Configuring Samba for macOS

By Patineboot

29, June 2021 / Update 26, November 2021 - 7 minutes read - 1309 words

The common crane brings its leg up and down, walks around step by step.

Abstract

Install Samba into Ubuntu.
Create ‘patine’ user on Samba.
Mount filesystem with extended attribute.
Configure Samba with Basic Parameters.
1. [global] Section.
2. [homes] Section.
3. [public] Section.
Configure Samba for macOS.
1. ‘Path Finder’ instead of ‘Finder’.
Misc.
1. Configure for Time Machine on macOS.
Environment.
Reference.

Configuring Samba was done with Ubuntu Linux OS and Raspberry Pi OS.

The word “Ubuntu” means Ubuntu Linux OS and Raspberry Pi OS in this article.
We prepare the user ‘patine’ on Ubuntu before installing Samba.

Install Samba into Ubuntu Linux OS

Install Samba with the apt package manager into Ubuntu.

sudo apt install samba

Create the user ‘patine’ on Samba

Create the user ‘patine’ on the account database of Samba.

pdbedit -a patine

Samba asks for a passphrase when creating a new user.

Mount filesystem with extended attribute

Mount a filesystem on the public directory with an extended attribute option.

ext4 filesystem.

IMPORTANT: These mount options are enabled in default.

Linux and ext4 filesystem are now supporting POSIX ACL and extended attributes, as known as acl and user_xattr. Mount a ext4 file system with the user_xattr mount option by editing the /etc/fstab file.

Edit the /etc/fstab file as the following:
```
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/ubuntu-vg/public /var/public ext4 defaults,acl,user_xattr 0 2
```
Describe the fstab file like the mount command options.

Note: The extra acl option means to use draft POSIX ACL on the filesystem.
ZFS filesystem.

Select POSIX ACL and store extended attributes into inode of ZFS filesystem.

On ‘zfs-pool’ is the name of the zpool, ‘public’ is the name of the dataset. Set acltype on posixacl and sa on xattr property in the dataset of the zpool like:
```
sudo zfs set acltype=posixacl zfs-pool/public
sudo zfs set xattr=sa zfs-pool/public
```

Configure Samba with Basic Parameters

Configure Samba by modifying the config file involved in itself.

The official documentation by samba.org for the config file(smb.conf) is on “smb.conf — The configuration file for the Samba suite.”

The config file format of Samba

Introduce the method of configuring Samba.

Modify the config file, /etc/samba/smb.conf, involved in Samba.

The config file has “Section” with brackets and some “Parameter” couples consisting of a name and a value.

# Begin a section
[Section]
    # Describe a parameter of name and value
    Name = Value

[global] Section

The ‘global’ section is the special section. The parameters on the ‘global’ effect other sections as a whole.

Modify the following parameters in the ‘global’ section.

Name	Value	Description
map to guest	Never	Treatment of the guest account if user login failed. ‘Never’ is not map to the guest.
guest ok	no	Enable the guest account login without a passphrase. ’no’ means require a passphrase on the guest account.

The modifications mean that the guest account is void.

[homes] Section

Also, the ‘homes’ section is the special section. Samba links the ‘homes’ section with the user’s home directory on Ubuntu.

Modify the following parameters in the ‘homes’ section.

Name	Value	Description
read only	no	Only permit the directory to read. ‘yes’ means the users can only read, ’no’ means the users can write and read.
create mask	Do to comment out	Commented out for using the default value on Samba. A new file with Value permission. The default value is ‘0744’ that an owner can fully access and others can only read.
directory mask	Do to comment out	Commented out for using the default value on Samba. A new directory with Value permission. The default value is ‘0755’ that an owner can fully access and others can read and move on.

The modifications mean that a user creates a file and directory with permission similar to it on the bash shell.

[public] Section

Samba serves a network directory with the name of the section.

Add the new [public] section linked with the ‘public’ directory on which you mount the filesystem for sharing some files.

Name	Value	Description
path	/zfs-pool/public	Set an absolute local path to link the network directory. In this case, Samba links the public network directory to the /zfs-pool/public local directory.
valid users	patine	Declare valid users. In this value, ‘patine’ is the only valid user.
access based share enum	yes	Permit only ‘valid users’ access to the directory or not. ‘yes’ means permit only ‘valid users’, ’no’ means do all users.
browseable	yes	The network directory can be browsable with an SMB client if the value is ‘yes,’ otherwise ’no’.
writable	yes	‘yes’ means the network directory can be writable. Otherwise, ’no.’

Configure Samba for macOS

Patineboot proposes the configuration of Samba for macOS:

IMPORTANT: Choice ‘file’ for the ext4 filesystem or ‘stream’ for the ZFS filesystem on ‘fruit:resource.’
Disable ‘print service’ and RPC for Spotlight.
Show AppleDouble files.

   # No print service.
   printcap name = /dev/null  
   load printers = no
   printing = bsd

   # No RPC for Spotlight
   rpc_server:mdssvc = disabled
   rpc_daemon:spoolssd = disabled

   # vfs_fruit
   vfs objects = catia fruit streams_xattr

   # vfs_fruit GLOBAL OPTIONS
   fruit:model = MacSamba
   # fruit:copyfile = yes

   # vfs_fruit OPTIONS
   # fruit:resource = file
   fruit:metadata = netatalk
   fruit:locking = netatalk
   fruit:encoding = native

   # fruit:wipe_intentionally_left_blank_rfork = yes
   # fruit:delete_empty_adfiles = yes

   fruit:veto_appledouble = no

For your preferences:

Enable ‘fruit:copyfile’ if you need OS X specific copychunk ioctl.
Enable ‘fruit:wipe_intentionally_left_blank_rfork’ and ‘fruit:delete_empty_adfiles’ mean that Samba removes unused resource fork.

Details of fruit Parameters are vfs_fruit — Enhanced OS X and Netatalk interoperability.

‘Path Finder’ instead of the ‘Finder’

Patineboot recommends that you can use the ‘Path Finder’ app instead of Apple’s the ‘Finder’ on macOS. The Finder at file transfer client does not work with Samba or other network protocols.

The Finder has a slow transfer and corruption with the SMB protocol.

The Finder’s terrible behavior with the SMB client:

The Finder trans files very slowly.
The Finder needs 4 hours or more on the 6160 files, but ‘Path Finder’ consumes only 2 minutes.
The Finder has a critical bug. The Finder fails in a file transfer that a UTF-8 encoded name length of 127 bytes or more at the absolute path.
See more the Finder’s terrible behaviors.
See more details on Patineboot’s weblog: Finderで、SambaとNFSv4サーバーに接続！

In addition, Patineboot investigates the Finder.

Patineboot found the Finder transfers files very slowly with the standard protocols, confirmed on Netatalk, NFSv4, sshfs, ftps, and sftp. Patineboot thinks that Apple confirms that the Finder connects only to Apple’s products.

Other solutions of file transfer on macOS.

Path Finder transfers files fast and succeeds.
Cyberduck does on sftp most fast.

Misc

Commands on Ubuntu

Add a user to Ubuntu

adduser patine

Restart Samba service

sudo systemctl restart smbd.service

Hide the /lost+found/ directory

Configure the below Parameter if you hide the /lost+found/ directory at the root directory on the ext4 filesystem.

Name	Value	Description
veto files	/lost+found/	Hide directories and files. In this case, hide the /lost+found/ directory.

Interesting Samba options

Option	Description
min receivefile size (G)	Kernel writes received data to file buffer directly.
use sendfile (S)	Use more efficient `sendfile` system call.
root preexec (S)	Run a command when connected from someone.

Configure for Time Machine on macOS

Add the ‘vfs objects’ and ‘fruit:time machine’ parameters into the ’timemachine’ section.

The details about ‘fruit:time machine’ are vfs_fruit — Enhanced OS X and Netatalk interoperability.

[timemachine]
    vfs objects = catia fruit streams_xattr

    path = /var/timemachine
    valid users = patine

    access based share enum = yes
    browseable = yes

    writable = yes
    fruit:time machine = yes
    fruit:time machine max size = 500G

Environment

IBM PC compatible
- Ubuntu Linux 21.4 Server
- Samba Version 4.13.3-Ubuntu
Raspberry Pi 4 Memory 2GB model
- 64 bit
  - Raspberry Pi OS 64 bit Bullseye
  - Samba Version 4.13
- 32 bit
  - Raspberry Pi OS 32 bit Buster
  - Samba Version 4.11

Reference

samba.org
- smb.conf — The configuration file for the Samba suite
- vfs_fruit — Enhanced OS X and Netatalk interoperability
Sambaの環境構築手順 - Qiita
https://qiita.com/hana_shin/items/e768ef63bdeeef3ada39

Configuring-Samba-macOS