Evenimous

I have noticed an odd behavior regarding permissions set on SMB file shares for my client computers. For some context, let me paint the situation Client A is trying to access file 22.xyz on share "client" under /mnt/users/client/folder/22.xyz, mounted on their Windows 11 Pro system under drive letter V, as V:/folder/22.xyz. Client A's is connected to said share as Unraid user "user", and this user has full read, write, and execute permissions on this share. Client A can fully access 22.xyz, can read, write, and execute it. Client A wanted to copy file 22.xyz into V:/folder/subfolder, but they cannot access V:/folder/subfolder at all. That subfolder was entirely blocked from reading, writing, and executing. 0 permissions. I tried fixing this by going into the terminal and reapplying the full permissions for their UnRaid user account on the share, which did not seem to do anything. Then, I went into the terminal from the GUI, and chmod -R -v 775 on the subfolder, but the user was still not able to read this. I tried disconnecting the user from the share, and then reconnecting them from the share, and they could still not read the share I tried fixing this again by going into the terminal and chmod -R -v 777 on the subfolder, and it finally worked. Now, the reason I'm making this post is because I do not fully understand what is happening. They are connected to the SMB share as "user" that is fully capable of reading, writing, and executing on any of the content inside. The share was set in the UnRaid gui as Export: YES, and Security: PRIVATE, which to me just means 770 permissions. They signed in as "user" from the "users" group, which to my understanding is from the default group in UnRaid, and to my knowledge, should be totally capable of using anything in the folders. What can cause this behavior? Does this mean that my UnRaid server is treating the client computer as their Windows User? What can I do to prevent this from happening in the future?

I just want to be done with this thread, so I'll say what I'm doing to get around this here, and mark it as my solution. I already know this will work, but I wanted to learn a more proper way to do this, hence the rabbit hole I went down. If anybody ever finds a solution to this problem, please leave a reply on this thread for others to see. I'm genuinely disappointed with the Active Directory implementation in UnRAID. I love the operating system for what it is, and everything aside from these permissions has been a breeze. Setup was easy, configuring plugins was easy, the forum is very helpful, and everything is documented in a way that makes it easy to understand. I didn't really have a better alternative that wouldn't have been some ungodly expensive Microsoft product, so it was worth a shot. Regardless, here's what I'm going to do; I'm unable to access my files when the "root" user creates them with any commands like rsync, and I'm not aware of a way to log in as an active directory user in the terminal, since I can't log in as my UnRAID users, so I'll be doing the sinful method of transfer with file explorer one transfer at a time to make sure ownership is from my active directory account. I have approx 6.8TB of data, though a lot of it is in computer images, which tend to be larger in size, so almost half of the data will write sequentially, so it shouldn't be too awful in practice, just tedious. Create new shares and start fresh for those, to ensure that permissions aren't borked from my previous activity on them. I'm probably not going to copy all of my old data, as this is a great opportunity to organize and get rid of what I don't need.

Update 2; 1.) After doing some testing, I realized that it's not necessarily that the changes won't propagate, but rather that I don't think UnRAID is capable of setting the "modify" only permission with this user group via the file explorer interface. You can see an example of this with me trying to apply that setting to a brand new share, and a brand new user group. I have attached a video below. 2.) I went through and reset the DNS configuration to default, then created it again, and rejoined it to the domain. All seems to be working well now, and I'm able to freely speak through DNS IPv4. You'll notice how it's nearly instant now when I open the security tab for my share in file explorer, rather than having that long loading screen from before. Notes regarding what I learned; UnRAID seems to REALLY dislike secondary domain controllers. With the secondary domain controller listed, it didn't seem to want to work, regardless of whether or not it was set as the first or second dns server. I have, for the time being, fallen back to using my PDC as the primary DNS server, and my router as the third DNS server. This is a little bit of a bummer since I don't have redundancy now. AD Domains, at least modern ones, seem to primarily want to speak over IPv6. When I do anything domain related from my windows box, it seems to be speaking over IPv6, though whenever anything domain related is done over the UnRAID box, it only has IPv4 available and set for DNS servers, so it only speaks via IPv4. 2022-08-31 15-32-27.mp4

2022-08-31 14-16-32.mp4

Update; 1.) I have checked over all of the DNS configuration for my UnRAID computer, as I figured that could be a culprit for the weird behavior The static ip address, the subnet mask, the network protocol settings, the default gateway, and the dns servers are all set correctly. These are the only things that I have changed from their default values from when I installed the OS, so all is well here. When doing some testing regarding DNS, I found that my UnRAID computer is unable to DNS lookup the *name* of the DNS server, though it is perfectly capable of using the IP address of the server. I will look more into this, as I believe you need both to be functional for Active Directory to work appropriately. 2.) I moved and/or deleted all of the data that was in the problem shares out of the share, and then I tried changing the permissions of the share again. I did this from my domain administrative login, as I previously granted domain admins full control of the share. I was unable to, though not in an authoritarian, "you are not allowed" way, but rather that it *looks* as though it has completed and worked, though when you go to check, it hasn't actually done anything. I recorded a video of this, so that I may show it here. You will also notice that it takes an incredibly long time for the security settings to load, as I'm not able to click "edit" in the file explorer window. I believe this is because of the DNS issue I mention above.

Both of your replies were deserving of the "answer" mark. Thank you both. I actually was unaware of this. That explained everything I needed to know.

Hello helpful forum, I'm using UnRAID version 6.9.2. I have a few questions regarding file and directory permissions for UnRAID shares when using Active Directory that I wanted to ask outwardly, and I've seen similar issues brought up by others here on the forum, but not specifically the issue I'm having. Long story short for my actual questions; How may you quickly and efficiently change the permissions of the shares that already contain TBs of data for Windows users? This ISN'T the "SMB Security Settings" or "SMB User Access" that are mentioned in the settings of a share, as when you are connected to an Active Directory, it seems to me that you are unable to access the SMB shares as the UnRAID User accounts. I elaborate more below. Windows seems to manually go through each file when changing permissions for them. Is there a way to do this locally on the server with a tool like CACLS or ICACLS, as shown here? Also, I'm aware of the new permissions tool, though it doesn't suit my needs, as I'm not able to connect with those UnRAID users anyways. Also, the same applies to chmod -R 777. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/icacls https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cacls User @CallOneTech mentions in his post (see at bottom of my post), which references a similar problem to the one I am having. In the first edit, he mentions how his UNRAID is not listed anywhere on his AD Domain. For me, my UnRAID machine connected up flawlessly to my AD Domain, and was automatically listed as a computer in the domain. You can see this in my attached photo. I figured this was relevant to bring up given circumstances. In his second edit, he mentions how his connection to AD is broken, but that UnRAID doesn't seem to know this. I believe I am having a similar issue, though not all of the time. To elaborate, I've attached a video of me changing file permissions on a folder in one of my shares, and you can clearly see that it WAS working, but then suddenly the domain groups stop appearing correctly, and show as a string of characters, and then the permissions changing stops, without giving me any sort of error. I also checked in the webGUI, and connection to the active directory domain was listed as "joined", which is as it should be. This makes it impossible for me to change permissions on large datasets via windows explorer, as it simply won't finish without stopping partway through. This brings me to the first question I posed at the top. The goal is to set permissions for my active directory domain groups and users, though I'm incapable of changing them, and I'm incapable of accessing the files using the UnRAID Users. I verified the passwords of my UnRAID users, and then attempted to with the credentials set as "domain/user" and its password, in this case, "Sedona/IT", with the appropriate password, though it does not allow me to connect. I tried these things as fixes for that connection problem; Disconnected my personal computer from all of the shares on Sedona. My reasoning is because of the reference under "Windows 'Gotcha'" at the bottom of the page on the UnRAID manual, here: https://wiki.unraid.net/Manual/Shares#Network_access Went to windows "Credential Manager", and deleted the credentials that I had for Sedona, so that I may enter them fresh again when I go to connect. Connected using the various inputs in the "user" field, such as "Sedona/IT", and "IT". None of them work, and if I don't specify that I'm trying to connect to "Sedona" in that user field, it defaults to trying to use my domain as the login. I'm not sure if I'm missing something, and I haven't been able to find someone who's had the same problem as me, as it's niche. wtf-permissions-clip.mp4

Hello, I'm aware that versions of unraid such as 6.11.0-RC are pre release versions, though I'm curious what "RC" stands for, and I can't seem to find any description of what it stand for in the post made by LimeTech. Is this written somewhere on the forum that I'm unaware of? I tried using the search function to look for it, but nobody had asked this question, so I figured I'd post it here.

How did you get the linux style permissions (RWX) to show up? Mine only shows the usual Windows style DACL. I've attached a photo so you can see what I mean

I have found that you should be able to change the files permissions in windows explorer, by right clicking and changing the permissions there. I will say, for some reason, with a larger dataset, you might have to do folders individually. I tried setting permissions on a larger, 1tb dataset, and it failed partway through for me, but doing them one by one or on smaller (<100GB) data sets, or smaller quantity, larger files works fine

Update; 6.10.3 fixes this. Forgot to post this and mark as solution, so I'm doing it late

For me, as an active directory unraid user, inheritance works fine, you just need to set the permissions that you plan to use before you copy files into the directory or the subfolders of the directory. When you say it doesn't seem to stick, what do you mean?

So far, 89 days, 21 hours. I recently built it too, I think it's around 160 days old. Pretty sure I rebooted for an update of some sort.

64GB, with two sticks. I'm using an old supermicro board (x9dre-tf+) that's compatible with LRDIMM ecc modules, so I decided to go with some IBM 1066MHz 32gb LRDIMMs, since they were cheap and some people on another forum said they'd work with my board. $34 a piece. I wanted to do some virtualization with my box, but haven't done any yet. A little bit overkill for the moment being.

Seagate. I'm aware of their supposedly higher failure rate than other models when viewed in large numbers, but every seagate drive i've used has been a dream, where as most of my western digital drives have failed, including in other NAS. Hopefully my Unraid box lasts well with the Seagate drives I have in it.

Interesting. I exclusively use Google Chrome since I'm aware they're generally at the forefront of web browsers. Another user on a post I made on the reddit forum said that it is an issue that could be solved when updating to 6.10.3 over 6.9.2.

96tb, with 6 Seagate Exos x16 16TB drives. Funny story with these is that I actually ordered 14TB drives, and received 16TB drives. Warranty checked out on Seagate's website, and the drives were brand new according to smart data, so I used them and went along. Free 12TB, thanks Amazon! 🤣 Specs: Fractal Design Define 7XL Supermicro X9DRE-TF+ Xeon E5-2660 v2 (x2) Arctic Freezer 34 Esports Duo (x2) 64gb (2x32GB) 1066MHz IBM Rdimm (78P1539) Corsair HX750 Platinum. 5 pack of Arctic P12 PWM PST fans for cooling 1 Noctua A4x10 FLX for the HBA card (more info below) Drives: Samsung BAR 32GB boot Adaptec ASR-71605 with the A4x10 FLX noctua fan screwed into the heatsink for cooling CableCreation Mini 0.5 Meter 8643 Sas to Sata breakout cables Total Cost was $2511 pre tax. Personally very pleased with it.

I currently have one. I use one as a NAS at work, and plan to use it for virtualization as well. I would like to build another for home eventually, though I don't really need it right now. I have 5tb of storage in my PC at home, so my family sort of just uses my pc as a vault anyways. We have multiple backups of our data, so I'm not too concerned of my pc crashing and losing it either, so I haven't been able to justify building an Unraid box for home.

Hello, I noticed a bug with Unraid's Notifications this morning that I wanted to share, and see if anyone else has had too. I am on version 6.9.2 of Unraid. I have my server set to report the health of the array every night, 20 minutes after midnight. It leaves notifications in the notifications tray under the "Main" tab on the GUI. If I am on the main tab, and I click to dismiss all notifications, the notifications will NOT be dismissed. They will keep popping back up as though they were new notifications, repeatedly, and instantly, retaining the proper timestamps from when they initially came through. Even if I click manually, it will not close any of the notifications. What I have found fixes the issue is if I click dismiss all, then click on another tab, such as Dashboard, or Shares, and then click back on Main. Is anybody else having this issue?

Thank you! I did not receive the same permissions issues when I created a root share via the Unassigned Devices plugin, then connected through there. I am able to see all of my shares from within it. I moved many large files as quickly as I wanted using this.

Hello community, this will be my first post. I have been using UnRaid PRO version 6.9.2 for about two months now. I have my UnRaid box connected to my AD Domain hosted by a windows server 2008 box via the method under SMB settings in the UnRaid GUI where you may type the FQDN in to connect to a domain. I have a few shares, one of which is a private one, accessible only by my administrative account in the domain, and an "it" user I created in UnRaid. I recently transferred all of the data to this private share from my old QNAP NAS to via Rsync, which went perfectly. I'd like to use the rootshare method, as it is quick and local to the server, which already has the data I want on it, on the disks I want it on, to reorganize my data by moving data from within /mnt/user/<share> to /mnt/user/<share2>, so that I may take down my old QNAP NAS and continue forwards solely with UnRaid. Here are the steps that I have followed to connect the "it" user of UnRaid to the root share as a mapped drive: 1.) Stopped the array 2.) Went to SMB Extras, and added the following: [rootshare] path = /mnt/ comment = browseable = no # Secure public = no valid users = it writeable = yes vfs objects = 3.) Started the array back up 4.) Then, I went to my windows 10 pro desktop, to file explorer, and attempted to map a network drive as the following: (note: the UnRaid Server's name is "Sedona". Also, I had previously connected with different credentials, so I disconnected all mapped network drives to Sedona, and then deleted all of the credentials I had for it in Windows Credential Manager in the Control Panel) User: sedona\it PW: xxxxxx This did not work, so I tried connecting connecting using a capital S, which did not work. I then tried using the IP address of the server rather than the DNS name, which has been set to a static 192.168.1.6, which also did not work. Then I tried using NO xxxx\, and only put "it". This also did not work. So, I'm stumped. I looked around here on the forum and at the subreddit, and have not been able to find anyone who has had my issue. is there any other way to connect to the rootshare from my desktop to perform my transfer? Is there some issue with mapping a network drive on a windows computer, using the unraid user schema, when unraid is a part of an AD Domain? Any help is appreciated, thanks.