FreeNAS® 9.2.1.8 Errata

Several items have changed since 9.2.1 due to various bug fixes. There were eight bug fix releases between FreeNAS® 9.2.1 and 9.2.1.8, where:

• 9.2.1.1 fixed this list of bugs,
• 9.2.1.2 fixed this list of bugs,
• 9.2.1.3 fixed this list of bugs,
• 9.2.1.4 fixed this list of bugs,
• 9.2.1.5 fixed this list of bugs,
• 9.2.1.6 fixed this list of bugs,
• 9.2.1.7 fixed this list of bugs, and
• 9.2.1.8 fixed this list of bugs.

This Errata provides a listing of screens and features that differ from the 9.2.1 Users Guide. It is organized by the names of the sections which have changed in numerical order.

Section 1.1 What’s New Since 9.2.1

• Incorporates all of the security releases issued since FreeBSD 9.2 RELEASE.
• Shellshock security vulnerability in bash proactively closed.
• Samba has been updated to version 4.1.12.
• Netatalk upgraded to version 3.1.2.
• *.usb files are now available from the FreeNAS® download page. These files can be either burned to CD (like an .iso file) or written directly to USB (like an .img file).
• A “Performance Test” button has been added to System ‣ Settings ‣ Advanced.
• “System Dataset” has been added as the fifth tab in System ‣ Settings.
• A “Media Status” column has been added to Network ‣ Interfaces ‣ View Interfaces.
• The “Enable High Speed Ciphers” field has been renamed in Storage ‣ Replication Tasks ‣ Add Replication Task. The “Replication Stream Compression” field has been added to this screen.
• A “Share type” drop-down menu has been added to the Storage -> Volumes ‣ Create ZFS Dataset screen.
• The “Permission Type” in the Change Permissions screen has changed to Unix / Mac and Windows.
• The “Database Path” field has been removed from the Sharing ‣ Apple (AFP) Shares ‣ Add Apple (AFP) Share screen and added to the Services ‣ AFP screen.
• The “Apply Default Permissions” checkbox has been added to Sharing ‣ Windows (CIFS) Shares ‣ Add Windows (CIFS) Share.
• The “Use syslog”, “Server minimum protocol”, “Server maximum protocol”, “Allow execute always”, and “Bind IP Addresses” fields have been added to Services ‣ CIFS. The “Authentication Model” field has been removed as Anonymous is not a valid setting for Samba4. Instead, Local User is used unless the system is joined to an Active Directory domain. The “EA Support” and “Support DOS File Attributes” fields have been removed.
• The “Windbind NSS Info” field has been added to Services ‣ Directory Services ‣ Active Directory.
• The location of the SSL certificate of the LDAP server can now be browsed to in the “Self signed certificate” field of Services ‣ Directory Services ‣ LDAP.
• The “Enable experimental target” checkbox has been added to Services ‣ iSCSI ‣ Target Global Configuration. This allows beta testers to use the experimental kernel iSCSI which adds support for Windows 2012 clustering. Checking this box requires the system to be rebooted.
• The “Enable multithreaded mode” checkbox has been added to Services ‣ iSCSI ‣ Target Global Configuration.
• The ability to specify a “LUN ID” has been added to Services ‣ iSCSI ‣ Add Target / Extent.
• The “VirtualBox” jail type has been added which will create a jail with phpVirtualBox installed. Once installed, input the IP address of the VirtualBox jail into a browser and enter the username and password of admin in the login screen.
• The Alert system will provide a warning if the ZFS volume’s capacity reaches 80% and will report a critical error if the ZFS volume’s capacity reaches 90%.
• The zsh shell has been added to the base system.

Section 2.1: Getting FreeNAS®

FreeNAS® 9.2.1.8 can be downloaded from the download page of the FreeNAS® website.

• USB Image: this file ends in a .usb extension and can either be written to CDROM as described in Installing from CDROM or written to a USB device as described in Burning an IMG File.

Section 2.3: Installing from CDROM

If you prefer to install FreeNAS® using a menu-driven installer, download the ISO or USB image that matches the architecture of the system you will install onto (32- or 64-bit) and burn it to a CDROM.

Section 2.4 Burning an IMG File

Note

you can also write the .usb file to a USB thumbdrive. Since this file is not compressed, it does not need to be uncompressed first using xzcat or 7-Zip.

When using dd, the command shown in the examples will change to:

dd if=FreeNAS-9.2.1.8-RELEASE-x64.usb of=/dev/da0 bs=64k

Section 2.6.1: Preparing for the Upgrade

1. Download the .iso, .usb, or .txz file that matches the system’s architecture to the computer that you use to access the FreeNAS® system.

Section 2.6.2: Using the ISO to Upgrade

Burn the downloaded .iso or .usb file to a CDROM.

Section 3.1.2: Set the Administrative Email Address

Remove the last line in the first paragraph.

Section 3.2.2: Users

Figure 3.2d: Managing User Accounts

If you click a user account, the following buttons will appear for that account:

• Modify User: used to modify the account’s settings, as listed in Table 3.2b.
• Change E-mail: used to change the email address associated with the account.

Section 4.6.2: Advanced Tab

Add this button to “This tab also contains the following buttons:”

Performance Test: runs a series of performance tests and prompts to save the results as a tarball. Since running the tests can affect performance, a warning is provided and the tests should be run at a time that will least impact users.

Section 4.6.5: System Dataset Tab

The “System Dataset” tab, shown in Figure 4.6e, is used to select the pool which will contain the persistent system dataset. The system dataset stores debugging core files and Samba4 metadata such as the user/group cache and share level permissions. If the FreeNAS® system is configured to be a Domain Controller, all of the domain controller state is stored there as well, including domain controller users and groups.

The system dataset can optionally be configured to also store the system log and the Reporting information. If there are lots of log entries or reporting information, moving these to the system dataset will prevent /var/ from filling up as /var/ has limited space.

Figure 4.6e: System Dataset Tab

Use the drop-down menu to select the ZFS volume (pool) to contain the system dataset.

To also store the system log on the system dataset, check the “Syslog” box.

To also store the reporting information, check the “Reporting Database” box.

If you change the pool storing the system dataset at a later time, FreeNAS® will automatically migrate the existing data in the system dataset to the new location.

Section 6.2.2: Configure PUSH

Figure 6.2b: Adding a Replication Task

In Table 6.2a, replace the entry for “Enable High Speed Ciphers” with:

Setting	Value	Description
Encryption Cipher	drop-down menu	used to select whether or not the data is encrypted during transmission; choices are Standard, Fast, or Disabled

Add this entry to Table 6.2a:

Setting	Value	Description
Replication Stream Compression	drop-down menu	used to select whether or not the data is compressed during transmission; choices are Off, lz4 (fastest), pigz (all rounder), or plzip (best compression)

Section 6.3.6: Creating ZFS Datasets

Figure 6.3i: Creating a ZFS Dataset

Add extra entry to Table 6.3d: ZFS Dataset Options:

Setting	Value	Description
Share type	drop-down menu	select the type of share that will be used on the dataset; choices are UNIX for an NFS share, Windows for a CIFS share, or Apple for an AFP share

Section 6.3.10: Setting Permissions

Figure 6.3q: Changing Permissions on a Volume or Dataset

Section 7.1.1: Creating AFP Shares

Figure 7.1a: Creating an AFP Share

The entry for “Database Path” has been removed from Table 7.1a: AFP Share Configuration Options.

Section 7.1.3: Using Time Machine

In step 4, remove this line:

Server name: freenas

Section 7.3.1: Creating CIFS Shares

The manual page for the Samba4 version of smb.conf(5) is http://www.sloop.net/smb.conf.html.

Figure 7.3a: Adding a CIFS Share

Add the following entry to Table 7.3a: Options for a CIFS Share:

Setting	Value	Description
Apply Default Permissions	checkbox	sets the ACLs to allow read/write for owner/group and read-only for others; should only be unchecked when creating a share on a system that already has custom ACLs set

Remove the following deprecated entries from Table 7.3a: Options for a CIFS Share:

• Inherit Owner
• Inherit Permissions

Section 7.3.2: Configuring Anonymous Access

In Step 4, remove this bullet:

• Authentication Model: Anonymous

Section 7.3.3: Configuring Authenticated Access

First sentence changed to: If you would like each user to authenticate before accessing the CIFS share, configure the share as follows:

Remove the first bullet for “Authentication Model” in Step 5.

Section 8.2: AFP

Figure 8.2a: AFP Configuration

Add this entry to Table 8.2a: AFP Configuration Options

Setting	Value	Description
Database Path	string	specify the path to store the CNID databases used by AFP (default is the root of the volume); the path must be writable

Section 8.3: CIFS

Figure 8.3a: Configuring CIFS

Remove these entries from Table 8.3a: CIFS Configuration Options:

• Authentication Model
• EA Support
• Support DOS File Attributes

Add these entries to Table 8.3a: CIFS Configuration Options:

Setting	Value	Description
Use syslog	checkbox	logs most events to syslog instead of the samba log files
Server minimum protocol	drop-down menu	the minimum protocol version the server will support where the default of —— sets automatic negotiation; refer to Table 8.3b for descriptions
Server maximum protocol	drop-down menu	the maximum protocol version the server will support; refer to Table 8.3b for descriptions
Allow execute always	checkbox	if checked, Samba will allow the user to execute a file, even if that user’s permissions are not set to execute
Bind IP Addresses	checkbox(es)	used to specify which IP address(es) the CIFS service will listen on

Add new table:

Table 8.3b: Description of SMB Protocol Versions

Value | Description
CORE	used by DOS
COREPLUS	used by DOS
LANMAN1	used by Windows for Workgroups, OS/2, and Windows 9x
LANMAN2	used by Windows for Workgroups, OS/2, and Windows 9x
NT1	used by Windows NT
SMB2	used by Windows 7; same as SMB2_10
SMB2_02	used by Windows Vista
SMB2_10	used by Windows 7
SMB2_22	used by early Windows 8
SMB2_24	used by Windows 8 beta
SMB3	used by Windows 8
SMB3_00	used by Windows 8, mostly the same as SMB2_24

Note

Windows 8.1 and Windows Server 2012 R2 use SMB3.02 which is not yet supported by Samba.

Section 8.3.1: Troubleshooting Tips

Change testparm command to:

testparm /usr/local/etc/smb4.conf

Add the following tips:

If clients have problems connecting to the CIFS share, go to Services ‣ CIFS and verify that “Server maximum protocol” is set to “SMB2”.

It is recommended to use a dataset for CIFS sharing. When creating the dataset, make sure that the “Share type” is set to Windows.

Do not use chmod to attempt to fix the permissions on a CIFS share as it destroys the Windows ACLs. The correct way to manage permissions on a CIFS share is to manage the share security from a Windows system as either the owner of the share or a member of the group the share is owned by. To do so, right-click on the share, click “Properties” and navigate to the “Security” tab. If you already destroyed the ACLs using chmod, winacl can be used to fix them. Type winacl from “Shell” for usage instructions.

Section 8.4.1: Active Directory

Add the following entry to Table 8.4a: Active Directory Configuration Options:

Setting	Value	Description
Windbind NSS Info	drop-down menu	select the service for retrieving the user’s home directory and login shell; choices are use sfu (Services for Unix, version 3.x), sfu20 (Services for Unix, version 2.0), or rfc2307 (use LDAP)

Section 8.7.5: Target Global Configuration

Figure 8.7g Target Global Configuration Variables

Add the following entries to Table 8.7f: Target Global Configuration Settings:

Setting	Value	Description
Enable experimental target	checkbox	this option is for beta testers of kernel iSCSI; requires a reboot
Enable multithreaded mode	checkbox	do not check as experimental

Section 8.7.7: Target/Extents

Figure 8.7i: Associating iSCSI Targets/Extents

Add this entry to Table 8.7g: Target/Extents Configuration Settings:

Setting	Value	Description
LUN ID	drop-down menu	specify the ID of the LUN; the default of Auto will select the next available LUN ID, starting at 0

Section 8.12.2: Chrooting Command Line SFTP Users

Figure 8.12b: Permissions Required by SSH Chroot

Section 9.1: Installing a FreeNAS® PBI Using Plugins

Figure 9.1a: Using Plugins to Install a PBI

Section 9.2: Available FreeNAS® PBIs

Add the following to the list of PBIs:

• Headphones
• LazyLibrarian
• Subsonic
• XDM

Remove the following from the list of PBIs:

• Gamez

Section 10: Jails

Add the following type of jail:

5. VirtualBox jail: installs an instance of phpVirtualBox, which provides a web-based front-end to VirtualBox. This can then be used to install any operating system and to use the software management tools provided by that operating system.

Section 10.2: Adding Jails

Add VirtualBox to the “Description” of “type” in Table 10.2a.

Section 10.3: Jail Templates

Figure 10.3a: Listing of Default Jail Templates

Change the bullet on “Instances” to read:

• Instances: indicates if the template has been used to create a jail. In this example, one pluginjail, portjail, standard, and debian jail have been created, so their instances show as 1. The rest of the templates have not been used yet so their instances show as 0.

Section 11: Reporting

Change second last paragraph to:

Reporting data is saved, allowing you to view and monitor usage trends over time. By default, reporting data is saved to /data/rrd_dir.tar.bz2 and should be preserved across system upgrades and at shutdown. To instead save this data to the system dataset, check the “Reporting database” box in System ‣ Settings ‣ System Dataset.

Section 12.5: Help

Change bullet for the Bug Tracker to:

• the Bug Tracker link to the bugs database

Section 13.2: Forums

The “FreeNAS 4 N00bs” forum has been renamed to “New to FreeNAS?”.

Section 16.1: Building a Local Copy of the APIs

Add note after first paragraph:

Note

an online version of the API is now hosted at api.freenas.org.