Geoff Bland

I have now resolved this. These are the steps that I took that fixed this issue - I am not sure if all of them needed to be done. First I created a new AD domain user for UNRAID and gave it Domain Admin rights. I then updated the UNRAID SMB settings with the new user and password. The settings page did not show this had been accepted and if the Leave Domain button is pressed the web page does not register the domain is now left - that makes it impossible to re-join the domain without restarting the UNRAID server. This is a bug. I then restarted the UNRAID server and it re-joined the domain automatically with the new AD account I had given it (this was a bit of a surprise as I though I had left it disconnected from the domain). Now all access rights are back. Some files are marked with access to the wrong users - those added over the days we had problems. But these can be detected and corrected to have the correct permissions. So to recap, to fix: - create new AD domain user for UNRAID - on SMB settings, leave domain then update user name and password to new AD domain user - reboot UNRAID - UNRAID should restart and use the new AD user and join the domain - check permissions and users on recent added files and correct as required

Does anyone have any ideas on this? Is there anyway to check that UNRAID is correctly syncing with Active Directory? Anyway to reset the permissions on the shares and files - doing it form the web GUI does not seem to work.

I have been running UNRAID for years now with no problems at all but 9 days ago I found the server unresponsive and black screened so I had to power off/on. Since then I have noticed that my Windows AD domain accounts have lost access to many shares & directories - although not all of them. I also tried to leave & re-join the domain to reset things in the Settings | SMB page but pressing Leave does nothing and UNRAID is still joined to the domain. I tried creating a new share that only my AD account had RW access to in the private SMB share. This seemed to work and I was able to access the share and create folders and files. But weirdly the files are set to be owned not by me but by a different owner - my account is geoff but the new file and folder I created is owned by user jellyfin. I also note that Windows shows that both everyone and jellyfin user has been given RW access to these files and directories - but the SMB share is set so only the geoff account has RW access. root@UNRAID01:~# ls -laR /mnt/user/accesstest /mnt/user/accesstest: total 0 drwxrwxrwx 1 unraid domain users 20 Jan 26 00:38 ./ drwxrwxrwx 1 776996452 776995329 6 Jan 25 23:59 ../ drwxrwxrwx 1 jellyfin domain users 24 Jan 26 00:38 new_folder/ /mnt/user/accesstest/new_folder: total 4 drwxrwxrwx 1 jellyfin domain users 24 Jan 26 00:38 ./ drwxrwxrwx 1 unraid domain users 20 Jan 26 00:38 ../ -rw-rw-rw- 1 jellyfin domain users 14 Jan 26 00:00 test_doc.txt What do I need to do to fix this?

Thanks for the response. Yes, all existing users are working fine. Just cannot add a new user.

Further investigation shows that UNRAID does "know" of this user root@UNRAID01:~# id vcuser uid=2018509937(vcuser) gid=2018509313(domain users) groups=2018509313(domain users) So it it getting this used from the Windows AD - as the user has been created in the domain? Has something changed here - or am I missing something? I believed that to get Windows User access to UNRAID that I needed to create the AD user first and then add the same named user to UNRAID?

Adding a new user has started failing on the UNRAID GUI - it did use to work fine. No errors are reported on in the GUI but it just returns to the Add User screen but no new user has been added. The system log reports the following: Dec 14 14:52:36 UNRAID01 winbindd[15731]: [2021/12/14 14:52:36.532516, 0] ../../source3/winbindd/idmap_hash/idmap_hash.c:115(idmap_hash_initialize) Dec 14 14:52:36 UNRAID01 winbindd[15731]: idmap_hash_initialize: The idmap_hash module is deprecated and should not be used. Please migrate to a different plugin. This module will be removed in a future version of Samba Dec 14 14:52:36 UNRAID01 root: useradd: user 'vcuser' already exists Dec 14 14:52:36 UNRAID01 useradd[24296]: failed adding user 'vcuser', data deleted Dec 14 14:52:36 UNRAID01 emhttpd: shcmd (400971): exit status: 9 Dec 14 14:52:36 UNRAID01 chpasswd[24299]: pam_unix(chpasswd:chauthtok): user "vcuser" does not exist in /etc/passwd I have tried several different user names and all fail. The /etc/passwd file does not contain the users I am adding. What should I try next? Edit: version is 6.9.2

Thumbs up for JellyFin here too. I started with Plex, moved to Emby and now am on JellyFin - very easy to set up and fully open source. Support is good too.

Posting the solution to my own issue here. To reset the permissions on Shares so they can be reapplied by Windows Domain with SMB do the following. For this example we assume a share named Music needs the permissions resetting. All this will be done from the UNRAID web console, the UNRAID Terminal (accessed from the >_ icon on the UNRAID web console) and the File Explorer on the Windows Domain Server. 1. Backup the old Music share by renaming it Music_OLD 2. Create a new share called Music 3. For now set the SMB security settings on the new Music share to "Public". 4. From the UNRAID terminal, copy the files from the Music_OLD to the new Music with the following cp command, this make take some time depending on the number of files. Also ensure you have enough disk space for the copied share. cp -R /mnt/user/Music_OLD/* /mnt/user/Music 5. Once all the files are copied over check the ownership of the new Music folder as follows, the directory is shown as the ./ entry and here the user is bob and the group is domain users. We know this new share is accessible to the domain so we can now just copy this. root@UNRAID01:~# ls -la /mnt/user/Music total 24 drwxrwx---+ 1 bob domain users 69 Mar 1 13:12 ./ 6. Reset the ownership of all the files in the Music share as follows (note the \ to escape code a space): chown -R bob:domain\ users /mnt/user/Music 7. {Optional step} Now with the UNRAID web console set the SMB security settings on Music to "Private" or whatever is required. 8. {Optional step} Select the Music share in File Explorer on the Windows Domain Server right click & select Properties. On the Security tab set the required access rights. There is probably a shorter, better way of doing this but I didn't find one (chown on the original directory did not seem to work).

I have run Fix Common Problems plugin and it is finding issues for nearly every file on the UNRAID server The following files / folders may not be accessible to the users allowed via each Share's SMB settings. This is often caused by wrong permissions being used on new downloads / copies by CouchPotato, Sonarr, and the like: /mnt/user/Backups / (776996452/776995329) 0770 /mnt/user/Backups/Jira/backup.sh / (776995919/776995329) 0670 /mnt/user/Backups/Jira/data / (776996446/776995329) 0770 /mnt/user/Backups/Jira/data/attachments / (776996446/776995329) 0770 /mnt/user/Backups/Jira/data/attachments/TODO / (776996446/776995329) 0770 /mnt/user/Backups/Jira/data/attachments/TODO/10000 / (776996446/776995329) 0770 /mnt/user/Backups/Jira/data/attachments/TODO/10000/TODO-10 / (776996446/776995329) 0770 /mnt/user/Backups/Jira/data/attachments/TODO/10000/TODO-10/10400 / (776996446/776995329) 0770 /mnt/user/Backups/Jira/data/attachments/TODO/10000/TODO-101 / (776996446/776995329) 0770 /mnt/user/Backups/Jira/data/attachments/TODO/10000/TODO-101/10702 / (776996446/776995329) 0770 etc for 100,000 of files.

We've had a bit of a disaster here (long story) and for various reasons lost our Windows Domain and Active Directory. We have restored from backup into a new Windows Domain and all of that has gone OK. We have UNRAID set up with SMB on Active Directory and permission set by Windows AD - on the old domain. Our UNRAID server was removed from our old domain and added to the new domain and that seemed to work OK. But now most of the shares are not accessible from Windows, I assume they have security settings left from the old domain. I get the following error: Windows cannot access \\UNRAIDSERVER\ShareName You do not have permissions to access \\UNRAIDSERVER\ShareName. Contact your network administrator to request access. How do I reset the access rights on these shares so I can access them? Then I can reset the access rights to the users on the new domain.

A client only version of this Docker would be very useful - for users that want to just backup selected UNRAID folders to other URBACKUP servers. I have been using URBACKUP for about a year now to backup onsite and offsite & just started using UNRAID as a central file server. So need to set up a URBACKUP client on my UNRAID server now.