Configure Samba to Work Better with Mac OS X

From SambaWiki
Revision as of 20:52, 22 April 2019 by Torch1 (talk | contribs) (added samba versions)

Below are suggested parameters to use in smb.conf file of the Samba server to improve operability with Mac OS X clients. Note that some parameters may not work with your version of Samba - read the smb.conf and vfs_fruit man pages (on Linux) for your system. Other than those shown in the [TimeMachineBackup] share below, I recommend you include all parameters in the [Global] section of smb.conf. For ease of copy > paste, a clean smb.conf section is included at the bottom of this page.

First check what is in Samba:

check Samba version: #: smbd -V - minimum is 4.2 to have any Mac OS X extensions (vfs_fruit)
check build options: #: smbd -b - look for vfs_catia, vfs_fruit, vfs_streams_xattr and various aio_ "includes" or modules
[Global]

Apple extensions ("AAPL") run under SMB2/3 protocol, make that the minimum (probably shouldn't be running SMB1 anyway...):

min protocol = SMB2 

Apple extensions require support for extended attributes(xattr) - defaults to yes in Samba 4.9+:

ea support = yes

Load in modules (order is critical!) and enable AAPL extensions:

vfs objects = catia fruit streams_xattr  
fruit:aapl = yes

Address file metadata - Unix mode, FinderInfo, resource fork size, permissions:

readdir_attr:aapl_rsize = yes
readdir_attr:aapl_finder_info = yes
readdir_attr:aapl_max_access = yes
fruit:nfs_aces = yes

Allow OS X copyfile:

fruit:copyfile= yes

How to store OS X metadata and resource fork:

fruit:metadata = netatalk
fruit:resource = file

How a file is locked by OS X:

fruit:locking = none

Map NTFS illegal characters to Unicode:

fruit:encoding = private

Follow symlinks:

unix extensions = yes

Server icon in Finder (added in Samba 4.5):

fruit:model = MacSamba

Spotlight on Samba server (added in Samba 4.3) - if Gnome Tracker runs on server, change to "yes":

spotlight = no 

Increase read/write size: (default with SMB2.1+ and LargeMTU (SMB, not TCP/IP))

smb2 max read = 8388608
smb2 max write = 8388608
smb2 max trans = 8388608

Other performance tweaks:

smb2 leases = yes
aio read size = 1
aio write size = 1
kernel oplocks = no
use sendfile = yes
strict sync = yes
sync always = no

File cleanup:

delete veto files = true
fruit:veto_appledouble = yes
...added in Samba 4.3
fruit:posix_rename = yes 
...added in Samba 4.5
fruit:zero_file_id = yes
..added in Samba 4.8
fruit:wipe_intentionally_left_blank_rfork = yes 
fruit:delete_empty_adfiles = yes 

If Samba server supports only Unix/OS X/Android clients:

disable netbios = yes
dns proxy = no
smb ports = 445
name resolve order = host bcast

For Time Machine backup share (added in Samba 4.8):

[TimeMachineBackup]
vfs objects = catia fruit streams_xattr
fruit:time machine = yes

If set on Samba server, omit this parameter:

fruit:time machine max size = SIZE 

Indexing is not recommended for Time Machine:

spotlight = no

As far as I know, testparm will not validate vfs_fruit parameters. (my server runs an old version of Samba :-), but after you have built your smb.conf, you can check for errors anyway with #: testparm or #: testparm -v (which will give you the defaults as well.

Here is the smb.conf code - NOTE - THIS IS NOT A COMPLETE SMB.CONF!!!

[Global]
min protocol = SMB2
ea support = yes
vfs objects = catia fruit streams_xattr  
fruit:aapl = yes
readdir_attr:aapl_rsize = yes
readdir_attr:aapl_finder_info = yes
readdir_attr:aapl_max_access = yes
fruit:nfs_aces = yes
fruit:copyfile= yes
fruit:metadata = netatalk
fruit:resource = file
fruit:locking = none
fruit:encoding = private
unix extensions = yes
fruit:model = MacSamba
spotlight = no 
smb2 max read = 8388608
smb2 max write = 8388608
smb2 max trans = 8388608
smb2 leases = yes
aio read size = 1
aio write size = 1
kernel oplocks = no
use sendfile = yes
strict sync = yes
sync always = no
delete veto files = true
fruit:posix_rename = yes 
fruit:veto_appledouble = yes
fruit:zero_file_id = yes
fruit:wipe_intentionally_left_blank_rfork = yes 
fruit:delete_empty_adfiles = yes 
disable netbios = yes
dns proxy = no
smb ports = 445
name resolve order = host bcast

[TimeMachineBackup]
vfs objects = catia fruit streams_xattr
fruit:time machine = yes
#  fruit:time machine max size = SIZE <<<<<
strict sync = yes
spotlight = no