Configure Samba to Work Better with Mac OS X: Difference between revisions

From SambaWiki
No edit summary
 
(19 intermediate revisions by 4 users not shown)
Line 1: Line 1:
== Recommended fruit config ==

Below is a working recommended fruit config:

[Global]
vfs objects = fruit streams_xattr
fruit:metadata = stream
fruit:model = MacSamba
fruit:posix_rename = yes
fruit:veto_appledouble = no
fruit:nfs_aces = no
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:delete_empty_adfiles = yes
[TimeMachineBackup]
fruit:time machine = yes
# fruit:time machine max size = SIZE

Beware! This configures VFS objects in the global section, setting vfs objects in a share will *overwrite* the globally configured option, it will NOT supplement them.

== Option details ==

Below are suggested parameters to use in smb.conf file of the Samba server to improve operability with Mac OS X clients.
Below are suggested parameters to use in smb.conf file of the Samba server to improve operability with Mac OS X clients.
Note that some parameters may not work with your version of Samba - read the smb.conf and vfs_fruit man pages (on Linux) for your system.
Note that some parameters may not work with your version of Samba - read the smb.conf and vfs_fruit man pages (on Linux) for your system.
Other than those shown in the [TimeMachineBackup] share below, I recommend you include all parameters in the [Global] section of smb.conf.
Other than those shown in the [TimeMachineBackup] share below, I recommend you include all parameters in the [Global] section of smb.conf.
For ease of copy > paste, a clean smb.conf section is included at the bottom of this page.
For ease of copy > paste, a clean smb.conf section is included at the bottom of this page.

First check what is in Samba:
:check Samba version: <code>#: smbd -V</code> - minimum is 4.2 to have any Mac OS X extensions (vfs_fruit)
:check build options: <code>#: smbd -b</code> - look for vfs_catia, vfs_fruit, vfs_streams_xattr and various aio_ "includes" or modules


[Global]
[Global]
Apple extensions ("AAPL") run under SMB2/3 protocol, make that the minimum (probably shouldn't be running SMB1 anyway...):
Apple extensions ("AAPL") run under SMB2/3 protocol, make that the minimum (probably shouldn't be running SMB1 anyway...) - defaults to SMB2_2 in Samba 4.11+:
min protocol = SMB2
min protocol = SMB2
Apple extensions require support for extended attributes(xattr) - defaults to yes in Samba 4.9+:
Apple extensions require support for extended attributes(xattr) - defaults to yes in Samba 4.9+:
ea support = yes
ea support = yes
Load in modules (order is critical!) and enable AAPL extensions:
Load in modules (order is critical!) and enable AAPL extensions:
vfs objects = catia fruit streams_xattr
vfs objects = fruit streams_xattr
How to store OS X metadata:
How to store OS X metadata:
fruit:metadata = stream
fruit:metadata = stream
Line 23: Line 41:
fruit:model = MacSamba
fruit:model = MacSamba
File cleanup:
File cleanup:
fruit:veto_appledouble = no
delete veto files = true
fruit:veto_appledouble = yes
...added in Samba 4.3
...added in Samba 4.3
fruit:posix_rename = yes
fruit:posix_rename = yes
Line 32: Line 49:
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:delete_empty_adfiles = yes
fruit:delete_empty_adfiles = yes

If Samba server supports only Unix/OS X/Android clients:
For Spotlight backend indexing using Elasticsearch (added in Samba 4.12):
disable netbios = yes
[share]
dns proxy = no
spotlight backend = elasticsearch
smb ports = 445
See smb.conf for 4.12 for other Elasticsearch parameters.
name resolve order = host bcast
Gnome tracker is still available (= tracker) or no indexing (= noindex), the default.


For Time Machine backup share (added in Samba 4.8):
For Time Machine backup share (added in Samba 4.8):
[TimeMachineBackup]
[TimeMachineBackup]
vfs objects = catia fruit streams_xattr
vfs objects = fruit streams_xattr
fruit:time machine = yes
fruit:time machine = yes


As far as I know, testparm will not validate vfs_fruit parameters. (my server runs an old version of Samba :-), but after you have built your smb.conf, you can check for errors anyway with <code>#: testparm</code> or <code>#: testparm -v</code> (which will give you the defaults as well.
As far as I know, testparm will not validate vfs_fruit parameters. (my server runs an old version of Samba :-), but after you have built your smb.conf, you can check for errors anyway with <code>#: testparm</code> or <code>#: testparm -v</code> (which will give you the defaults as well.


From Finder, connect to your Samba server using <code>"smb://User@Server"</code>.
Here is the smb.conf code - NOTE - THIS IS NOT A COMPLETE SMB.CONF!!!
Note that TM backups over smb may now be possible with your server.
[Global]
Other Mac models can be found in "/System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist". Use "Quick Look", Xcode or plutil to view or convert plist.
min protocol = SMB2

vfs objects = catia fruit streams_xattr
== File Permission issues ==
fruit:metadata = stream

fruit:model = MacSamba
Setting the global option <code>fruit:nfs_aces = no</code> will prevent macOS clients from modifying the UNIX mode of directories using NFS ACEs. An Access Control Entry (ACE) is part of the Access Control List (ACL).
fruit:posix_rename = yes
fruit:veto_appledouble = no
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:delete_empty_adfiles = yes
[TimeMachineBackup]
vfs objects = catia fruit streams_xattr
fruit:time machine = yes
# fruit:time machine max size = SIZE

Latest revision as of 09:18, 29 June 2022

Recommended fruit config

Below is a working recommended fruit config:

[Global]
vfs objects = fruit streams_xattr  
fruit:metadata = stream
fruit:model = MacSamba
fruit:posix_rename = yes 
fruit:veto_appledouble = no
fruit:nfs_aces = no
fruit:wipe_intentionally_left_blank_rfork = yes 
fruit:delete_empty_adfiles = yes 

[TimeMachineBackup]
fruit:time machine = yes
#  fruit:time machine max size = SIZE

Beware! This configures VFS objects in the global section, setting vfs objects in a share will *overwrite* the globally configured option, it will NOT supplement them.

Option details

Below are suggested parameters to use in smb.conf file of the Samba server to improve operability with Mac OS X clients. Note that some parameters may not work with your version of Samba - read the smb.conf and vfs_fruit man pages (on Linux) for your system. Other than those shown in the [TimeMachineBackup] share below, I recommend you include all parameters in the [Global] section of smb.conf. For ease of copy > paste, a clean smb.conf section is included at the bottom of this page.

[Global]

Apple extensions ("AAPL") run under SMB2/3 protocol, make that the minimum (probably shouldn't be running SMB1 anyway...) - defaults to SMB2_2 in Samba 4.11+:

min protocol = SMB2 

Apple extensions require support for extended attributes(xattr) - defaults to yes in Samba 4.9+:

ea support = yes

Load in modules (order is critical!) and enable AAPL extensions:

vfs objects = fruit streams_xattr  

How to store OS X metadata:

fruit:metadata = stream

For additional setting see the manpage vfs_fruit.

Server icon in Finder (added in Samba 4.5):

fruit:model = MacSamba

File cleanup:

fruit:veto_appledouble = no
...added in Samba 4.3
fruit:posix_rename = yes 
...added in Samba 4.5
fruit:zero_file_id = yes
..added in Samba 4.8
fruit:wipe_intentionally_left_blank_rfork = yes 
fruit:delete_empty_adfiles = yes 

For Spotlight backend indexing using Elasticsearch (added in Samba 4.12):

[share]
spotlight backend = elasticsearch

See smb.conf for 4.12 for other Elasticsearch parameters. Gnome tracker is still available (= tracker) or no indexing (= noindex), the default.

For Time Machine backup share (added in Samba 4.8):

[TimeMachineBackup]
vfs objects = fruit streams_xattr
fruit:time machine = yes

As far as I know, testparm will not validate vfs_fruit parameters. (my server runs an old version of Samba :-), but after you have built your smb.conf, you can check for errors anyway with #: testparm or #: testparm -v (which will give you the defaults as well.

From Finder, connect to your Samba server using "smb://User@Server". Note that TM backups over smb may now be possible with your server. Other Mac models can be found in "/System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist". Use "Quick Look", Xcode or plutil to view or convert plist.

File Permission issues

Setting the global option fruit:nfs_aces = no will prevent macOS clients from modifying the UNIX mode of directories using NFS ACEs. An Access Control Entry (ACE) is part of the Access Control List (ACL).