kakmoster Posted January 29, 2022 Share Posted January 29, 2022 (edited) My log shows this every 2 hours. Is this something to be worried about? I have tried googling but I'm not sure I understand/have found what it means. Same minute and second each time. I'll attach diagnostics. My router is a Ubiquiti Dream Machine, which the connection seem to come from. I have most security scanning options enabled. Could it be that? Jan 29 03:03:43 Diabetes smbd[9244]: [2022/01/29 03:03:43.078606, 0] ../../lib/param/loadparm.c:1890(lpcfg_do_service_parameter) Jan 29 03:03:43 Diabetes smbd[9244]: Global parameter max protocol found in service section! Jan 29 03:03:43 Diabetes smbd[9245]: [2022/01/29 03:03:43.079136, 0] ../../lib/param/loadparm.c:1890(lpcfg_do_service_parameter) Jan 29 03:03:43 Diabetes smbd[9245]: Global parameter max protocol found in service section! Jan 29 03:03:43 Diabetes sshd[9242]: Connection from 192.168.1.1 port 36328 on 192.168.1.2 port 22 rdomain "" Jan 29 03:03:43 Diabetes sshd[9242]: error: kex_exchange_identification: Connection closed by remote host Jan 29 03:03:43 Diabetes sshd[9242]: Connection closed by 192.168.1.1 port 36328 Jan 29 03:03:54 Diabetes smbd[9244]: [2022/01/29 03:03:54.085072, 0] ../../source3/smbd/process.c:341(read_packet_remainder) Jan 29 03:03:54 Diabetes smbd[9244]: read_fd_with_timeout failed for client 192.168.1.1 read error = NT_STATUS_END_OF_FILE. Jan 29 03:03:54 Diabetes smbd[9340]: [2022/01/29 03:03:54.087303, 0] ../../lib/param/loadparm.c:1890(lpcfg_do_service_parameter) Jan 29 03:03:54 Diabetes smbd[9340]: Global parameter max protocol found in service section! diabetes-diagnostics-20220129-1610.zip Edited January 29, 2022 by kakmoster Quote Link to comment
Squid Posted January 29, 2022 Share Posted January 29, 2022 You've added for one reason or another max protocol = SMB2_02 So you are limiting your SMB connections to the earliest version of SMB2 which is technically deprecated and insecure. You should remove that line so that everything can connect via SMB3 which is the current standard and far far more secure of a protocol Not sure about the other errors, but maybe they're related You can fix this via Settings - SMB Settings, SMB Extras. Reboot after making the change to ensure it takes effect Quote Link to comment
kakmoster Posted January 29, 2022 Author Share Posted January 29, 2022 3 hours ago, Squid said: You've added for one reason or another max protocol = SMB2_02 So you are limiting your SMB connections to the earliest version of SMB2 which is technically deprecated and insecure. You should remove that line so that everything can connect via SMB3 which is the current standard and far far more secure of a protocol Not sure about the other errors, but maybe they're related You can fix this via Settings - SMB Settings, SMB Extras. Reboot after making the change to ensure it takes effect I have removed that now, thanks. But I'm still getting the message. On top of that I'm also getting "Rootfs file is getting full" message. I don't havent changed any docker containers for a few months so there is nothing new that should be writing there. Quote Link to comment
Squid Posted January 29, 2022 Share Posted January 29, 2022 10 minutes ago, kakmoster said: "Rootfs file is getting full" Cool (cool for me, but not for you). Can you be my Guinea pig on a new diagnostic tool? Post the output of https://forums.unraid.net/topic/46802-faq-for-unraid-v6/page/3/?tab=comments#comment-1090710 (and also post a new set of diagnostics) Quote Link to comment
kakmoster Posted January 29, 2022 Author Share Posted January 29, 2022 2 hours ago, Squid said: Cool (cool for me, but not for you). Can you be my Guinea pig on a new diagnostic tool? Post the output of https://forums.unraid.net/topic/46802-faq-for-unraid-v6/page/3/?tab=comments#comment-1090710 (and also post a new set of diagnostics) Quote plugin: installing: https://raw.githubusercontent.com/Squidly271/misc-stuff/master/memorystorage.plg plugin: downloading https://raw.githubusercontent.com/Squidly271/misc-stuff/master/memorystorage.plg plugin: downloading: https://raw.githubusercontent.com/Squidly271/misc-stuff/master/memorystorage.plg ... done This script may take a few minutes to run, especially if you are manually mounting a remote share outside of /mnt/disks or /mnt/remotes /usr/bin/du --exclude=/mnt/user --exclude=/mnt/user0 --exclude=/mnt/disks --exclude=/proc --exclude=/sys --exclude=/var/lib/docker --exclude=/boot --exclude=/mnt -h -d2 / 2>/dev/null | grep -v 0$' ' 27G /tmp/Transcode 4.0K /tmp/user.scripts 9.1M /tmp/fix.common.problems 4.0K /tmp/ca_notices 28K /tmp/unassigned.devices 11M /tmp/community.applications 16K /tmp/notifications 868K /tmp/plugins 4.0K /tmp/emhttp 27G /tmp 4.0K /etc/docker 4.0K /etc/netatalk 516K /etc/libvirt 260K /etc/libvirt- 4.0K /etc/pkcs11 136K /etc/lvm 8.0K /etc/libnl 8.0K /etc/ssmtp 16K /etc/samba 4.0K /etc/rsyslog.d 40K /etc/php-fpm.d 16K /etc/php-fpm 8.0K /etc/php 40K /etc/nginx 2.0M /etc/file 24K /etc/avahi 48K /etc/apcupsd 4.0K /etc/sysctl.d 48K /etc/security 232K /etc/ssl 608K /etc/ssh 100K /etc/pam.d 4.0K /etc/openldap 88K /etc/mc 44K /etc/logrotate.d 4.0K /etc/sensors.d 36K /etc/iproute2 36K /etc/modprobe.d 7.2M /etc/udev 4.0K /etc/cron.monthly 8.0K /etc/cron.hourly 16K /etc/cron.daily 8.0K /etc/cron.d 4.0K /etc/cron.weekly 12K /etc/dbus-1 4.0K /etc/sasl2 68K /etc/profile.d 56K /etc/default 328K /etc/rc.d 8.0K /etc/acpi 13M /etc 20K /usr/info 1.3M /usr/include 9.1M /usr/man 15M /usr/doc 4.0K /usr/systemtap 21M /usr/libexec 4.0M /usr/src 173M /usr/local 321M /usr/lib64 69M /usr/share 42M /usr/sbin 367M /usr/bin 1019M /usr 4.0K /lib64/xfsprogs 4.0K /lib64/e2fsprogs 972K /lib64/security 24M /lib64 21M /sbin 14M /lib/modules 4.0K /lib/systemd 76K /lib/modprobe.d 36K /lib/dhcpcd 6.5M /lib/udev 76M /lib/firmware 96M /lib 16K /run/blkid 4.0K /run/avahi-daemon 664K /run/udev 688K /run 11M /bin 1.4M /var/sa 1.8M /var/local 4.0K /var/kerberos 188K /var/state 8.8M /var/cache 4.0K /var/lock 28K /var/tmp 8.0K /var/spool 644K /var/run 368K /var/log 3.5M /var/lib 17M /var 12K /root 28G / 0 /mnt Finished. NOTE: If there is any subdirectory from /mnt appearing in this list, then that means that you have (most likely) a docker app which is directly referencing a non-existant disk or cache pool script: memorystorage.plg executed Here you go I see now it's Plex Transcoding taking a few GB of memory. diabetes-diagnostics-20220129-2247.zip Quote Link to comment
Squid Posted January 29, 2022 Share Posted January 29, 2022 34 minutes ago, kakmoster said: Here you go I see now it's Plex Transcoding taking a few GB of memory. More than a few. It's the cause. RootFS gets mounted as 50% of available RAM and basically its all Plex. Personally, I've noticed that Plex when transcoding never actually deletes anything until playback is stopped and depending upon the number of users, the remote quality etc the files keep adding up. Thanks for trying the script. It should really help when we're trying to diagnose similar issues.... Quote Link to comment
trurl Posted January 29, 2022 Share Posted January 29, 2022 1 hour ago, kakmoster said: Plex Transcoding taking a few GB of memory I think this is the state-of-the-art for transcoding to RAM without using too much: Quote Link to comment
kakmoster Posted January 30, 2022 Author Share Posted January 30, 2022 Well, the main issue presented in the topic has not been fixed. Does anyone know what it could be? Quote Link to comment
itimpi Posted January 30, 2022 Share Posted January 30, 2022 20 hours ago, kakmoster said: My router is a Ubiquiti Dream Machine, which the connection seem to come from. I have most security scanning options enabled. Could it be that? 35 minutes ago, kakmoster said: Well, the main issue presented in the topic has not been fixed. Does anyone know what it could be? Almost certainly this where the router is probing Unraid. Quote Link to comment
kakmoster Posted January 30, 2022 Author Share Posted January 30, 2022 51 minutes ago, itimpi said: Almost certainly this where the router is probing Unraid. Yes I suspect so. It seems they have (re)moved the option to enable/disable the scanner in the latest controller version however... Quote Link to comment
kakmoster Posted January 30, 2022 Author Share Posted January 30, 2022 Okay, I changed my root password just incase. Are these messages in the log as a result of that? Jan 30 12:06:00 Diabetes chpasswd[11699]: pam_unix(chpasswd:chauthtok): password changed for root Jan 30 12:06:00 Diabetes emhttpd: shcmd (395): cp /etc/passwd /etc/shadow /var/lib/samba/private/smbpasswd /boot/config Jan 30 12:06:00 Diabetes emhttpd: Starting services... Jan 30 12:06:00 Diabetes emhttpd: shcmd (397): /etc/rc.d/rc.samba restart Jan 30 12:06:00 Diabetes nmbd[14941]: [2022/01/30 12:06:00.768344, 0] ../../source3/nmbd/nmbd.c:59(terminate) Jan 30 12:06:00 Diabetes winbindd[14951]: [2022/01/30 12:06:00.768345, 0] ../../source3/winbindd/winbindd.c:244(winbindd_sig_term_handler) Jan 30 12:06:00 Diabetes nmbd[14941]: Got SIGTERM: going down... Jan 30 12:06:00 Diabetes winbindd[14951]: Got sig[15] terminate (is_parent=1) Jan 30 12:06:00 Diabetes winbindd[16796]: [2022/01/30 12:06:00.768921, 0] ../../source3/winbindd/winbindd.c:244(winbindd_sig_term_handler) Jan 30 12:06:00 Diabetes winbindd[16796]: Got sig[15] terminate (is_parent=0) Jan 30 12:06:00 Diabetes winbindd[28269]: [2022/01/30 12:06:00.769427, 0] ../../source3/winbindd/winbindd.c:244(winbindd_sig_term_handler) Jan 30 12:06:00 Diabetes winbindd[28269]: Got sig[15] terminate (is_parent=0) Jan 30 12:06:02 Diabetes root: Starting Samba: /usr/sbin/smbd -D Jan 30 12:06:02 Diabetes root: /usr/sbin/nmbd -D Jan 30 12:06:02 Diabetes smbd[11829]: [2022/01/30 12:06:02.962714, 0] ../../lib/util/become_daemon.c:135(daemon_ready) Jan 30 12:06:02 Diabetes smbd[11829]: daemon_ready: daemon 'smbd' finished starting up and ready to serve connections Jan 30 12:06:02 Diabetes root: /usr/sbin/wsdd Jan 30 12:06:02 Diabetes nmbd[11834]: [2022/01/30 12:06:02.972361, 0] ../../lib/util/become_daemon.c:135(daemon_ready) Jan 30 12:06:02 Diabetes nmbd[11834]: daemon_ready: daemon 'nmbd' finished starting up and ready to serve connections Jan 30 12:06:02 Diabetes root: /usr/sbin/winbindd -D Jan 30 12:06:03 Diabetes winbindd[11844]: [2022/01/30 12:06:03.011707, 0] ../../source3/winbindd/winbindd_cache.c:3203(initialize_winbindd_cache) Jan 30 12:06:03 Diabetes winbindd[11844]: initialize_winbindd_cache: clearing cache and re-creating with version number 2 Jan 30 12:06:03 Diabetes winbindd[11844]: [2022/01/30 12:06:03.012207, 0] ../../lib/util/become_daemon.c:135(daemon_ready) Jan 30 12:06:03 Diabetes winbindd[11844]: daemon_ready: daemon 'winbindd' finished starting up and ready to serve connections Jan 30 12:06:03 Diabetes emhttpd: shcmd (406): /etc/rc.d/rc.nginx reload Jan 30 12:06:03 Diabetes root: Checking configuration for correct syntax and Jan 30 12:06:03 Diabetes root: then trying to open files referenced in configuration... Jan 30 12:06:03 Diabetes root: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok Jan 30 12:06:03 Diabetes root: nginx: configuration file /etc/nginx/nginx.conf test is successful Jan 30 12:06:03 Diabetes root: Reloading Nginx configuration... Jan 30 12:06:06 Diabetes emhttpd: shcmd (407): /usr/bin/php -f /usr/local/emhttp/webGui/include/UpdateDNS.php Jan 30 12:06:06 Diabetes root: No change to report Jan 30 12:06:06 Diabetes nginx: 2022/01/30 12:06:06 [alert] 11585#11585: *161141 open socket #37 left in connection 12 Jan 30 12:06:06 Diabetes nginx: 2022/01/30 12:06:06 [alert] 11585#11585: aborting Jan 30 12:06:24 Diabetes webGUI: Successful login user root from 192.168.1.225 Jan 30 12:06:26 Diabetes nmbd[11834]: [2022/01/30 12:06:26.005265, 0] ../../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) Jan 30 12:06:26 Diabetes nmbd[11834]: ***** Jan 30 12:06:26 Diabetes nmbd[11834]: Jan 30 12:06:26 Diabetes nmbd[11834]: Samba name server DIABETES is now a local master browser for workgroup WORKGROUP on subnet 172.17.0.1 Jan 30 12:06:26 Diabetes nmbd[11834]: Jan 30 12:06:26 Diabetes nmbd[11834]: ***** Jan 30 12:06:26 Diabetes nmbd[11834]: [2022/01/30 12:06:26.005327, 0] ../../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) Jan 30 12:06:26 Diabetes nmbd[11834]: ***** Jan 30 12:06:26 Diabetes nmbd[11834]: Jan 30 12:06:26 Diabetes nmbd[11834]: Samba name server DIABETES is now a local master browser for workgroup WORKGROUP on subnet 172.18.0.1 Jan 30 12:06:26 Diabetes nmbd[11834]: Jan 30 12:06:26 Diabetes nmbd[11834]: ***** Jan 30 12:06:26 Diabetes nmbd[11834]: [2022/01/30 12:06:26.005363, 0] ../../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) Jan 30 12:06:26 Diabetes nmbd[11834]: ***** Jan 30 12:06:26 Diabetes nmbd[11834]: Jan 30 12:06:26 Diabetes nmbd[11834]: Samba name server DIABETES is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.2 Jan 30 12:06:26 Diabetes nmbd[11834]: Jan 30 12:06:26 Diabetes nmbd[11834]: ***** Jan 30 12:06:26 Diabetes nmbd[11834]: [2022/01/30 12:06:26.005399, 0] ../../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) Jan 30 12:06:26 Diabetes nmbd[11834]: ***** Jan 30 12:06:26 Diabetes nmbd[11834]: Jan 30 12:06:26 Diabetes nmbd[11834]: Samba name server DIABETES is now a local master browser for workgroup WORKGROUP on subnet 192.168.122.1 Jan 30 12:06:26 Diabetes nmbd[11834]: Jan 30 12:06:26 Diabetes nmbd[11834]: ***** Quote Link to comment
CS01-HS Posted January 30, 2022 Share Posted January 30, 2022 16 hours ago, Squid said: More than a few. It's the cause. RootFS gets mounted as 50% of available RAM and basically its all Plex. Personally, I've noticed that Plex when transcoding never actually deletes anything until playback is stopped and depending upon the number of users, the remote quality etc the files keep adding up. Maybe a better solution but this is what I use for Emby which exhibits the same behavior: Quote Link to comment
kakmoster Posted January 30, 2022 Author Share Posted January 30, 2022 1 hour ago, CS01-HS said: Maybe a better solution but this is what I use for Emby which exhibits the same behavior: I'm sorry but that's not really the main concern. Thanks anyway. What I'm concerned about is the connection from my router. Which have stopped now after I blocked an external IP.... Jan 30 07:08:46 Diabetes sshd[21229]: Connection from 192.168.1.1 port 55650 on 192.168.1.2 port 22 rdomain "" Jan 30 07:08:46 Diabetes sshd[21229]: error: kex_exchange_identification: Connection closed by remote host Jan 30 07:08:46 Diabetes sshd[21229]: Connection closed by 192.168.1.1 port 55650 Jan 30 07:08:46 Diabetes vsftpd[21228]: connect from 192.168.1.1 (192.168.1.1) Jan 30 07:08:46 Diabetes vsftpd[21235]: connect from 192.168.1.1 (192.168.1.1) Jan 30 07:08:57 Diabetes smbd[21231]: [2022/01/30 07:08:57.043674, 0] ../../source3/smbd/process.c:341(read_packet_remainder) Jan 30 07:08:57 Diabetes smbd[21231]: read_fd_with_timeout failed for client 192.168.1.1 read error = NT_STATUS_END_OF_FILE. These messages are what I'm concerned about. Do they mean a successful connection have been established? Maybe I should reinstall my server just in case. Quote Link to comment
Squid Posted January 30, 2022 Share Posted January 30, 2022 3 minutes ago, kakmoster said: Which have stopped now after I blocked an external IP.... What ports do you have open and why? 1 Quote Link to comment
kakmoster Posted January 30, 2022 Author Share Posted January 30, 2022 (edited) 31 minutes ago, Squid said: What ports do you have open and why? reverseproxy443 * 443 192.168.1.2:1443 WAN reverseproxy80 * 80 192.168.1.2:180 WAN rtorrent * 51413 192.168.1.2:51413 WAN These are the port mappings on my router. Never had anything else opened. Edited January 30, 2022 by kakmoster Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.