Configure Samba to Work Better with Mac OS X: Difference between revisions

From SambaWiki
m (added samba versions)
 
(25 intermediate revisions by 4 users not shown)
Line 1: Line 1:
== Recommended fruit config ==

Below is a working recommended fruit config:

[Global]
vfs objects = fruit streams_xattr
fruit:metadata = stream
fruit:model = MacSamba
fruit:posix_rename = yes
fruit:veto_appledouble = no
fruit:nfs_aces = no
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:delete_empty_adfiles = yes
[TimeMachineBackup]
fruit:time machine = yes
# fruit:time machine max size = SIZE

Beware! This configures VFS objects in the global section, setting vfs objects in a share will *overwrite* the globally configured option, it will NOT supplement them.

== Option details ==

Below are suggested parameters to use in smb.conf file of the Samba server to improve operability with Mac OS X clients.
Below are suggested parameters to use in smb.conf file of the Samba server to improve operability with Mac OS X clients.
Note that some parameters may not work with your version of Samba - read the smb.conf and vfs_fruit man pages (on Linux) for your system.
Note that some parameters may not work with your version of Samba - read the smb.conf and vfs_fruit man pages (on Linux) for your system.
Other than those shown in the [TimeMachineBackup] share below, I recommend you include all parameters in the [Global] section of smb.conf.
Other than those shown in the [TimeMachineBackup] share below, I recommend you include all parameters in the [Global] section of smb.conf.
For ease of copy > paste, a clean smb.conf section is included at the bottom of this page.
For ease of copy > paste, a clean smb.conf section is included at the bottom of this page.

First check what is in Samba:
:check Samba version: <code>#: smbd -V</code> - minimum is 4.2 to have any Mac OS X extensions (vfs_fruit)
:check build options: <code>#: smbd -b</code> - look for vfs_catia, vfs_fruit, vfs_streams_xattr and various aio_ "includes" or modules


[Global]
[Global]
Apple extensions ("AAPL") run under SMB2/3 protocol, make that the minimum (probably shouldn't be running SMB1 anyway...):
Apple extensions ("AAPL") run under SMB2/3 protocol, make that the minimum (probably shouldn't be running SMB1 anyway...) - defaults to SMB2_2 in Samba 4.11+:
min protocol = SMB2
min protocol = SMB2
Apple extensions require support for "extended attributes (xattr)":
Apple extensions require support for extended attributes(xattr) - defaults to yes in Samba 4.9+:
ea support = yes
ea support = yes
Load in modules (order is critical!) and enable AAPL extensions:
Load in modules (order is critical!) and enable AAPL extensions:
vfs objects = catia fruit streams_xattr
vfs objects = fruit streams_xattr
How to store OS X metadata:
fruit:aapl = yes
fruit:metadata = stream
Address file metadata - Unix mode, FinderInfo, resource fork size, permissions:

readdir_attr:aapl_rsize = yes
For additional setting see the manpage vfs_fruit.
readdir_attr:aapl_finder_info = yes

readdir_attr:aapl_max_access = yes
fruit:nfs_aces = yes
Allow OS X copyfile:
fruit:copyfile= yes
How to store OS X metadata and resource fork:
fruit:metadata = netatalk
fruit:resource = file
How a file is locked by OS X:
fruit:locking = none
Map NTFS illegal characters to Unicode:
fruit:encoding = private
Follow symlinks:
unix extensions = yes
Server icon in Finder (added in Samba 4.5):
Server icon in Finder (added in Samba 4.5):
fruit:model = MacSamba
fruit:model = MacSamba
Spotlight on Samba server (added in Samba 4.3) - if Gnome Tracker runs on server, change to "yes":
spotlight = no
Increase read/write size: (default with SMB2.1+ and LargeMTU (SMB, not TCP/IP))
smb2 max read = 8388608
smb2 max write = 8388608
smb2 max trans = 8388608
Other performance tweaks:
smb2 leases = yes
aio read size = 1
aio write size = 1
kernel oplocks = no
use sendfile = yes
strict sync = yes
sync always = no
File cleanup:
File cleanup:
fruit:veto_appledouble = no
delete veto files = true
fruit:veto_appledouble = yes
...added in Samba 4.3
...added in Samba 4.3
fruit:posix_rename = yes
fruit:posix_rename = yes
Line 58: Line 49:
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:delete_empty_adfiles = yes
fruit:delete_empty_adfiles = yes

If Samba server supports only Unix/OS X/Android clients:
For Spotlight backend indexing using Elasticsearch (added in Samba 4.12):
disable netbios = yes
[share]
dns proxy = no
spotlight backend = elasticsearch
smb ports = 445
See smb.conf for 4.12 for other Elasticsearch parameters.
name resolve order = host bcast
Gnome tracker is still available (= tracker) or no indexing (= noindex), the default.


For Time Machine backup share (added in Samba 4.8):
For Time Machine backup share (added in Samba 4.8):
[TimeMachineBackup]
[TimeMachineBackup]
vfs objects = catia fruit streams_xattr
vfs objects = fruit streams_xattr
fruit:time machine = yes
fruit:time machine = yes
If set on Samba server, omit this parameter:
fruit:time machine max size = SIZE
Indexing is not recommended for Time Machine:
spotlight = no


As far as I know, testparm will not validate vfs_fruit parameters. (my server runs an old version of Samba :-), but after you have built your smb.conf, you can check for errors anyway with <code>#: testparm</code> or <code>#: testparm -v</code> (which will give you the defaults as well.
As far as I know, testparm will not validate vfs_fruit parameters. (my server runs an old version of Samba :-), but after you have built your smb.conf, you can check for errors anyway with <code>#: testparm</code> or <code>#: testparm -v</code> (which will give you the defaults as well.


From Finder, connect to your Samba server using <code>"smb://User@Server"</code>.
Here is the smb.conf code - NOTE - THIS IS NOT A COMPLETE SMB.CONF!!!
Note that TM backups over smb may now be possible with your server.
[Global]
Other Mac models can be found in "/System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist". Use "Quick Look", Xcode or plutil to view or convert plist.
min protocol = SMB2

ea support = yes
== File Permission issues ==
vfs objects = catia fruit streams_xattr

fruit:aapl = yes
Setting the global option <code>fruit:nfs_aces = no</code> will prevent macOS clients from modifying the UNIX mode of directories using NFS ACEs. An Access Control Entry (ACE) is part of the Access Control List (ACL).
readdir_attr:aapl_rsize = yes
readdir_attr:aapl_finder_info = yes
readdir_attr:aapl_max_access = yes
fruit:nfs_aces = yes
fruit:copyfile= yes
fruit:metadata = netatalk
fruit:resource = file
fruit:locking = none
fruit:encoding = private
unix extensions = yes
fruit:model = MacSamba
spotlight = no
smb2 max read = 8388608
smb2 max write = 8388608
smb2 max trans = 8388608
smb2 leases = yes
aio read size = 1
aio write size = 1
kernel oplocks = no
use sendfile = yes
strict sync = yes
sync always = no
delete veto files = true
fruit:posix_rename = yes
fruit:veto_appledouble = yes
fruit:zero_file_id = yes
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:delete_empty_adfiles = yes
disable netbios = yes
dns proxy = no
smb ports = 445
name resolve order = host bcast
[TimeMachineBackup]
vfs objects = catia fruit streams_xattr
fruit:time machine = yes
# fruit:time machine max size = SIZE <<<<<
strict sync = yes
spotlight = no

Latest revision as of 09:18, 29 June 2022

Recommended fruit config

Below is a working recommended fruit config:

[Global]
vfs objects = fruit streams_xattr  
fruit:metadata = stream
fruit:model = MacSamba
fruit:posix_rename = yes 
fruit:veto_appledouble = no
fruit:nfs_aces = no
fruit:wipe_intentionally_left_blank_rfork = yes 
fruit:delete_empty_adfiles = yes 

[TimeMachineBackup]
fruit:time machine = yes
#  fruit:time machine max size = SIZE

Beware! This configures VFS objects in the global section, setting vfs objects in a share will *overwrite* the globally configured option, it will NOT supplement them.

Option details

Below are suggested parameters to use in smb.conf file of the Samba server to improve operability with Mac OS X clients. Note that some parameters may not work with your version of Samba - read the smb.conf and vfs_fruit man pages (on Linux) for your system. Other than those shown in the [TimeMachineBackup] share below, I recommend you include all parameters in the [Global] section of smb.conf. For ease of copy > paste, a clean smb.conf section is included at the bottom of this page.

[Global]

Apple extensions ("AAPL") run under SMB2/3 protocol, make that the minimum (probably shouldn't be running SMB1 anyway...) - defaults to SMB2_2 in Samba 4.11+:

min protocol = SMB2 

Apple extensions require support for extended attributes(xattr) - defaults to yes in Samba 4.9+:

ea support = yes

Load in modules (order is critical!) and enable AAPL extensions:

vfs objects = fruit streams_xattr  

How to store OS X metadata:

fruit:metadata = stream

For additional setting see the manpage vfs_fruit.

Server icon in Finder (added in Samba 4.5):

fruit:model = MacSamba

File cleanup:

fruit:veto_appledouble = no
...added in Samba 4.3
fruit:posix_rename = yes 
...added in Samba 4.5
fruit:zero_file_id = yes
..added in Samba 4.8
fruit:wipe_intentionally_left_blank_rfork = yes 
fruit:delete_empty_adfiles = yes 

For Spotlight backend indexing using Elasticsearch (added in Samba 4.12):

[share]
spotlight backend = elasticsearch

See smb.conf for 4.12 for other Elasticsearch parameters. Gnome tracker is still available (= tracker) or no indexing (= noindex), the default.

For Time Machine backup share (added in Samba 4.8):

[TimeMachineBackup]
vfs objects = fruit streams_xattr
fruit:time machine = yes

As far as I know, testparm will not validate vfs_fruit parameters. (my server runs an old version of Samba :-), but after you have built your smb.conf, you can check for errors anyway with #: testparm or #: testparm -v (which will give you the defaults as well.

From Finder, connect to your Samba server using "smb://User@Server". Note that TM backups over smb may now be possible with your server. Other Mac models can be found in "/System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist". Use "Quick Look", Xcode or plutil to view or convert plist.

File Permission issues

Setting the global option fruit:nfs_aces = no will prevent macOS clients from modifying the UNIX mode of directories using NFS ACEs. An Access Control Entry (ACE) is part of the Access Control List (ACL).