Geoff Bland

Yes, done. Thanks.

Suggestion for an improvement: Please see this support issue I raised: Fix Common Problems Reporting Server Out Of Memory Errors Basically if a container that has restricted RAM runs out of that RAM UNRAID will "sacrifice the child" and kill the container process, this gets reported to the syslog. Fix Common Problems reports this as if the server has run out of memory. It would be nicer to report that "container X has run out of memory...".

OK I've done some further research. This may be a false alarm from the Fix Common Problems plugin. The actual error is "Memory cgroup out of memory", this is not the server running out of memory - rather a single container, which was constrained to 2GB total, has run out of memory. The OS has restarted just that container and flagged this warning. So the warning from Fix Common Problems about "Your server has run out of memory..." is a bit misleading (and overly worrying). Perhaps Fix Common Problems can detect this as a different kind of error and report "Your container X has run out of memory..."

Thanks for the quick response. >If it's a one time thing you can ignore, It's ocurred twice now. Both in the last 3 weeks. If it occurs again I'll post back here. >if it keeps happening try limiting more the RAM for VMs and/or docker containers, the problem is usually not just about not enough RAM but more about fragmented RAM, Can you explain some more on this point please? As I have less than 25% utilization of RAM on this server (over 100GB RAM free) it would be strange for fragmentation to occur, this normally only occurs when RAM usage is getting over 50%. A quick look at top shows over 104GB is used by cache and this gets reallocated as application RAM as needed. >alternatively a small swap file on disk might help, you can use the swapfile plugin: Can you also explain a bit more about this, as I understood it virtual memort won't use swap unless the server gets very low on physical RAM (regardless of any fragmentation)?

Checking the syslog I think I see that there's an error caused by a docker container: Mar 20 04:27:41 UNRAID02 kernel: oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=75989cd4cdfb95d6d4cc0def9b3ed1360cd6f88458130216d3fb6f75b56036b6,mems_allowed=0-1,oom_memcg=/docker/75989cd4cdfb95d6d4cc0def9b3ed1360cd6f88458130216d3fb6f75b56036b6,task_memcg=/docker/75989cd4cdfb95d6d4cc0def9b3ed1360cd6f88458130216d3fb6f75b56036b6,task=s3cmd,pid=17525,uid=0 Mar 20 04:27:41 UNRAID02 kernel: Memory cgroup out of memory: Killed process 17525 (s3cmd) total-vm:567788kB, anon-rss:516056kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:1152kB oom_score_adj:0 ... Mar 20 04:28:34 UNRAID02 kernel: oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=75989cd4cdfb95d6d4cc0def9b3ed1360cd6f88458130216d3fb6f75b56036b6,mems_allowed=0-1,oom_memcg=/docker/75989cd4cdfb95d6d4cc0def9b3ed1360cd6f88458130216d3fb6f75b56036b6,task_memcg=/docker/75989cd4cdfb95d6d4cc0def9b3ed1360cd6f88458130216d3fb6f75b56036b6,task=s3cmd,pid=17526,uid=0 But this container is set up so it can only use 2GB of ram (using extra parameter --memory=2G) and usually only uses a fraction of that. So how can this be causing Out of Memory errors on the server itself?

The Fix Common Problems plugin is reporting that Out Of Memory errors are detected on my UNRAID server. This server has 144GB of RAM and as it is mostly used for storage only 25% of the RAM is actually used. This server has been working fine for several years. I have only had this issue occur twice now in the last 3 weeks, I have restarted my server between these reported errors. Other than this being reported by Fix Common Problems the server has been stable. In the logs I just notice constant SMB warnings (100s every minute) but these can be ignored according to another post of the forums. Mar 20 15:39:50 UNRAID02 smbd[10630]: synthetic_pathref: opening [<user>@<path> (2023_03_20 15_04_28 UTC)] failed What do I need to investigate to determine what is causing this? This is UNRAID 6.11.5 I attach diagnostics. unraid02-diagnostics-20230320-1539.zip

Weird. My /mnt directory has the expected 755 permissions and works fine with this. [email protected]:/# ls -la / | grep mnt drwxr-xr-x 16 root root 320 Nov 15 16:27 mnt/

This is a workaround for the issue that has been found and has worked for a number of users. Use this fix at your own risk. The problem appears to be that Unraid is using a later version of the Samba Service but with an ID mapper (idmap_hash) that was end of life over 5 years ago and is known to cause issues. The fix is to "correct" Unraid's standard server configuration for Samba to use the correct ID mappers. These sites were of particular use: https://support.microfocus.com/kb/doc.php?id=7007006 https://lists.samba.org/mailman/listinfo/samba https://www.samba.org/samba/docs/current/man-html/ https://www.samba.org/samba/docs/current/man-html/idmap_hash.8.html https://www.samba.org/samba/docs/current/man-html/idmap_tdb.8.html https://www.samba.org/samba/docs/current/man-html/idmap_rid.8.html NOTE after this fix, as user IDs get changed, permissions need to be re-applied (although see also GrantE's post that details you can do some calculation to determine the new ID range for users and preserve any correct working permissions). Workaround UNRAID Samba Access Issues. Open the Unraid terminal, ">_" button on top of each Unraid page. First back up smb-extra.conf file as follows: cp /boot/config/smb-extra.conf /boot/config/smb-extra.conf.bkp Edit the contents of /boot/config/smb-extra.conf and add these lines, replacing <SHORT_DOMAIN_NAME> with the name of your domain (the same as appears in the "AD short domain name" field of your Unraid SMB settings): [global] idmap config * : backend = tdb idmap config * : range = 1000-7999 idmap config <SHORT_DOMAIN_NAME> : backend = rid idmap config <SHORT_DOMAIN_NAME> : range = 10000-4000000000 The idea is that RID ID mappings are consistent and a given domain account will always map to the same local ID on Unraid, so if for some reason the IDs get reset the same domain accounts will remap to the same local IDs and retain access rights. Also a range of tdb IDs is assigned in case any SMB accounts are used without a domain. This will be shown as "extra configuration" on the Unraid SMB Settings page. Other Unraid plugins (such as unassigned devices) may also add configuration to this same smb-extra.conf - leave these as is and just add these extra lines to the top. Then reboot Unraid (just restarting the SMB service does not work fully). Finally check and fix all your permissions, as detailed below. Reset/Re-apply UNRAID Permissions. Open the Unraid terminal, ">_" button on top of each Unraid page. Run the following commands where <share> is the name of the share (each can take a long time if you have many files). chown -R root /mnt/user/<Share> chgrp -R domain\ users /mnt/user/<Share> setfacl -R -b /mnt/user/<Share> chmod -R g+rwx /mnt/user/<Share> If you need Windows permissions on the folder then apply permissions via Windows (NOT via Unraid Share SMB User Access settings). Open UNRAID Shares in File Explorer. Right click on the Share, select Properties. Select Security tab. Click "Advanced". Add, remove and alter permissions as required - note you may need to check the "Replace child object permissions" options to get this to work properly. Hit apply If using NFS from this share just refresh it (add/delete a space on the NFS rule and hit Apply) on UNRAID for some reason these seem to lose access rights when Windows changes the permission even when they should not. Some commands to diagnose issues: [email protected]:~# net ads info Checks UNRAID is correctly joined to your AD domain. net ads user --user=DomainName/username --password=********* Checks UNRAID can correctly connect to Windows AD users and get user access information. wbinfo -i username Checks UNRAID can authenticate this user with Windows AD users and get this user's access information.

Myself and many other users are experiencing many issues with SMB shares using Windows Active Directory since upgrading to 6.10.2. Upgrading to later versions has not fixed this, tested on 6.10.3 and 6.11.1 These issues are reported in this forum thread: Reported symptoms are: Intermittent access issues from Windows PCs to the Unraid shares. Occasionally only some user accounts are affected and some accounts are fine and have no problems. UNRAID log drive filling up due to very large syslog files. The syslog shows continual refused mount requests for my account and this seems to be as it cannot convert my SID to a UID. Jul 15 21:58:49 UNRAID01 smbd[****]: check_account: Failed to convert SID S-1-5-21-XXXXXXXX-XXXXXXXX-XXXXXXXX-1105 to a UID (dom_user[DOMAIN\username) The /var/log/samba/log.smbd log file is also full of the same error message. Also calling wbinfo fails for some user's Windows accounts: [email protected]:~# wbinfo -i myuser failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user myuser [email protected]:~# wbinfo -i okuser okuser:*:NNNNNNNN:NNNNNNNNNN:okuser:/home/DOMAIN/okuser:/bin/false Potential workarounds for this issue are reported in this thread:

Thanks. But... not sure if you are the right person to ask but having NFS, SMB and Active Directory under a subtopic called "Network Protocol Support" seems odd. These are file sharing protocols, users might not expect to find these here. Would "File Sharing Protocol Support" be a better name for this sub-forum. Sorry for looking a gift-horse in the mouth 😐

I finally found a solution to this. I disabled SMB and the re-enabled it again. First stop the array (From MAIN hit Stop) In Settings | SMB in SMB Settings set SMB Enabled to "No" In Settings | SMB in SMB Settings set SMB Enabled back to "Yes (Active Directory)" Then enter the AD username and password to and Hit Join as usual and now it Joins the AD domain. Finally restart the array. I checked all configuration files before and after doing this, there's no significant different other than what you would expect now UNRAID is domain joined so I can only assume this is some error in a cached value in UNRAID or SMB that resetting SMB cleared out.

I have an UNRAID server previously working fine and attached to an AD domain but after restart I noticed that the server name had gone back to "Tower" and the timezone had reset itself. I corrected both of these and rebooted. All other settings seemed to be OK. All disks and shares intact. But now I cannot connect to my AD domain - I could do with some help diagnosing this issue. UNRAID version is 6.10.3. Domain Controller is Windows Server 2022. Under Settings | SMB Settings Enable SMB: Yes (Active Directory) Hide "dot" files: No Enable SMB Multi Channel: No Enhanced macOS interoperability: Yes Enable NetBIOS: No Enable WSD: Yes WSD options [experimental]: <blank> Under Settings | SMB Settings | SMB Extras Samba extra configuration: [global] idmap config * : backend = tdb idmap config * : range = 1000-7999 idmap config NEWT : backend = rid idmap config NEWT : range = 10000-4000000000 #unassigned_devices_start #Unassigned devices share includes include = /tmp/unassigned.devices/smb-settings.conf #unassigned_devices_end Under Settings | SMB Settings | Active Directory Settings AD Join Status: Not joined AD domain name (FQDN): NEWT.newtcomputing.com AD short domain name: NEWT AD account login: unraid AD account password: ******** AD initial owner: unraid AD initial group: Domain Users Under Settings | Network UNRAID server has a static IP. IPv4 DNS server has a static IP and points to primary Domain controller. I can ping my Domain controller by fully qualified name: [email protected]:~# ping DC05.NEWT.newtcomputing.com PING DC05.NEWT.newtcomputing.com (192.168.1.15) 56(84) bytes of data. 64 bytes from DC05.NEWT.newtcomputing.com (192.168.1.15): icmp_seq=1 ttl=128 time=0.308 ms Times are in sync and the same for UNRAID server and AD server. Kerberos settings are as follow: [email protected]:~# ls -la /etc/krb5.conf -rw-r--r-- 1 root root 69 Jun 14 18:32 /etc/krb5.conf [email protected]:~# cat /etc/krb5.conf [libdefaults] dns_lookup_kdc = true dns_lookup_realm = false The "unraid" AD account I have used is a Domain Admin account. I have also tried other administrators accounts these also do not work. I have tested I am using the correct password and that the "unraid" account is valid and works. I have deleted the computer object from AD and tried, this still did not work. If I run the join from the command line I get an unhelpful message. [email protected]:~# net ads join -S 192.168.1.15 --user=administrator --password=****** Host is not configured as a member server. Invalid configuration. Exiting.... Failed to join domain: This operation is only allowed for the PDC of the domain. unraid02-diagnostics-20221007-2206.zip

My krb5.conf is just the UNRAID default which uses DNS: [email protected]:~# cat /etc/krb5.conf [libdefaults] dns_lookup_kdc = true dns_lookup_realm = false My UNRAID server has a static IP and a static address for DNS server - one of the AD domain controllers is the DNS server used. Also getent group only shows UNRAID groups on my UNRAID server too.

I assumed this forum section itself was where we raised bug reports and the developers would be aware of anything posted here. The description of this forum section is "Formal bug and defect reports." - so I assume this is monitored by Lime Tech. Where did you find to raise a ticket - I have looked, so it seems it is not made easy to find?

I should also mention the Samba mailing list https://lists.samba.org/mailman/listinfo/samba It was the guys on this mailing list that helped me work out what was going on and gave some great advice - all I learnt and posted above was based on responses I got from this mailing list - I got fairly quick responses from the list and the guys on this list know far more than I about Samba. Quoted for truth.