Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Securing and Optimizing SMB shares

Featured Replies

Hi All,

 

Q1. Is there anything you would recommend to add into the SMB extra configuration settings field to increase security of SMB shares? Is there any resources that I can refer to for this?

 

Q2. I found THIS guide on optimizing SMB shares in Unraid. Was keen to get some feedback on if this is still relevant and the advice in the guide is worth following / testing.

 

At the moment when doing an open speed test / iperf3 test between server and client, I’m getting almost 2.5G download (2.5GB nics) but only about 1.7G upload and I’m not sure why UL is not also reaching 2.5G. 

 

The guide suggests that disks shares perform faster (overhead of FUSE) but I believe the general advice on this forum is to disable disk shares and not to use them?

 

I'm not a very technical Unraid user so If you know of or can recommend any other guides that maybe useful regarding these subjects, that'd be helpful.

 

Many Thanks

  • Community Expert

Iperf doesn't care about user shares, if you only get 1.7Gb upload, the issue is the LAN, could be a NC or its driver, cables, switch, client PC, etc.

  • Author

Ok thanks. What would be the best way to eliminate things? I don't think it's the cables - they are brand new cat 8 (yes I've already been told don't need cat 8 lol) and the switch is also brand new 2.5gb nics - may need to see if there's a firmware update available for it though. I've installed all the latest drivers for my motherboard. How do I check if drivers need updating for the other nics?

 

Do you have any views on the guide that I've linked and the SMB extra configuartion question?

 

Thanks a lot

  • Community Expert

Are these Realtek NICs? If yes, and IIRC, there was an issue with speed in one direction if bridging was enabled, or you can also try the Realtek driver plugin.

  • Community Expert
1 hour ago, Dominoes0522 said:

Q1. Is there anything you would recommend to add into the SMB extra configuration settings field to increase security of SMB shares? Is there any resources that I can refer to for this?

First, download the PDF files and read the posts in this post:

 

       https://forums.unraid.net/topic/110580-security-is-not-a-dirty-word-unraid-windows-1011-smb-setup/#findComment-1009109

 

 

If you follow the recommendations in those two PDF's, your Unraid server will be secure except for attacks from a sophisticated hacker.  

 

The only other you might want to consider is to totally disable 'guest' logins to your Unraid server.  (This is not a bad idea but most of us do not have servers that are liable for attacks by a totally dedicated hacker.  To my knowledge, there is not a existing hack for someone with a guest access login to do damage unless you are allowing someone with 'guest' login to access files via SMB--- or NFS ---on your server.)  This can be done with adding a one or two parameters into the SMB extras configuration settings.  If you feel this is necessary for your environment, I can do some research for the settings that have to be added/changed.  

  • Author

Thanks @Frank1940

 

I will check out the PDF's /post this evening.

 

Quote

The only other you might want to consider is to totally disable 'guest' logins to your Unraid server.

I assume this is not the same as setting all shares to private? I thought it said when I did this "guests have no access" or something along those lines.

 

It was mainly just a query to ask if there was any things that were considered as good practice to add in there to improve security, or if leaving it blank is fine for the average joe.

  • Community Expert
40 minutes ago, Dominoes0522 said:

I assume this is not the same as setting all shares to private? I thought it said when I did this "guests have no access" or something along those lines.

 

YES!   That is true.  That is why I said blocking 'guest' logins was optional for those folks who are obsessed with having maximum security or have a situation which requires that all potential attack avenues be addressed.  (In line with this view on increased security, MS has recently blocked Windows clients from logging into a server using a 'guest' type connection.  You must now have valid login credentials to that server and login using those credentials or Windows will  prevent establishing a connection.)  If you have a server used in a business environment, I would think you would definitely want to block 'guest' access.  

 

The Samba default for guest access is 'never' as I recall.  Unraid decided to change that setting and allow it back when Unraid was introduced (~2008) with all shares defaulted to 'Public'.  After you got your new Unraid server running, you could connect with any share that had SMB access turned on and you had full read-write permissions to everything.  Security was not a real big issue back then.

Edited by Frank1940

  • Author

If my shares are all set to private, should I have a windows credential entry for the server?

  • Community Expert

You can't access any share whether public, secure, or private without a windows credential. It's just that public shares don't care what the credential is.

  • Author

Hi Guys,

 

Regarding the LAN speed, I'm trying to connect my windows client directly to the unraid server to test the up and down speed without the switch to eliminate that as being the issue, but I can't connect.

  • I've given unraid a static IP in the network.cfg file and set DHCP to no.
  • Connected PC nic to unraid server nic with direct cable (tried both standard and crossover cables)
  • Disabled firewall
  • Set static IP in PC adapter settings in the same subnet as unraid static IP
  • Set PC sharing settings as follows:

pc sharing settings

 

Adapter keeps saying "unidentified network" and cannot access Unraid GUI through the browser - "unable to connect". 

Probably being stupid or missing something obvious, any ideas?

 

Thanks

 

  • Community Expert
1 hour ago, Dominoes0522 said:

Adapter keeps saying "unidentified network" and cannot access Unraid GUI through the browser - "unable to connect". 

What does this say and what are settings:

 image.thumb.png.89ba0a40a488af0c583bb47458958a4b.png

 

Be sure to click on the 'Use SSL/TLS" to get the 'Help' for that item...

 

If you can't connect to your Unraid Shares via SMB, you will need a new Windows credential for that new Unraid server's  IP address to the Share Access user that you set up for this PC.  

 

EDIT:  Remember that DHCP is not available using a direct connection, so you have to use IP addresses for all access! 

Edited by Frank1940
To remove sensitive information from URLs

  • Author

Thanks,

 

Use SSL/TLS is set to No. Is that what I'd want for direct connection?

 

I set the static IP in the unraid network.cfg file the same IP as what the server usually gets assigned via DHCP that I use to login normally (and that is the IP that is saved under windows credentials (which has the username and password that I set up in Unraid).

 

I had set both windows and unraid to have static IP's in the same subnet, so unless the SSL/TLS should be set to something other than NO, I'm still not sure what I'm missing.

 

 

  • Author

Ok got access by going to sharing tab of network connections and selecting the checkbox and selecting a connection from the dropdown box.

 

I've since ran the open speed test docker on unraid and connected from the PC browser to run the test.

Now only getting 1.6G up and down when using direct cable, whereas was getting 2.5G down and 1.7G up when using the switch!?

 

Any idea what that's all about?

  • Community Expert

Attach the diagnostics file to your next post.  I will ping @JorgeB as he is much more of an expert in this area.

  • Community Expert
1 hour ago, Dominoes0522 said:

Any idea what that's all about?

Assuming that's still the iperf results, it can only be what's part of the LAN, NIC, NIC driver/settings, cables, switch, client PC.

  • Author

Ok thanks. How do I check the NIC driver that's installed on the unraid server, find the best version to use instead, and how do I update it? sorry, I'm used to doing everything in a windows environment.

 

Can I get it to scan for newer drivers and auto-update or would I need to find a NIC model number and go online to search for the newest version?

And once obtained, how to install it?

 

Thanks

  • Community Expert

Make sure that things like MTU are set to the same value. 

  • Community Expert
21 minutes ago, Dominoes0522 said:

How do I check the NIC driver that's installed on the unraid server,

If it's an Intel NIC, nothing you need to do in Unraid, try a different driver for the Realtek on the PC side, those can be more driver dependent.

  • Author

So downloaded the latest driver for my motherboard RTL8125B Nic from realtek website and installed on windows pc. Retested - slight improvement at 1.85G up.

 

Found THIS thread, suggested to update Unraid (I was on 7 but now on 7.01). Also installed the Realtek RTL8125(B) plugin in Unraid. Rebooted both server and PC. Ran OST again. Results:

 

Open Speed Test

 

Do you think it's worth spending out ~£35 to buy an i226 intel NIC to put in PCIe slot in motherboard to avoid using the Realtek motherboard NIC? do you think that would give me the full bandwidth in both directions, or is this more likely a settings configuration issue? what about stuff like MTU / jumbo frames, interrupt moderation and other stuff mentioned in THIS guide?

Edited by Dominoes0522

  • Community Expert
18 minutes ago, Dominoes0522 said:

Also installed the Realtek RTL8125(B) plugin in Unraid.

That won't change anything, if the Unraid NIC is Intel.

 

19 minutes ago, Dominoes0522 said:

Do you think it's worth spending out ~£35 to buy an i226 intel NIC to put in PCIe slot in motherboard to avoid using the Realtek motherboard NIC?

Difficult to say for sure, I have one of each, though they are both on Unraid servers, not Windows, and can get line speed in both directions using the stock drivers.

  • Author
9 minutes ago, JorgeB said:

That won't change anything, if the Unraid NIC is Intel.

There was a suggestion in the linked reddit thread that it may help fix bandwidth in both directions. Thought it was worth a shot. Also changed MTU to 9000 and Jumbo Frames in windows to 9014, disabled interrupt moderation but maxing out at 1.85G up.

 

Oh well, will keep playing / searching.

 

Thanks all, for your help. If I get any joy I will post back.

  • Author

It just dawned on me that the NIC in my Linux client is also an i226 intel. OST results are 2.5g down and 2.0G up.

 

So I dont think it's related solely to the realtek nic. Got to be a setting somewhere. Or it couldn't be related to an old GPU I have installed in the Unraid server could it?

  • Community Expert

Try setting all the MTU settings to 1500 and turning off Jumbo frames.  (They have caused problems in the past...) 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.