Configure Samba to Work Better with Mac OS X: Difference between revisions
mNo edit summary |
Slowfranklin (talk | contribs) |
||
(26 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
== Recommended fruit config == |
|||
Below is a working recommended fruit config: |
|||
[Global] |
|||
vfs objects = fruit streams_xattr |
|||
fruit:metadata = stream |
|||
fruit:model = MacSamba |
|||
fruit:posix_rename = yes |
|||
fruit:veto_appledouble = no |
|||
fruit:nfs_aces = no |
|||
fruit:wipe_intentionally_left_blank_rfork = yes |
|||
fruit:delete_empty_adfiles = yes |
|||
[TimeMachineBackup] |
|||
fruit:time machine = yes |
|||
# fruit:time machine max size = SIZE |
|||
Beware! This configures VFS objects in the global section, setting vfs objects in a share will *overwrite* the globally configured option, it will NOT supplement them. |
|||
== Option details == |
|||
Below are suggested parameters to use in smb.conf file of the Samba server to improve operability with Mac OS X clients. |
Below are suggested parameters to use in smb.conf file of the Samba server to improve operability with Mac OS X clients. |
||
Note that some parameters may not work with your version of Samba - read the smb.conf and vfs_fruit man pages (on Linux) for your system. |
Note that some parameters may not work with your version of Samba - read the smb.conf and vfs_fruit man pages (on Linux) for your system. |
||
Other than those shown in the [TimeMachineBackup] share below, I recommend you include all parameters in the [Global] section of smb.conf. |
Other than those shown in the [TimeMachineBackup] share below, I recommend you include all parameters in the [Global] section of smb.conf. |
||
For ease of copy > paste, a clean smb.conf section is included at the bottom of this page. |
For ease of copy > paste, a clean smb.conf section is included at the bottom of this page. |
||
First check what is in Samba: |
|||
:check Samba version: <code>#: smbd -V</code> - minimum is 4.2 to have any Mac OS X extensions |
|||
:check build options: <code>#: smbd -b</code> - look for vfs_catia, vfs_fruit, vfs_streams_xattr and various aio_ "includes" or modules |
|||
[Global] |
[Global] |
||
Apple extensions ("AAPL") run under SMB2/3 protocol, make that the minimum (probably shouldn't be running SMB1 anyway...): |
Apple extensions ("AAPL") run under SMB2/3 protocol, make that the minimum (probably shouldn't be running SMB1 anyway...) - defaults to SMB2_2 in Samba 4.11+: |
||
min protocol = SMB2 |
min protocol = SMB2 |
||
Apple extensions require support for |
Apple extensions require support for extended attributes(xattr) - defaults to yes in Samba 4.9+: |
||
ea support = yes |
ea support = yes |
||
Load in modules (order is critical!) and enable AAPL extensions: |
Load in modules (order is critical!) and enable AAPL extensions: |
||
vfs objects = |
vfs objects = fruit streams_xattr |
||
How to store OS X metadata: |
|||
fruit:aapl = yes |
|||
fruit:metadata = stream |
|||
Address file metadata - Unix mode, FinderInfo, resource fork size, permissions: |
|||
readdir_attr:aapl_rsize = yes |
|||
For additional setting see the manpage vfs_fruit. |
|||
readdir_attr:aapl_finder_info = yes |
|||
readdir_attr:aapl_max_access = yes |
|||
Server icon in Finder (added in Samba 4.5): |
|||
fruit:nfs_aces = yes |
|||
Allow OS X copyfile: |
|||
fruit:copyfile= yes |
|||
How to store OS X metadata and resource fork: |
|||
fruit:metadata = netatalk |
|||
fruit:resource = file |
|||
How a file is locked by OS X: |
|||
fruit:locking = none |
|||
Map NTFS illegal characters to Unicode: |
|||
fruit:encoding = private |
|||
Follow symlinks: |
|||
unix extensions = yes |
|||
Server icon in Finder: |
|||
fruit:model = MacSamba |
fruit:model = MacSamba |
||
Spotlight on Samba server?: (if Gnome Tracker runs on server, change to "yes") |
|||
spotlight = no |
|||
Increase read/write size: (default with SMB2.1+ and LargeMTU (SMB, not TCP/IP)) |
|||
smb2 max read = 8388608 |
|||
smb2 max write = 8388608 |
|||
smb2 max trans = 8388608 |
|||
Other performance tweaks: |
|||
smb2 leases = yes |
|||
aio read size = 1 |
|||
aio write size = 1 |
|||
kernel oplocks = no |
|||
use sendfile = yes |
|||
strict sync = yes |
|||
sync always = no |
|||
File cleanup: |
File cleanup: |
||
fruit:veto_appledouble = no |
|||
delete veto files = true |
|||
...added in Samba 4.3 |
|||
fruit:posix_rename = yes |
fruit:posix_rename = yes |
||
...added in Samba 4.5 |
|||
fruit:veto_appledouble = yes |
|||
fruit:zero_file_id = yes |
fruit:zero_file_id = yes |
||
..added in Samba 4.8 |
|||
fruit:wipe_intentionally_left_blank_rfork = yes |
fruit:wipe_intentionally_left_blank_rfork = yes |
||
fruit:delete_empty_adfiles = yes |
fruit:delete_empty_adfiles = yes |
||
If Samba server supports only Unix/OS X/Android clients: |
|||
disable netbios = yes |
|||
dns proxy = no |
|||
smb ports = 445 |
|||
name resolve order = host bcast |
|||
For Spotlight backend indexing using Elasticsearch (added in Samba 4.12): |
|||
For Time Machine backup share: |
|||
[share] |
|||
spotlight backend = elasticsearch |
|||
See smb.conf for 4.12 for other Elasticsearch parameters. |
|||
Gnome tracker is still available (= tracker) or no indexing (= noindex), the default. |
|||
For Time Machine backup share (added in Samba 4.8): |
|||
[TimeMachineBackup] |
[TimeMachineBackup] |
||
vfs objects = |
vfs objects = fruit streams_xattr |
||
fruit:time machine = yes |
fruit:time machine = yes |
||
If set on Samba server, omit this parameter: |
|||
fruit:time machine max size = SIZE |
|||
Indexing is not recommended for Time Machine: |
|||
spotlight = no |
|||
As far as I know, testparm will not validate vfs_fruit parameters. (my server runs an old version of Samba :-), but after you have built your smb.conf, you can check for errors anyway with <code>#: testparm</code> or <code>#: testparm -v</code> (which will give you the defaults as well. |
As far as I know, testparm will not validate vfs_fruit parameters. (my server runs an old version of Samba :-), but after you have built your smb.conf, you can check for errors anyway with <code>#: testparm</code> or <code>#: testparm -v</code> (which will give you the defaults as well. |
||
From Finder, connect to your Samba server using <code>"smb://User@Server"</code>. |
|||
Here is the smb.conf code - NOTE - THIS IS NOT A COMPLETE SMB.CONF!!! |
|||
Note that TM backups over smb may now be possible with your server. |
|||
[Global] |
|||
Other Mac models can be found in "/System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist". Use "Quick Look", Xcode or plutil to view or convert plist. |
|||
min protocol = SMB2 |
|||
ea support = yes |
|||
== File Permission issues == |
|||
vfs objects = catia fruit streams_xattr |
|||
fruit:aapl = yes |
|||
Setting the global option <code>fruit:nfs_aces = no</code> will prevent macOS clients from modifying the UNIX mode of directories using NFS ACEs. An Access Control Entry (ACE) is part of the Access Control List (ACL). |
|||
readdir_attr:aapl_rsize = yes |
|||
readdir_attr:aapl_finder_info = yes |
|||
readdir_attr:aapl_max_access = yes |
|||
fruit:nfs_aces = yes |
|||
fruit:copyfile= yes |
|||
fruit:metadata = netatalk |
|||
fruit:resource = file |
|||
fruit:locking = none |
|||
fruit:encoding = private |
|||
unix extensions = yes |
|||
fruit:model = MacSamba |
|||
spotlight = no |
|||
smb2 max read = 8388608 |
|||
smb2 max write = 8388608 |
|||
smb2 max trans = 8388608 |
|||
smb2 leases = yes |
|||
aio read size = 1 |
|||
aio write size = 1 |
|||
kernel oplocks = no |
|||
use sendfile = yes |
|||
strict sync = yes |
|||
sync always = no |
|||
delete veto files = true |
|||
fruit:posix_rename = yes |
|||
fruit:veto_appledouble = yes |
|||
fruit:zero_file_id = yes |
|||
fruit:wipe_intentionally_left_blank_rfork = yes |
|||
fruit:delete_empty_adfiles = yes |
|||
disable netbios = yes |
|||
dns proxy = no |
|||
smb ports = 445 |
|||
name resolve order = host bcast |
|||
[TimeMachineBackup] |
|||
vfs objects = catia fruit streams_xattr |
|||
fruit:time machine = yes |
|||
# fruit:time machine max size = SIZE <<<<< |
|||
strict sync = yes |
|||
spotlight = no |
Latest revision as of 09:18, 29 June 2022
Recommended fruit config
Below is a working recommended fruit config:
[Global] vfs objects = fruit streams_xattr fruit:metadata = stream fruit:model = MacSamba fruit:posix_rename = yes fruit:veto_appledouble = no fruit:nfs_aces = no fruit:wipe_intentionally_left_blank_rfork = yes fruit:delete_empty_adfiles = yes [TimeMachineBackup] fruit:time machine = yes # fruit:time machine max size = SIZE
Beware! This configures VFS objects in the global section, setting vfs objects in a share will *overwrite* the globally configured option, it will NOT supplement them.
Option details
Below are suggested parameters to use in smb.conf file of the Samba server to improve operability with Mac OS X clients. Note that some parameters may not work with your version of Samba - read the smb.conf and vfs_fruit man pages (on Linux) for your system. Other than those shown in the [TimeMachineBackup] share below, I recommend you include all parameters in the [Global] section of smb.conf. For ease of copy > paste, a clean smb.conf section is included at the bottom of this page.
[Global]
Apple extensions ("AAPL") run under SMB2/3 protocol, make that the minimum (probably shouldn't be running SMB1 anyway...) - defaults to SMB2_2 in Samba 4.11+:
min protocol = SMB2
Apple extensions require support for extended attributes(xattr) - defaults to yes in Samba 4.9+:
ea support = yes
Load in modules (order is critical!) and enable AAPL extensions:
vfs objects = fruit streams_xattr
How to store OS X metadata:
fruit:metadata = stream
For additional setting see the manpage vfs_fruit.
Server icon in Finder (added in Samba 4.5):
fruit:model = MacSamba
File cleanup:
fruit:veto_appledouble = no ...added in Samba 4.3 fruit:posix_rename = yes ...added in Samba 4.5 fruit:zero_file_id = yes ..added in Samba 4.8 fruit:wipe_intentionally_left_blank_rfork = yes fruit:delete_empty_adfiles = yes
For Spotlight backend indexing using Elasticsearch (added in Samba 4.12):
[share] spotlight backend = elasticsearch
See smb.conf for 4.12 for other Elasticsearch parameters. Gnome tracker is still available (= tracker) or no indexing (= noindex), the default.
For Time Machine backup share (added in Samba 4.8):
[TimeMachineBackup] vfs objects = fruit streams_xattr fruit:time machine = yes
As far as I know, testparm will not validate vfs_fruit parameters. (my server runs an old version of Samba :-), but after you have built your smb.conf, you can check for errors anyway with #: testparm
or #: testparm -v
(which will give you the defaults as well.
From Finder, connect to your Samba server using "smb://User@Server"
.
Note that TM backups over smb may now be possible with your server.
Other Mac models can be found in "/System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist". Use "Quick Look", Xcode or plutil to view or convert plist.
File Permission issues
Setting the global option fruit:nfs_aces = no
will prevent macOS clients from modifying the UNIX mode of directories using NFS ACEs. An Access Control Entry (ACE) is part of the Access Control List (ACL).