iX Information Library

A one-stop shop for product information.

FreeNAS 11.1-U6

The FreeNAS development team is pleased to announce the availability of the sixth update to FreeNAS 11.1.

This bug fix release addresses the following security vulnerabilities:

It also fixes the Known Issues documented in https://www.ixsystems.com/blog/library/freenas-11-1-u5/. Users of 11.1 systems are encouraged to update to U6 using the instructions in the Guide.

Known Impacts

SMB1 has been disabled by default for security reasons. If legacy clients are no longer able to connect, type this command in the Shell, then restart the SMB service:

sysctl freenas.services.smb.config.server_min_protocol=NT1

If that resolves the issue, you can make that setting permanent by going to System → Tunables →Add Tunable and creating a Tunable with these settings:

Variable: freenas.services.smb.config.server_min_protocol

Value: NT1

Type: Sysctl

Known Issues

Due to a migration bug, it is currently not possible to upgrade from 11.1-U6 to 11.2-BETA2. Please wait til 11.2-BETA3 is available before attempting to upgrade from 11.1-U6.

Changelog

26131 Feature Add “Auxiliary arguments” field to middleware
26695 Bug Use 4k jumbo cluster pool for all jumbo frames until the allocator problem is fixed for the 9k jumbo cluster pool
28063 Bug Write local SID to correct DB file
29020 Bug Encrypt cloud credentials in configuration database
30696 Bug Fixes for Windows AD User Base entries
32055 Bug Remove warning that vfs_full_audit may cause transfer problems
33054 Feature Automatically create bridge with default route for iocage jails
33453 Bug Fix unnecessary AD restarts caused by enabling service monitor
33645 Feature Add ability to stop winmsa from changing owner
34134 Bug Fix corruption of first byte in AFP_AfpInfo stream/xattr in Samba
34264 Feature Add support for configuring a custom S3 endpoint
34276 Bug NVMe SMART monitoring workaround
34396 Bug Use FreeNAS-specific fork of iocage
34459 Bug Recompile minio to allow S3 service to start
34522 Bug Allow reset of SED password in UI
34603 Bug Fix traceback when setting IPMI VLAN ID
34684 Bug Fix quota exceeded emails being sent every minute
35215 Bug Fix smart.nawk script in freenas-debug SMART section
35404 Bug Fix race condition in SMART
35973 Bug Remove faulty enabled/disabled logic from freenas-debug
37143 Bug Remove unnecessary pam_sss errors from /var/log/auth.log
37878 Bug Add sysctls to disable winbind and sssd enumeration
37902 Bug Remove ‘net usersidlist’ from freenas-debug
38898 Bug Improve text of unauthorized email alert message
39178 Bug Ensure that U6 installs the correct version of the Guide
39628 Bug Fix function for storing SIDs
40572 Bug Allow Samba to also listen on loopback when specifying a Bind IP
40636 Bug Allow /etc/find_alias_for_smtplib.sh to be used by sudoers
40640 Bug Monitor mdnsd and restart if necessary
40644 Bug Get samba_server status when checking if AD started
40648 Bug Load catia VFS module before zfs_space and zfsacl
40664 Feature Log netatalk messages to /var/log/afp.log
40668 Bug Regenerate /etc/resolv.conf when disabling Domain Controller service
40672 Bug Write out pam configuration files in /etc/pam.d/ if they don’t already exist
40680 Bug Kerberos authentication fixes for LDAP servers
40684 Feature Allow NIS to be ID provider for Active Directory
40688 Bug Fix typo and lack of clarity in NTLMv1 warning
40692 Bug At boot, have MDNS wait for /etc/resolv.conf to be available and valid
40696 Bug Remove leftover NT4 code
40704 Bug Do not grant extra privileges to users when a Directory Service is enabled
40708 Bug Add unix_primary_group and unix_nss_info to idmap_ad configuration to address how Samba now handles groups
40716 Bug Disable SMB1 by default
40720 Bug Replace (nss|pam)_ldap with nss-pam-ldapd
40724 Bug Allow unsigned 64-bit serials for certificates which allows AFP auth against macOS LDAP/KRB5
40728 Feature Add experimental sysctl to enable multichannel Samba
40768 Bug Revert recent zilstat commit as there is no zil_lwb_write_start() function in FreeNAS 11.1
40968 Bug Fix traceback when trying to add a Cloud Sync task
41028 Bug Patch FreeBSD CVE-2018-6922 “Resource exhaustion in TCP reassembly”
41044 Bug Fix traceback when creating an internal certificate
41052 Bug Bug fix for zvol/dataset traceback
41244 Bug Fix check to see whether the SMB service is started
41272 Bug Properly encode passwords in inadyn config
41332 Bug Check for iocage host release being less than jail release when creating regular jail
41385 Bug Update Samba port to address August CVEs
41410 Bug Fix “AttributeError: ‘Undefined’ object has no attribute ‘call’` traceback
41772 Bug Add patch to address FreeBSD-SA-18:10.ip
41880 Bug Improve service status wording in freenas-debug