Sulframus
-
Posts
21 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by Sulframus
-
-
Has anybody been able to get AD LDAP working with dms? I've followed their documentation for AD, but keep getting dovecot auth issues. Reviewed dovecot forums and everything that I have tried still didn't get it to work.
Quotedocker run
-d
--name='Docker-Mailserver'
--net='dockerlan'
-e TZ="Europe/Berlin"
-e HOST_OS="Unraid"
-e HOST_HOSTNAME="Unraid1"
-e HOST_CONTAINERNAME="Docker-Mailserver"
-e 'SSL_TYPE'='letsencrypt'
-e 'ACCOUNT_PROVISIONER'='LDAP'
-e 'LDAP_SERVER_HOST'='ldap://IP:389'
-e 'LDAP_BIND_CN'='username'
-e 'LDAP_BIND_PW'='password'
-e 'LDAP_SEARCH_BASE'='CN=Users,DC=domain,DC=local'
-e 'LDAP_QUERY_FILTER_DOMAIN'='(|(mail=*@%s)(mailAlias=*@%s)(mailGroupMember=*@%s))'
-e 'LDAP_QUERY_FILTER_USER'='(&(objectClass=Person)(mail=%s))'
-e 'LDAP_QUERY_FILTER_ALIAS'='(&(objectClass=Person)(mailAlias=%s))'
-e 'LDAP_QUERY_FILTER_GROUP'='(&(objectClass=Person)(mailGroupMember=%s))'
-e 'LDAP_QUERY_FILTER_SENDERS'='(&(objectClass=Person)(|(mail=%s)(mailAlias=%s)(mailGroupMember=%s)))'
-e 'SPOOF_PROTECTION'='1'
-e 'DOVECOT_USER_FILTER'='(&(objectClass=Person)(mail=%u))'
-e 'DOVECOT_PASS_ATTRS'='uid=user,userPassword=password'
-e 'DOVECOT_USER_ATTRS'='=home=/var/mail/%{ldap:uid},=mail=maildir:~/Maildir,uidNumber=uid,gidNumber=gid'
-e 'ENABLE_SASLAUTHD'='1'
-e 'SASLAUTHD_MECHANISMS'='ldap'
-e 'SASLAUTHD_LDAP_FILTER'='(&(mail=%[email protected])(objectClass=Person))'
-e 'DOVECOT_AUTH_BIND'='yes'
-e 'SSL_KEY_PATH'=''
-e 'SSL_CERT_PATH'=''
-e 'ENABLE_POSTGREY'='1'
-e 'ENABLE_FAIL2BAN'='1'
-e 'ENABLE_CLAMAV'='1'
-e 'POSTFIX_MESSAGE_SIZE_LIMIT'='10240000'
-e 'ENABLE_SPAMASSASSIN'='1'
-e 'ONE_DIR'='1'
-e 'SPAMASSASSIN_SPAM_TO_INBOX'='1'
-e 'ENABLE_MANAGESIEVE'='1'
-l net.unraid.docker.managed=dockerman
-l net.unraid.docker.icon='https://avatars.githubusercontent.com/u/76868633?s=200&v=4'
-p '25:25/tcp'
-p '143:143/tcp'
-p '465:465/tcp'
-p '587:587/tcp'
-p '993:993/tcp'
-p '4190:4190/tcp'
-v '/mnt/user/appdata/dms/mail-data/':'/var/mail/':'rw'
-v '/mnt/user/appdata/dms/mail-state/':'/var/mail-state/':'rw'
-v '/mnt/user/appdata/dms/mail-log/':'/var/log/mail/':'rw'
-v '/mnt/user/appdata/dms/config/':'/tmp/docker-mailserver/':'rw'
-v '/mnt/user/appdata/dms/letsencrypt/':'/etc/letsencrypt/':'rw'
-v '/etc/localtime':'/etc/localtime':'ro'
--hostname mail.domain.tld
--restart always
--cap-add=NET_ADMIN
--cap-add=SYS_PTRACE 'mailserver/docker-mailserver:latest'
ac12ae1a36bc556246a6f5901a91d3c7e413bbaed2f8aa8cd628654ae681844Usernames, passwords, IPs and domains have been changed to be redacted
-
I keep having issues where my activity on most torrents stops being announced. It's usually fixable by forcing recheck, but having to do a recheck for about 20TB of files every few weeks is extremely annoying. Anybody had this issue or would know about a way of to get this fixed? Just updating the tracker is not enough.
-
11 hours ago, Kulisch said:
In this case, they could help because this is a strange behavior and not a initial setup missunderstanding (as i see).
Wish you good luck. 👍
It looks like issue was with Thunderbird. When IMAP fills out the information, it puts the username as admin, not [email protected] and therefore the user is unknown. I now got mail receiving working. Sending e-mails to Gmail for example doesn't work.
Quotemail postfix/smtp[7899]: 5456D3B0000004F8AA7: to=<[email protected]>, relay=none, delay=2259, delays=2198/0.03/60/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2404:6800:4003:c00::1a]:25: Cannot assign requested address)
This looks to be an issue due to my ISP. I will try to call them up, hopefully they will be able to help out.
QuoteC:\>nmap -Pn -p 25 gmail-smtp-in.l.google.com
Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-18 21:41 W. Europe Daylight Time
Nmap scan report for gmail-smtp-in.l.google.com (142.250.27.27)
Host is up.
rDNS record for 142.250.27.27: ra-in-f27.1e100.netPORT STATE SERVICE
25/tcp filtered smtpNmap done: 1 IP address (1 host up) scanned in 2.24 seconds
C:\>nmap -Pn -p 465 gmail-smtp-in.l.google.com
Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-18 21:42 W. Europe Daylight Time
Nmap scan report for gmail-smtp-in.l.google.com (142.250.27.27)
Host is up.
rDNS record for 142.250.27.27: ra-in-f27.1e100.netPORT STATE SERVICE
465/tcp filtered smtpsNmap done: 1 IP address (1 host up) scanned in 2.14 seconds
-
4 minutes ago, Kulisch said:
Very strange... I can't explain how and why this happens... I wish I had something to help you... I'm very sorry that my suggestions didn't help.
Not sure why it happens either, but thank you for your help and time. Your suggestions at least made me understand the way the subdomains work. I will open up an issue on DMS GitHub, hopefully they will be able to help.
-
8 hours ago, Kulisch said:
Do you have a direct connection to the mail server or is something between? Intrusion Prevention System (IPS), Proxy, Firewall? Make sure everything between is not blocking any SMTP requests.
I did have IPS on, disabled it now for testing, still no change. No firewall rules.
8 hours ago, Kulisch said:If there are your accounts you created, then change the password in 123456
This was done multiple times during testing. They show up when doing "setup email list", tried updating the passwords again to 123456, but still the same error message with unknown user appears..
8 hours ago, Kulisch said:And configure DKIM (change 'domain')
Added it before, tried adding again. Tested with domain.com and mail.domain.com.
8 hours ago, Kulisch said:If nothing works, try stop the container, clean the whole paths from DMS in appdata (make sure to backup files you want to keep) and recreate (not restarting) the container by changing something in docker template (add a space or something like that) and apply.
Try to connect with the new credentials or the new account you have created.
Recreated the whole DMS docker, unfortunately still stuck on the same issue.
Went through the "Troubleshooting" article on the DMS github page. The only part relevant is what is shown in docker logs in unraid anyway.
-
On 7/13/2022 at 10:04 AM, Kulisch said:
At first, sorry for the late response.
As far as I know, the mailserver checks the certificates everytime. So it's necessary to have one certificate for every sub/domain which are configured.
Depends what you want. If your mailserver should have the name mail.domain.com you need following:
Name Rec TTL Aux Value @ A 1h 0 123.123.123.123 (Public IP) mail A 1h 0 123.123.123.123 (Public IP) @ MX 1h 0 domain.com
If you want webmail.domain.com instead of mail.domain.com or something else, you can change it as you wish.
You will need the certificates for mail.domain.com and domain.com in this case. (change the --hostname mail.domain.com in advanced view too)
I guess you mean by npm the nginx proxy manager.
If yes, I refer to the earlier posts here in the topic where the nginx proxy manager is used to obtain certificates. I hope you don't make the same mistake and forward all the traffic for SMTP, IMAP and so on to the proxy. The ports must be forwarded to the mail server directly.
i don't use the Nginx Proxy Manager, so I can't give you a detailed instruction how to get the certs and configure it. Im using Swag to obtain Letsencrypt certs.
Please read the previous posts here and maybe you find a solution.
Obtaining (Letsencrypt) certs:
Configure certs for the mailserver:
I think the response time is good for a forum, thank you!
Unfortunately I am still having issues. I have decided to test with the least amount of security just for the testing purposes to see if I will be able to get access to the mail server from a VPN connection.
I don't use NPM for actually port forwarding any of the ports used for DMS, this is done by the router instead, which points to Unraid, where the DMS is running.
I have turned off the Cloudflare proxy for my A records and created them using the same way, that you mentioned. I have turned off SSL to avoid certificate issues. I have recreated the mail accounts. Thunderbird finds the IMAP configuration, but after trying to login it gets stuck on "checking password". Logs from DMS point to an account, that isn't created, which is weird, as I added both [email protected] and [email protected]
QuoteJul 14 18:43:22 domain postfix/submission/smtpd[1338]: connect from unknown[181.214.206.90]
Jul 14 18:43:22 domain postfix/submission/smtpd[1338]: improper command pipelining after EHLO from unknown[181.214.206.90]: QUIT\r\n
Jul 14 18:43:22 domain postfix/submission/smtpd[1338]: disconnect from unknown[181.214.206.90] ehlo=1 quit=1 commands=2
Jul 14 18:43:38 domain dovecot: auth: passwd-file(admin,181.214.206.90,<9qJ2msbjBBm11s5a>): unknown user (SHA1 of given password: 7c4a8d)
Jul 14 18:43:44 domain dovecot: auth: passwd-file(admin,181.214.206.90,<9qJ2msbjBBm11s5a>): unknown user (SHA1 of given password: 7c4a8d)
Jul 14 18:43:50 domain dovecot: auth: passwd-file(admin,181.214.206.90,<9qJ2msbjBBm11s5a>): unknown user (SHA1 of given password: 7c4a8d)
Jul 14 18:43:52 domain dovecot: imap-login: Disconnected (auth failed, 3 attempts in 14 secs): user=<admin>, method=PLAIN, rip=181.214.206.90, lip=172.19.0.20, session=<9qJ2msbjBBm11s5a> -
9 hours ago, Kulisch said:
If you try to send the mail. Does the warning appear in Thunderbird or Docker logs?
If there is a certificate error, maybe you dont have one for the tld (domain.com). I had also an error. After creating a certificate for domain.com and reconfigure the account in thunderbird, the problem didnt appear again. Certs for the subdomain (webmail.domain.com, mail.* smtp.* imap.*) were already there.
If this dont work... What does the mailserver shows in the docker logs after sending the mail?
Does it find the cert files? Which configuration did you use for "Key_Path" (ENV) "Cert_Path" (ENV) and "Mount SSL Path:" (Docker Mount).
Can you find the cert files inside the container?
Note: Recently I bought a new domain for the mailserver and I configured it like this. The censored A records are public IP adresses (example: 123.123.123.123) and the MX record has the TLD. (example: domain.com). NOT mail.domain.com.
I'm not creating DNS entries very often but this setup works for me.
I have following domain certs:
domain.com, webmail.domain.com, smtp.domain.com, mail.domain.com, imap.domain.com
After trying to send some mails, some providers (GMail in my case) started whining that I didnt configured DKIM so I created that.
setup.sh config dkim keysize 2048 domain 'domain.com'
After that, sending and recieving was no problem anymore.
And check the following:
--hostname mail.domain.com
..."Extra Parameters" in "Advanced View".
I hope this informations helps.
No warnings in Thunderbird, but even without sending anything I am being flooded in DMS logs with some connection and losing connection after EHLO from a Mexican domain, which I don't know at all. After blocking that IP in the firewall, the flood stopped. During the time when I send the mail I get the following logs:
Quotepostfix/submission/smtpd[1984]: connect from Thunderbird.localproxy[localipofdocker]
postfix/submission/smtpd[1984]: Anonymous TLS connection established from thunderbird.localproxy[localipofdocker]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25510 server-signature RSA-PSS (2048 bits) server-digest SHA256
postfix/trivial-rewrite[1986]: warning: do not list domain mail.domain.com in BOTH mydestination and virtual_mailbox_domains
postfix/trivial-rewrite[1986]: warning: do not list domain mail.domain.com in BOTH mydestination and virtual_mailbox_domains
postfix/submission/smtpd[1984]:E48BB3B00000003A2672: client=Thunderbird.localproxy[localipofdocker], sasl method=PLAIN, [email protected]
postfix/sender-cleanup/cleanup[1987]: E48BB3B00000003A2672: message-id=<[email protected]>
postfix/sender-cleanup/cleanup[1987]: E48BB3B00000003A2672: replace: header MIME-version: 1.0 from Thunderbird.localproxy[localipofdocker]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[localipofdocker]>: Mime-version: 1.0
opendkim[748]: E48BB3B00000003A2672: no signing table match for '[email protected]'
opendkim[748]: E48BB3B00000003A2672: no signature data
postfix/qmgr[1481]: E48BB3B00000003A2672: from=<[email protected]>, size=372, nrcpt=1 (queue active)
postfix/submission/smtpd[1984]: disconnect from Thunderbird.localproxy[localipofdocker] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
dovecot: imap([email protected])<1949><HXKMbDnjSoSsEwAU>: Logged out in=639 out=1302 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
postfix/smtpd-amavis/smtpd[1992]: connect from localhost[127.0.0.1]
postfix/trivial-rewrite[1986]: warning: do not list domain mail.domain.com in BOTH mydestination and virtual_mailbox_domains
postfix/trivial-rewrite[1986]: warning: do not list domain mail.domain.com in BOTH mydestination and virtual_mailbox_domains
postfix/smtpd-amavis/smtpd[1992]: B131E3B0000003A267E: client=localhost[127.0.0.1]
postfix/cleanup[1993]: B131E3B0000003A267E: message-id=<[email protected]>
postfix/qmgr[1481]: B131E3B0000003A267E: from=<[email protected]>, size=585, nrcpt=1 (queue active)
postfix/trivial-rewrite[1986]: warning: do not list domain mail.domain.com in BOTH mydestination and virtual_mailbox_domains
amavis[1503]: (01503-01) Passed CLEAN {RelayedInbound}, [172.19.0.20]:51820 <[email protected]> -> <[email protected]>, Queue-ID: E48BB3B0000003A2672, Message-ID: <[email protected]>, mail_id: w_XsSRLpFw4Q, Hits: 1.975, size: 338, queued_as: B131E3B0000003A267E, 785 ms
postfix/smtp-amavis/smtp[1988]: E48BB3B0000003A2672: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.82, delays=0.03/0.01/0.01/0.78, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B131E3B0000003A267E)
postfix/qmgr[1481]: E48BB3B0000003A2672: removed
postfix/local[1994]: B131E3B0000003A267E: to=<[email protected]>, relay=local, delay=0.05, dealys=0.02/0.01/0.01, dsn=5.1.1, status=bounced (unknown user: "admin")
postfix/cleanup[1993]: BAC593B000000A2680: message-id=<[email protected]>
postfix/bounce[1999]: B131E3B0000003A267E: sender non-delivery notification: BAC593B0000003A2680
postfix/qmgr[1481]: BAC593B0000003A2680: from=<>, size=2510, nrcpt=1 (queue active)
postfix/trivial-rewrite[1986]: warning: do not list domain mail.domain.com in BOTH mydestination and virtual_mailbox_domains
postfix/qmgr[1481]: B131E3B0000003A267E: removed
postfix/local[1994]: BAC593B0000003A2680: to=<[email protected]>, relay=local, delay=0.01, delays=0.01/0/0/0, dsn=5.1.1, status=bounced (unknown user: "test")
postfix/qmgr[1481]: BAC593B0000003A2680: removed
Certs in the template are setup followingly:
QuoteSSL Type: manual
Mount SSL Path: /mnt/user/appdata/NginxProxyManager/custom_ssl/
Key path: /etc/letsencrypt/domain.com.key
Cert Path: /etc/lesencrypt/domain.com.pem
This is where I store my CloudFlare provided Edge certificates, which are in use by NPM, so they are valid.
Was not aware, that any subdomains were required, as I thought that an A record pointing to my public IP, MX record pointing to A record and TXT records with spf, dkim and dmarc were enough. I do however have my A record proxied through Cloudflare, wondering if this could cause any issues. Would you be able to tell me what the subdomains are required for and what would they need to point to? I thought, that the ports on the firewall had to be routed due to NPM taking only HTTP and HTTPS requests. I see, that you use the webmail.domain.com for the IMAP and SMTP information in Thunderbird? How do you point it in NPM?
I have a single cert, which I believe is either for TLD or wildcard.
I believe, that I already did the DKIM config before, but have done so once again now just in case. However, I don't receive e-mails even internally.
The hostname in the docker template was setup correctly.
Seems like the issue with the warning message in Thunderbird for Certificate error only appears the first time a mail is sent on the account.
EDIT:
Just tested using Thunderbird, that is not running on the same host and I get configuration issue.
-
8 hours ago, Sulframus said:
Thanks for the heads-up on the F2B, didn't decide to turn it off yet. Not sure if I may have gotten banned as the logs are not showing any alerts, what is the default duration for ban, or where would be the bans located, so I can clear them out?
I have used [email protected] for the login in Thunderbird, which was already created prior in the console of the docker by going to the bin folder and running "setup email add [email protected] password". I did however use special characters during the setup. I will try later today again with a second account with basic password.
Thank you.
To correct myself on the first part. Seems like F2B was disabled, as that's what is default to the template.
Using the test account, I was able to connect to the account now in Thunderbird and same for the original mail account when I updated the password to something basic.
Now I have a new problem, which seems quite stupid. In Thunderbird when sending the first mail I get a warning "Sending of the message failed. Peer's Certificate issuer is not recognized. The configuration related to mail.domain.com must be corrected". As mentioned in my previous comment, I am using manual certificates provided by Cloudflare.
I have a MX record created with name domain.com to point to mail.domain.com. Sending mails between the two local accounts doesn't do anything and trying to send a mail from a different SMTP server, such as Gmail yields error that "mail.domain.com could not be found". I have also tried adding e-mail routing in Cloudflare, which I don't think should be necessary, but no change.
-
2 minutes ago, Kulisch said:
Before you start, I hope you have Fail2Ban deactivated in the environment variables to make sure you dont get banned after some "failed" login attempts.
The question is how you login. Do you use the username (<- wrong) and password or [email protected] (<- right) with password you set up.
You can create a test account and delete it. Try something like [email protected] with password 123456. If that works just check the differences between your account name and password complexity (special characters, numeric- alpha numeric and whatsoever).
Which commands did you used for the setup and configuration.
Thanks for the heads-up on the F2B, didn't decide to turn it off yet. Not sure if I may have gotten banned as the logs are not showing any alerts, what is the default duration for ban, or where would be the bans located, so I can clear them out?
I have used [email protected] for the login in Thunderbird, which was already created prior in the console of the docker by going to the bin folder and running "setup email add [email protected] password". I did however use special characters during the setup. I will try later today again with a second account with basic password.
Thank you.
-
Hi, I seem to be struggling with getting some parts right. I use Cloudflare as my DNS provider, where I already have my MX and TXT records setup and have the .pem and .key locations setup in template for manual. I have forwarded all the ports used by the docker at the moment for testing purposes onto the IP of the unraid server. Thunderbird does recognize these records, as it autofills the configuration with IMAP.
However after this part it's when things starting falling apart - when trying to login, I get a message saying "Unable to log in at server. Probably wrong configuration, username or password." I have checked the username and password, which were correct. As there is not a specific error message, I am unsure what would be misconfigured.
Would anybody happen to know what can be causing this issue and possibly the fix?
-
Hi,
I have installed a Nvidia Quadro P2000 into the server. Everything was okay, but as soon as I have installed nvidia-driver the system kept working in a weird way. First of all, the nvidia-driver page was inaccessible as it just kept on loading forever. When opening up the terminal and trying to run nvidia-smi it looked like the terminal was trying to do something, but no output came out. I have decided to try to reboot the server after the install of the driver, but the system would not shutdown no matter how long I kept waiting for and I have to resort to forcefully shutting down the host. I have done some tests and this whole situation only happens when both the drivers and GPU are installed. There is no issue when only the drivers are installed and there is no issue when only the GPU is installed.
-
19 hours ago, Matthew Kent said:
Any updates on this?
I also have a gigabyte 5700xt, and once upon a time with a previous config was doing GPU passthrough without any issues. Then recently I built a new server, put my 5700xt into it, followed the same steps as before and for the life of me can't get the damn thing to work.
Hoping someone's seen the light w/ this card + unraid combo
Unfortunately I've moved my unraid server onto another hardware, so I wasn't able to do the GPU passthrough in the end.
-
So now I'm able to create a VM with the GPU and remote onto it with no problem, but the VM locks up after several minutes and goes back to the state of not being able to remote onto it/turn it off with a graceful shutdown.
-
On 10/28/2021 at 8:22 AM, ghost82 said:
I cannot find any abnormal in the diagnostics, to exclude a vbios issue I would find a way to dump my own vbios.
After dumping the VBios of my own GPU and fully reinstalling the VM, I was able to get it working. But after some time, the VM froze up and now it's doing the same thing as before. I'll retry again tomorrow with a fresh new image, hopefully the results will be good.
-
4 minutes ago, ghost82 said:
I cannot find any abnormal in the diagnostics, to exclude a vbios issue I would find a way to dump my own vbios.
I have tried the script to dump VBios in unraid from Spaceinvader, but it failed with some error. I will put the GPU in another machine to dump the VBios.
-
So I've now double checked, the model is the same, but it's not the specific GPU, that I have. I just updated with the one I have for sure and nothing has changed. Attaching both of them (renamed them for the upload for the convenience).
-
Added VBIOS for my GPU from TechPowerup, reapplied the multifunction, but still the same. Attaching the newest diagnostics.
-
Unfortunately, no dice.
Adding logs from VM itself as well.
-overcommit mem-lock=off \
-smp 8,sockets=1,dies=1,cores=4,threads=2 \
-uuid 3ca404d4-c486-5c66-7ff6-801fe07777ac \
-display none \
-no-user-config \
-nodefaults \
-chardev socket,id=charmonitor,fd=31,server,nowait \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=localtime \
-no-hpet \
-no-shutdown \
-boot strict=on \
-device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x7.0x7 \
-device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x7 \
-device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x7.0x1 \
-device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x7.0x2 \
-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x3 \
-blockdev '{"driver":"file","filename":"/mnt/user/domains/Windows 10/vdisk1.img","node-name":"libvirt-3-storage","cache":{"direct":false,"no-flush":false},"auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-3-format","read-only":false,"cache":{"direct":false,"no-flush":false},"driver":"raw","file":"libvirt-3-storage"}' \
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=libvirt-3-format,id=virtio-disk2,bootindex=1,write-cache=on \
-blockdev '{"driver":"file","filename":"/mnt/user/isos/Windows.iso","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-2-format","read-only":true,"driver":"raw","file":"libvirt-2-storage"}' \
-device ide-cd,bus=ide.0,unit=0,drive=libvirt-2-format,id=ide0-0-0,bootindex=2 \
-blockdev '{"driver":"file","filename":"/mnt/user/isos/virtio-win-0.1.190-1.iso","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":true,"driver":"raw","file":"libvirt-1-storage"}' \
-device ide-cd,bus=ide.0,unit=1,drive=libvirt-1-format,id=ide0-0-1 \
-netdev tap,fd=33,id=hostnet0 \
-device virtio-net,netdev=hostnet0,id=net0,mac=52:54:00:71:36:2a,bus=pci.0,addr=0x2 \
-chardev pty,id=charserial0 \
-device isa-serial,chardev=charserial0,id=serial0 \
-chardev socket,id=charchannel0,fd=34,server,nowait \
-device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 \
-device usb-tablet,id=input0,bus=usb.0,port=1 \
-device vfio-pci,host=0000:09:00.0,id=hostdev0,bus=pci.0,multifunction=on,addr=0x5 \
-device vfio-pci,host=0000:09:00.1,id=hostdev1,bus=pci.0,addr=0x5.0x1 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
2021-10-27 15:44:48.825+0000: Domain id=1 is tainted: high-privileges
2021-10-27 15:44:48.825+0000: Domain id=1 is tainted: host-cpu
char device redirected to /dev/pts/0 (label charserial0) -
8 minutes ago, ghost82 said:
You are trying to passthrough the unique gpu you have in the system, it could work, but you have to probably disable efifb (if unraid is booted with uefi) or vesafb (if unraid is booted with legacy bios).
As you can see a portion of the memory is already in use and cannot be reserved to vfio.
Output of
cat /proc/iomemfrom unraid terminal?
Unraid is booting with UEFI, I have added the "video=efifb:off" previously to GUI mode by a mistake. I have updated it to the default one and rebooted. Now I am see the VM on the router, but no ping, RDP or VNC is working yet.
root@MyServer:~# cat /proc/iomem
00000000-00000fff : Reserved
00001000-0009ffff : System RAM
000a0000-000fffff : Reserved
000a0000-000bffff : PCI Bus 0000:00
000c0000-000dffff : PCI Bus 0000:00
000c0000-000cdfff : Video ROM
000f0000-000fffff : System ROM
00100000-09e0ffff : System RAM
04000000-04a00816 : Kernel code
04c00000-04e4afff : Kernel rodata
05000000-05127f7f : Kernel data
05471000-055fffff : Kernel bss
09e10000-09ffffff : Reserved
0a000000-0a1fffff : System RAM
0a200000-0a20bfff : ACPI Non-volatile Storage
0a20c000-0affffff : System RAM
0b000000-0b01ffff : Reserved
0b020000-c76cf017 : System RAM
c76cf018-c76e7c57 : System RAM
c76e7c58-c76e8017 : System RAM
c76e8018-c76f6057 : System RAM
c76f6058-d174dfff : System RAM
d174e000-d176cfff : ACPI Tables
d176d000-d81a0fff : System RAM
d81a1000-d81a1fff : Reserved
d81a2000-da60bfff : System RAM
da60c000-da749fff : Reserved
da74a000-da759fff : ACPI Tables
da75a000-da861fff : System RAM
da862000-dac21fff : ACPI Non-volatile Storage
dac22000-db77efff : Reserved
db77f000-ddffffff : System RAM
de000000-dfffffff : Reserved
e0000000-fec2ffff : PCI Bus 0000:00
e0000000-f01fffff : PCI Bus 0000:07
e0000000-f01fffff : PCI Bus 0000:08
e0000000-f01fffff : PCI Bus 0000:09
e0000000-efffffff : 0000:09:00.0
e0000000-efffffff : vfio-pci
f0000000-f01fffff : 0000:09:00.0
f0000000-f01fffff : vfio-pci
f8000000-fbffffff : PCI MMCONFIG 0000 [bus 00-3f]
f8000000-fbffffff : Reserved
f8000000-fbffffff : pnp 00:00
fc600000-fc8fffff : PCI Bus 0000:0b
fc600000-fc6fffff : 0000:0b:00.3
fc600000-fc6fffff : xhci-hcd
fc700000-fc7fffff : 0000:0b:00.1
fc700000-fc7fffff : ccp
fc800000-fc807fff : 0000:0b:00.4
fc808000-fc809fff : 0000:0b:00.1
fc808000-fc809fff : ccp
fc900000-fcafffff : PCI Bus 0000:07
fc900000-fc9fffff : PCI Bus 0000:08
fc900000-fc9fffff : PCI Bus 0000:09
fc900000-fc97ffff : 0000:09:00.0
fc900000-fc97ffff : vfio-pci
fc9a0000-fc9a3fff : 0000:09:00.1
fc9a0000-fc9a3fff : vfio-pci
fca00000-fca03fff : 0000:07:00.0
fcb00000-fccfffff : PCI Bus 0000:02
fcb00000-fcbfffff : PCI Bus 0000:03
fcb00000-fcbfffff : PCI Bus 0000:05
fcb00000-fcb03fff : 0000:05:00.0
fcb04000-fcb04fff : 0000:05:00.0
fcb04000-fcb04fff : r8169
fcc00000-fcc7ffff : 0000:02:00.1
fcc80000-fcc9ffff : 0000:02:00.1
fcc80000-fcc9ffff : ahci
fcca0000-fcca7fff : 0000:02:00.0
fcca0000-fcca7fff : xhci-hcd
fcd00000-fcdfffff : PCI Bus 0000:0d
fcd00000-fcd007ff : 0000:0d:00.0
fcd00000-fcd007ff : ahci
fce00000-fcefffff : PCI Bus 0000:0c
fce00000-fce007ff : 0000:0c:00.0
fce00000-fce007ff : ahci
fcf00000-fcffffff : PCI Bus 0000:01
fcf00000-fcf03fff : 0000:01:00.0
fcf00000-fcf03fff : nvme
fd000000-fd0fffff : Reserved
fd000000-fd0fffff : pnp 00:01
fd500000-fd5fffff : Reserved
fea00000-fea0ffff : Reserved
feb80000-fec01fff : Reserved
feb80000-febfffff : amd_iommu
fec00000-fec003ff : IOAPIC 0
fec01000-fec013ff : IOAPIC 1
fec10000-fec10fff : Reserved
fec10000-fec10fff : pnp 00:05
fec30000-fec30fff : Reserved
fec30000-fec30fff : AMDIF030:00
fed00000-fed00fff : Reserved
fed00000-fed003ff : HPET 0
fed00000-fed003ff : PNP0103:00
fed40000-fed44fff : Reserved
fed80000-fed8ffff : Reserved
fed81500-fed818ff : AMDI0030:00
fedc0000-fedc0fff : pnp 00:05
fedc2000-fedcffff : Reserved
fedd4000-fedd5fff : Reserved
fee00000-ffffffff : PCI Bus 0000:00
fee00000-feefffff : Reserved
fee00000-fee00fff : Local APIC
fee00000-fee00fff : pnp 00:05
ff000000-ffffffff : Reserved
ff000000-ffffffff : pnp 00:05
100000000-41f37ffff : System RAM
41f380000-41fffffff : RAM buffer
-
Hi, I'm new to unraid and the community. I have reused parts from my old PC for unraid and I have been trying to get a VM working with my Gigabyte 5700XT to no avail yet. I went step-by-step by Spaceinvader's guide part 1 and 2. I was able to setup the VM and install the virtio drivers. The problems start as soon as I try to change the GPU from VNC to the dedicated GPU. On the first boot of the VM after the change, the VM is stuck on a black screen, unable to gracefully shutdown it has to be force stopped. After that I'm not getting anymore pings, can't see it on the router and can't VNC into the VM when dedicated GPU is selected and I have to force stop. When I change the settings of VM back to VNC, everything works as per usual.
I have now rebuilt the VM 2 times with the same results, tried all PCIe ACS override settings, tried adding the VBIOS manually (download from TechPowerup).
Below can be seen the XML of the VM after changing back and forth from VNC and GPU
<?xml version='1.0' encoding='UTF-8'?>
<domain type='kvm'>
<name>Windows 10</name>
<uuid>3ca404d4-c486-5c66-7ff6-801fe07777ac</uuid>
<metadata>
<vmtemplate xmlns="unraid" name="Windows 10" icon="windows.png" os="windows10"/>
</metadata>
<memory unit='KiB'>8388608</memory>
<currentMemory unit='KiB'>8388608</currentMemory>
<memoryBacking>
<nosharepages/>
</memoryBacking>
<vcpu placement='static'>8</vcpu>
<cputune>
<vcpupin vcpu='0' cpuset='0'/>
<vcpupin vcpu='1' cpuset='6'/>
<vcpupin vcpu='2' cpuset='1'/>
<vcpupin vcpu='3' cpuset='7'/>
<vcpupin vcpu='4' cpuset='2'/>
<vcpupin vcpu='5' cpuset='8'/>
<vcpupin vcpu='6' cpuset='3'/>
<vcpupin vcpu='7' cpuset='9'/>
</cputune>
<os>
<type arch='x86_64' machine='pc-i440fx-5.1'>hvm</type>
<loader readonly='yes' type='pflash'>/usr/share/qemu/ovmf-x64/OVMF_CODE-pure-efi.fd</loader>
<nvram>/etc/libvirt/qemu/nvram/3ca404d4-c486-5c66-7ff6-801fe07777ac_VARS-pure-efi.fd</nvram>
</os>
<features>
<acpi/>
<apic/>
<hyperv>
<relaxed state='on'/>
<vapic state='on'/>
<spinlocks state='on' retries='8191'/>
<vendor_id state='on' value='none'/>
</hyperv>
</features>
<cpu mode='host-passthrough' check='none' migratable='on'>
<topology sockets='1' dies='1' cores='4' threads='2'/>
<cache mode='passthrough'/>
<feature policy='require' name='topoext'/>
</cpu>
<clock offset='localtime'>
<timer name='hypervclock' present='yes'/>
<timer name='hpet' present='no'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/local/sbin/qemu</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='writeback'/>
<source file='/mnt/user/domains/Windows 10/vdisk1.img'/>
<target dev='hdc' bus='virtio'/>
<boot order='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<source file='/mnt/user/isos/Windows.iso'/>
<target dev='hda' bus='ide'/>
<readonly/>
<boot order='2'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<source file='/mnt/user/isos/virtio-win-0.1.190-1.iso'/>
<target dev='hdb' bus='ide'/>
<readonly/>
<address type='drive' controller='0' bus='0' target='0' unit='1'/>
</disk>
<controller type='usb' index='0' model='ich9-ehci1'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x7'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci1'>
<master startport='0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0' multifunction='on'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci2'>
<master startport='2'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x1'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci3'>
<master startport='4'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<controller type='virtio-serial' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</controller>
<interface type='bridge'>
<mac address='52:54:00:71:36:2a'/>
<source bridge='br0'/>
<model type='virtio-net'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<channel type='unix'>
<target type='virtio' name='org.qemu.guest_agent.0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<input type='tablet' bus='usb'>
<address type='usb' bus='0' port='1'/>
</input>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x09' slot='0x00' function='0x0'/>
</source>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</hostdev>
<hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x09' slot='0x00' function='0x1'/>
</source>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</hostdev>
<memballoon model='none'/>
</devices>
</domain>
[Support] Docker-Mailserver
in Docker Containers
Posted · Edited by Sulframus
Okay, I've finally figured it out. There were issues on top of issues. The actual working config with Active Directory using attributes proxyAddresses is following.