. However, I find that frequently I come back to them after some period of time and I am prompted to enter a username/password to access the shares but this does not work. I've upped the logging in smb.conf to 3 and get the following when trying to access shares: Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.246495, 1] ../../lib/param/loadparm.c:1837(lpcfg_do_global_parameter) Aug 10 22:50:40 unraid-server smbd[60301]: WARNING: The "encrypt passwords" option is deprecated Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.246530, 1] ../../lib/param/loadparm.c:1837(lpcfg_do_global_parameter) Aug 10 22:50:40 unraid-server smbd[60301]: WARNING: The "null passwords" option is deprecated Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.246664, 1] ../../lib/param/loadparm.c:1837(lpcfg_do_global_parameter) Aug 10 22:50:40 unraid-server smbd[60301]: WARNING: The "syslog" option is deprecated Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.246707, 1] ../../lib/param/loadparm.c:1837(lpcfg_do_global_parameter) Aug 10 22:50:40 unraid-server smbd[60301]: WARNING: The "syslog only" option is deprecated Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.246802, 1] ../../lib/param/loadparm.c:1837(lpcfg_do_global_parameter) Aug 10 22:50:40 unraid-server smbd[60301]: WARNING: The "allocation roundup size" option is deprecated Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.246874, 2] ../../source3/param/loadparm.c:2800(lp_do_section) Aug 10 22:50:40 unraid-server smbd[60301]: Processing section "[Backups]" Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.246930, 2] ../../source3/param/loadparm.c:2800(lp_do_section) Aug 10 22:50:40 unraid-server smbd[60301]: Processing section "[Downloads]" Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.246986, 2] ../../source3/param/loadparm.c:2800(lp_do_section) Aug 10 22:50:40 unraid-server smbd[60301]: Processing section "[Home Videos]" Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.247048, 2] ../../source3/param/loadparm.c:2800(lp_do_section) Aug 10 22:50:40 unraid-server smbd[60301]: Processing section "[Movies]" Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.247106, 2] ../../source3/param/loadparm.c:2800(lp_do_section) Aug 10 22:50:40 unraid-server smbd[60301]: Processing section "[Pictures]" Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.247165, 2] ../../source3/param/loadparm.c:2800(lp_do_section) Aug 10 22:50:40 unraid-server smbd[60301]: Processing section "[Scanned Documents]" Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.247222, 2] ../../source3/param/loadparm.c:2800(lp_do_section) Aug 10 22:50:40 unraid-server smbd[60301]: Processing section "[Software]" Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.247279, 2] ../../source3/param/loadparm.c:2800(lp_do_section) Aug 10 22:50:40 unraid-server smbd[60301]: Processing section "[TV Series]" Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.247359, 2] ../../source3/param/loadparm.c:2800(lp_do_section) Aug 10 22:50:40 unraid-server smbd[60301]: Processing section "[Videos]" Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.247418, 2] ../../source3/param/loadparm.c:2800(lp_do_section) Aug 10 22:50:40 unraid-server smbd[60301]: Processing section "[eBooks]" Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.248618, 0] ../../source3/auth/token_util.c:565(add_local_groups) Aug 10 22:50:40 unraid-server smbd[60301]: add_local_groups: SID S-1-5-21-118681608-2407770303-1789361243-1106 -> getpwuid(697828434) failed, is nsswitch configured? Aug 10 22:50:40 unraid-server smbd[60301]: [2020/08/11 06:50:40.248645, 1] ../../source3/auth/auth_generic.c:173(auth3_generate_session_info_pac) Aug 10 22:50:40 unraid-server smbd[60301]: Failed to map kerberos pac to server info (NT_STATUS_NO_SUCH_USER) The SID on the 3rd to last line is the SID for my account. I've restarted my computer but no change. I've stopped and started the array but no change. If I enter a different set of credentials at the login prompt, then that does work. SMB config: root@unraid-server:~# cat /etc/samba/smb-names.conf # Generated names netbios name = unraid-server server string = Media server hide dot files = yes multicast dns register = No disable netbios = yes server min protocol = SMB2 security = ADS workgroup = ad realm = ad.xxxx.xx encrypt passwords = Yes null passwords = Yes idmap config * : backend = hash idmap config * : range = 10000-4000000000 winbind use default domain = Yes ldap ssl = No nt acl support = Yes acl map full control = Yes acl group control = Yes inherit acls = Yes inherit permissions = Yes map acl inherit = Yes dos filemode = Yes store dos attributes = Yes map archive = No map hidden = No map system = No map readonly = No
  12. Post updated making it clear this is internally accessible only - it wont be exposed to the internet.
  13. Hello, Currently testing Unraid with a view to buying a licence, and am looking to put the WebUI through an internal Nginx proxy so its covered by a trusted SSL cert (I know there is a self-signed UI available, but would like it all put through the internal proxy). It all works for the most part, but some items do not: CPU use does not update on the Dashboard page Cant open VNC viewer for VMs/console window for Unraid server Has anyone had any luck putting the WebUI behind Nginx? Note that this will only be internally accessible - it will not be internet facing. Thanks