March 20, 20251 yr Hi All, Q1. Is there anything you would recommend to add into the SMB extra configuration settings field to increase security of SMB shares? Is there any resources that I can refer to for this? Q2. I found THIS guide on optimizing SMB shares in Unraid. Was keen to get some feedback on if this is still relevant and the advice in the guide is worth following / testing. At the moment when doing an open speed test / iperf3 test between server and client, I’m getting almost 2.5G download (2.5GB nics) but only about 1.7G upload and I’m not sure why UL is not also reaching 2.5G. The guide suggests that disks shares perform faster (overhead of FUSE) but I believe the general advice on this forum is to disable disk shares and not to use them? I'm not a very technical Unraid user so If you know of or can recommend any other guides that maybe useful regarding these subjects, that'd be helpful. Many Thanks
March 20, 20251 yr Community Expert Iperf doesn't care about user shares, if you only get 1.7Gb upload, the issue is the LAN, could be a NC or its driver, cables, switch, client PC, etc.
March 20, 20251 yr Author Ok thanks. What would be the best way to eliminate things? I don't think it's the cables - they are brand new cat 8 (yes I've already been told don't need cat 8 lol) and the switch is also brand new 2.5gb nics - may need to see if there's a firmware update available for it though. I've installed all the latest drivers for my motherboard. How do I check if drivers need updating for the other nics? Do you have any views on the guide that I've linked and the SMB extra configuartion question? Thanks a lot
March 20, 20251 yr Community Expert Are these Realtek NICs? If yes, and IIRC, there was an issue with speed in one direction if bridging was enabled, or you can also try the Realtek driver plugin.
March 20, 20251 yr Community Expert 1 hour ago, Dominoes0522 said: Q1. Is there anything you would recommend to add into the SMB extra configuration settings field to increase security of SMB shares? Is there any resources that I can refer to for this? First, download the PDF files and read the posts in this post: https://forums.unraid.net/topic/110580-security-is-not-a-dirty-word-unraid-windows-1011-smb-setup/#findComment-1009109 If you follow the recommendations in those two PDF's, your Unraid server will be secure except for attacks from a sophisticated hacker. The only other you might want to consider is to totally disable 'guest' logins to your Unraid server. (This is not a bad idea but most of us do not have servers that are liable for attacks by a totally dedicated hacker. To my knowledge, there is not a existing hack for someone with a guest access login to do damage unless you are allowing someone with 'guest' login to access files via SMB--- or NFS ---on your server.) This can be done with adding a one or two parameters into the SMB extras configuration settings. If you feel this is necessary for your environment, I can do some research for the settings that have to be added/changed.
March 20, 20251 yr Author NIC in Unraid server is this: https://www.aliexpress.com/item/1005007539867951.html (Intel i226) Switch is this: https://www.brostrend.com/pages/s3-specification (not sure how to tell what NIC's are from specs) Motherboard in PC: https://www.msi.com/Motherboard/MAG-B650M-MORTAR-WIFI/Specification (Realtek® RTL8125B 2.5Gbps LAN)
March 20, 20251 yr Author Thanks @Frank1940 I will check out the PDF's /post this evening. Quote The only other you might want to consider is to totally disable 'guest' logins to your Unraid server. I assume this is not the same as setting all shares to private? I thought it said when I did this "guests have no access" or something along those lines. It was mainly just a query to ask if there was any things that were considered as good practice to add in there to improve security, or if leaving it blank is fine for the average joe.
March 20, 20251 yr Community Expert 40 minutes ago, Dominoes0522 said: I assume this is not the same as setting all shares to private? I thought it said when I did this "guests have no access" or something along those lines. YES! That is true. That is why I said blocking 'guest' logins was optional for those folks who are obsessed with having maximum security or have a situation which requires that all potential attack avenues be addressed. (In line with this view on increased security, MS has recently blocked Windows clients from logging into a server using a 'guest' type connection. You must now have valid login credentials to that server and login using those credentials or Windows will prevent establishing a connection.) If you have a server used in a business environment, I would think you would definitely want to block 'guest' access. The Samba default for guest access is 'never' as I recall. Unraid decided to change that setting and allow it back when Unraid was introduced (~2008) with all shares defaulted to 'Public'. After you got your new Unraid server running, you could connect with any share that had SMB access turned on and you had full read-write permissions to everything. Security was not a real big issue back then. Edited March 20, 20251 yr by Frank1940
March 20, 20251 yr Author If my shares are all set to private, should I have a windows credential entry for the server?
March 20, 20251 yr Community Expert You can't access any share whether public, secure, or private without a windows credential. It's just that public shares don't care what the credential is.
March 21, 20251 yr Author Hi Guys, Regarding the LAN speed, I'm trying to connect my windows client directly to the unraid server to test the up and down speed without the switch to eliminate that as being the issue, but I can't connect. I've given unraid a static IP in the network.cfg file and set DHCP to no. Connected PC nic to unraid server nic with direct cable (tried both standard and crossover cables) Disabled firewall Set static IP in PC adapter settings in the same subnet as unraid static IP Set PC sharing settings as follows: pc sharing settings Adapter keeps saying "unidentified network" and cannot access Unraid GUI through the browser - "unable to connect". Probably being stupid or missing something obvious, any ideas? Thanks
March 21, 20251 yr Community Expert 1 hour ago, Dominoes0522 said: Adapter keeps saying "unidentified network" and cannot access Unraid GUI through the browser - "unable to connect". What does this say and what are settings: Be sure to click on the 'Use SSL/TLS" to get the 'Help' for that item... If you can't connect to your Unraid Shares via SMB, you will need a new Windows credential for that new Unraid server's IP address to the Share Access user that you set up for this PC. EDIT: Remember that DHCP is not available using a direct connection, so you have to use IP addresses for all access! Edited March 21, 20251 yr by Frank1940 To remove sensitive information from URLs
March 21, 20251 yr Author Thanks, Use SSL/TLS is set to No. Is that what I'd want for direct connection? I set the static IP in the unraid network.cfg file the same IP as what the server usually gets assigned via DHCP that I use to login normally (and that is the IP that is saved under windows credentials (which has the username and password that I set up in Unraid). I had set both windows and unraid to have static IP's in the same subnet, so unless the SSL/TLS should be set to something other than NO, I'm still not sure what I'm missing.
March 21, 20251 yr Author Ok got access by going to sharing tab of network connections and selecting the checkbox and selecting a connection from the dropdown box. I've since ran the open speed test docker on unraid and connected from the PC browser to run the test. Now only getting 1.6G up and down when using direct cable, whereas was getting 2.5G down and 1.7G up when using the switch!? Any idea what that's all about?
March 21, 20251 yr Community Expert Attach the diagnostics file to your next post. I will ping @JorgeB as he is much more of an expert in this area.
March 21, 20251 yr Community Expert 1 hour ago, Dominoes0522 said: Any idea what that's all about? Assuming that's still the iperf results, it can only be what's part of the LAN, NIC, NIC driver/settings, cables, switch, client PC.
March 21, 20251 yr Author Ok thanks. How do I check the NIC driver that's installed on the unraid server, find the best version to use instead, and how do I update it? sorry, I'm used to doing everything in a windows environment. Can I get it to scan for newer drivers and auto-update or would I need to find a NIC model number and go online to search for the newest version? And once obtained, how to install it? Thanks
March 21, 20251 yr Community Expert 21 minutes ago, Dominoes0522 said: How do I check the NIC driver that's installed on the unraid server, If it's an Intel NIC, nothing you need to do in Unraid, try a different driver for the Realtek on the PC side, those can be more driver dependent.
March 21, 20251 yr Author So downloaded the latest driver for my motherboard RTL8125B Nic from realtek website and installed on windows pc. Retested - slight improvement at 1.85G up. Found THIS thread, suggested to update Unraid (I was on 7 but now on 7.01). Also installed the Realtek RTL8125(B) plugin in Unraid. Rebooted both server and PC. Ran OST again. Results: Open Speed Test Do you think it's worth spending out ~£35 to buy an i226 intel NIC to put in PCIe slot in motherboard to avoid using the Realtek motherboard NIC? do you think that would give me the full bandwidth in both directions, or is this more likely a settings configuration issue? what about stuff like MTU / jumbo frames, interrupt moderation and other stuff mentioned in THIS guide? Edited March 21, 20251 yr by Dominoes0522
March 21, 20251 yr Community Expert 18 minutes ago, Dominoes0522 said: Also installed the Realtek RTL8125(B) plugin in Unraid. That won't change anything, if the Unraid NIC is Intel. 19 minutes ago, Dominoes0522 said: Do you think it's worth spending out ~£35 to buy an i226 intel NIC to put in PCIe slot in motherboard to avoid using the Realtek motherboard NIC? Difficult to say for sure, I have one of each, though they are both on Unraid servers, not Windows, and can get line speed in both directions using the stock drivers.
March 21, 20251 yr Author 9 minutes ago, JorgeB said: That won't change anything, if the Unraid NIC is Intel. There was a suggestion in the linked reddit thread that it may help fix bandwidth in both directions. Thought it was worth a shot. Also changed MTU to 9000 and Jumbo Frames in windows to 9014, disabled interrupt moderation but maxing out at 1.85G up. Oh well, will keep playing / searching. Thanks all, for your help. If I get any joy I will post back.
March 21, 20251 yr Author It just dawned on me that the NIC in my Linux client is also an i226 intel. OST results are 2.5g down and 2.0G up. So I dont think it's related solely to the realtek nic. Got to be a setting somewhere. Or it couldn't be related to an old GPU I have installed in the Unraid server could it?
March 21, 20251 yr Community Expert Try setting all the MTU settings to 1500 and turning off Jumbo frames. (They have caused problems in the past...)
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.