The TrueNAS team is pleased to announce that TrueNAS 24.10.2.3 and TrueNAS 13.0-U6.8 are now available.
These releases are a response to the July 8 Microsoft security update for Active Directory Domain Controllers for Windows Server versions prior to 2025.
NAS-136590 Windows security update to Active Directory Domain Controllers breaks idmap_ad in winbindd NAS-136590
I find it a little annoying that release notes come hours later than the update notification on the systems.
And even now, in your linked docs, 24.10.2.2 is still the latest release.
By sheer chance I was working on a TrueNAS mini this afternoon and could not find the release notes for the update notification.
Thank you for the report, there is an error in one component which is being updated towards the top of the notes which is being corrected however the notes below do include the new release:
Think this was mentioned on the latest T3 video, a patch going way back to server 2k8 if memory serves. Wow. MS sure has some old dog turds it forgot to bury…over a decade of them at times. But good on you for continuing to suppport Core; I get the feeling there are some enterprise contracts there.
Although this AD issue doesn’t appear to impact me directly I would like to say thanks and very well done to all the team at iX to get a fix out so quick. Very impressive!
Well, IIRC certain MS customers can still pay for support for 2012R2. The various fixes from this last patch Tuesday may have gone back that far (didn’t check). Most people would encounter on Server 2016 or newer.
Windows and Linux / FreeBSD / MacOS have different mechanisms to identify users.
Windows identities (security identifiers – SIDs) are essentially globally unique. An example is: S-1-5-21-1842518067-541413841-1738574118-1141. In this case S-1-5-21-1842518067-541413841-1738574118 uniquely identifies the domain (domain SID), and 1141 identifies the object in the domain (relative ID or RID).
Unix IDs are numeric, e.g. 1000 and are obviously not globally unique.
Grossly simplified explanation:
When AD accounts are used on unix-like systems you need some mechanism to give the account a unix ID. TrueNAS generally takes one of two ways to do this:
generate it based on the RID of the active directory account by adding the RID value of the account to a pre-configured low-range.
read the value from active directory attributes (RFC2307 or services-for-unix).
Most AD users opt for (1) – because it’s our default, but some universities and enterprises opt for (2). The advantage of doing (2) is that they have broader support across operating systems. Syncing up unix IDs on various clients and servers is important if you use NFS or use tools that rely on them being consistent. The disadvantage of (2) is that there’s additional AD management overhead.
Applied 13.0-U6.8 to 5 systems. 4 no issue, 1 failed to manual update or train update with same middleware error. Reverted it to prior boot image then applied manual update sucessfully.
Is it possible to migrate from this CORE release (U6.8) to SCALE (dragonfish 24.04) from this release using the GUI? I’m about to perform this process and just want to sanity check myself.
Yes you can do this, upgrade to 24.04 in the UI and then upgrade to 24.10, and then 25.04 at the end of July; or you can do an ISO fresh install of CE 25.04 and load config with secrets.
The current “conservative” version is 24.10.2.3 and SCALE 24.04 no longer receives support. Enterprise 24.04 does ofc, but then you wouldn’t be asking in a forum
The next “conservative” version should be CE 25.04.2: 24.10 is the last of the SCALE line. Tbf it’s the same design, just a different name.
For a CE user I think upgrading every 6 months from conservative to conservative is prudent. You avoid tech debt, stay on a supported version, and don’t have to do multiple updates in a row. While it’s possible to skip releases, it’s not recommended and may break. The supported path is from major release to the next major release.
There’s a feature request to allow people to pay for an LTS subscription, maybe with some level of support by TrueNAS (TrueNAS the org, not the software). This would also enable LTS->LTS-next upgrades, spanning a year or two.
Thanks for this. My plan was to use multiple GUI updates, rather than a single ISO install to get to the latest versions, but now I’m second guessing / reconsidering. Both methods have their advantages and drawbacks. I want to minimise risk as much as possible with tried and tested methods, but also the thought of a single update with an ISO appeals to my inherent laziness. (grin)
I have to recommend following the update paths we provide in the release notes which either takes you to 25.04, through 24.10 and then to 25.04 or the more direct ISO route.
How long does it typically take for a release to be reflected on the Software Status page? I note that 24.10.2.3 hasn’t made it to “Conservative” or “Mission Critical” - how much community soak time is enough to get it there?
It’s a combination of how much risk is there in the previous version and how proven is the reliability of the new version. Is there a significant benefit in updating?
Where reasonable, we prefer to keep the update frequency down.
So, for Conservative… the changes are typically every 3 - 6 months and the specific version has 1-2 months of high volume testing.
You tell me. It’s a security update. This might be one of those cases where someone will need to ignore Software Status in order to get a security fix.
Yes, that’s a good example of conflicts and the need for a specific decision based on the real use case.
If a system was internet accessible or in a security-sensitive business… it might be that aggressively updating is needed for security reasons. Conservative, but an “early-adopter” of security fixes.
