NAS-136296 / 25.10 / Consider primary group when checking for password-enabled users (#16654)
Allows users to be deleted or password to be disabled if another user
exists with `builtin_administrators` either in its auxiliary groups or
as its primary group.
NAS-135244 / 25.04.2 / Fix configuration for SMB Veeam Fast Clone (by anodos325) (#16656)
This commit adds a new SMB share purpose of VEEAM_REPOSITORY_SHARE,
which requires the ZFS recordsize to be set to 128 KiB (per guidance
from Veeam) and sets the underlying SMB block size to 128 KiB so that
FileFsSizeInformation the Sectors Per Allocation Unit is reported to
Veeam Backup & Restore in such a way that it will use the correct
offsets and lengths when it issues
FSCTL_DUPLICTE_EXTENTS_TO_FILE requests. If this is not done, then Fast
Copy requests will be rejected by ZFS due to improper alignment and ZFS
will fallback to doing an internal copy of the specified range.
Original PR: https://github.com/truenas/middleware/pull/16635
Co-authored-by: Andrew Walker <awalker at ixsystems.com>
NAS-135244 / 25.10 / Fix configuration for SMB Veeam Fast Clone (#16635)
This commit adds a new SMB share purpose of VEEAM_REPOSITORY_SHARE,
which requires the ZFS recordsize to be set to 128 KiB (per guidance
from Veeam) and sets the underlying SMB block size to 128 KiB so that
FileFsSizeInformation the Sectors Per Allocation Unit is reported to
Veeam Backup & Restore in such a way that it will use the correct
offsets and lengths when it issues
FSCTL_DUPLICTE_EXTENTS_TO_FILE requests. If this is not done, then Fast
Copy requests will be rejected by ZFS due to improper alignment and ZFS
will fallback to doing an internal copy of the specified range.
(cherry picked from commit d8e36ed79d3e6a0916b3fbda1323807e3dcff72c)
NAS-135244 / 25.10 / Fix configuration for SMB Veeam Fast Clone (#16635)
This commit adds a new SMB share purpose of VEEAM_REPOSITORY_SHARE,
which requires the ZFS recordsize to be set to 128 KiB (per guidance
from Veeam) and sets the underlying SMB block size to 128 KiB so that
FileFsSizeInformation the Sectors Per Allocation Unit is reported to
Veeam Backup & Restore in such a way that it will use the correct
offsets and lengths when it issues
FSCTL_DUPLICTE_EXTENTS_TO_FILE requests. If this is not done, then Fast
Copy requests will be rejected by ZFS due to improper alignment and ZFS
will fallback to doing an internal copy of the specified range.
NAS-136429 / 25.04.2 / Make KRB5_FCC_NOFILE nonfatal when trying to start AD (#16653)
This commit adds KRB5_FCC_NOFILE to the list of kerberos errors that we
try to wait out when activating active directory. This error may occur
if there's a race on keyring initialization. The second attempt will
succeed and issue won't recur.
NAS-135915 / 25.04.2 / Don't treat NSS UNAVAIL return code as fatal when building cache (by anodos325) (#16655)
This commit changes how the UNAVAIL return code is treated while
building cache for SSSD when joined to IPA / LDAP. It may take some time
for SSSD to initialize and build its own caches. In this case we can
squash the NSS error and sleep a bit more to ensure we don't have
failures.
Original PR: https://github.com/truenas/middleware/pull/16651
Co-authored-by: Andrew Walker <awalker at ixsystems.com>
NAS-135915 / 25.10 / Don't treat NSS UNAVAIL return code as fatal when building cache (#16651)
This commit changes how the UNAVAIL return code is treated while
building cache for SSSD when joined to IPA / LDAP. It may take some time
for SSSD to initialize and build its own caches. In this case we can
squash the NSS error and sleep a bit more to ensure we don't have
failures.
Make KRB5_FCC_NOFILE nonfatal when trying to start AD
This commit adds KRB5_FCC_NOFILE to the list of kerberos errors that we
try to wait out when activating active directory. This error may
occur if there's a race on keyring initialization. The second attempt
will succeed and issue won't recur.
