Operating Samba connected with macOS
- Install Samba into Ubuntu Linux OS
- Create the user ‘patine’ on Samba
- Mount filesystem with extended attribute
- Configure Samba with Basic Parameters
- [global] Section
- [homes] Section
- [storage] Section
- Configure Samba connected with macOS
- Configure for Time Machine on macOS
Configuring Samba was done with Ubuntu Linux OS and Raspberry Pi OS.
- The word “Ubuntu” means Ubuntu Linux OS and Raspberry Pi OS in this article.
- We prepare the user ‘patine’ on Ubuntu before installing Samba.
Install Samba into Ubuntu Linux OS
Install Samba with the apt package manager into Ubuntu.
apt install samba
Create the user ‘patine’ on Samba
Create the user ‘patine’ on the account database of Samba.
pdbedit -a patine
Samba asks for a passphrase when creating a new user.
Mount filesystem with extended attribute
Mount a filesystem on the storage directory with POSIX ACL and extended attributes. Ubuntu stores POSIX ACL in the extended attributes.
Select POSIX ACL, and store extended attributes in the dnode and the SA.
Linux supports POSIX ACL against NFSv4 ACL, and other platforms mainly support NFSv4 ACL, e.g., Oracle Solaris. The ZFS filesystem store extended attributes in the dnode and the SA (System Attributes), or a hidden directory.
xattrproperty on the storage ZFS dataset:
sudo zfs set acltype=posixacl storage.pool/storage sudo zfs set xattr=sa storage.pool/storage
Note: storage.pool is the name of a ZFS pool, storage is the name of a ZFS dataset on storage.pool.
Note: Those mount options are enabled in default.
ext4 filesystem is now supporting POSIX ACL and extended attributes, as known as
user_xattr. Mount an ext4 filesystem with the
user_xattrmount option with the /etc/fstab file.
Edit the /etc/fstab file as the following:
# <file system> <mount point> <type> <options> <dump> <pass> /dev/ubuntu-vg/storage /var/storage ext4 defaults,acl,user_xattr 0 2
Describe the fstab file like the
Configure Samba with Basic Parameters
Configure Samba by modifying the config file involved in itself.
The official documentation by samba.org for the config file (smb.conf) is on “smb.conf — The configuration file for the Samba suite.”
The config file format of Samba
Introduce the method of configuring Samba.
Modify the config file, /etc/samba/smb.conf, involved in Samba.
The config file has “Section” with brackets and some “Parameter” couples consisting of a name and a value.
# Begin a section [Section] # Describe a parameter of name and value Name = Value
The [global] section is the special section.
The parameters on the global effect other sections as a whole.
Modify and add the following parameters on the [global] section.
Modify the following parameters to avoid the guest account.
|map to guest||Never||Treatment of the guest account if user login failed.
‘Never’ is not map to the guest.
|guest ok||no||Enable the guest account login without a passphrase. ’no’ means require a passphrase on the guest account.
‘no’ is the default value on Samba Version 4.15.5 due to removing ‘guest ok’ from smb.conf.
|usershare allow guests||no||Enable the users who can create shares that non-authenticated users access.
’no’ means disable this.
Add the following parameter to disable anonymous access.
|restrict anonymous||2||The mode of accessing the SAMR and LSA DCERPC services.
‘2’ is to disable anonymous access and restrict access to SAMR, disallow anonymous connections to the IPC$ share.
Also, the [homes] section is the special section. Samba links the [homes] section with the user’s home directory on Ubuntu.
Modify the following parameters in the ‘homes’ section.
|read only||no||Only permit the directory to read. ‘yes’ means the users can only read, ’no’ means the users can write and read.|
|create mask||Do to comment out||Commented out for using the default value on Samba. A new file with Value permission. The default value is ‘0774’ that an owner and group members can fully access and others can only read.|
|directory mask||Do to comment out||Commented out for using the default value on Samba. A new directory with Value permission. The default value is ‘0775’ that an owner and group members can fully access and others can read and move on.|
|valid users||%S||Only ‘username’ can connect to \\<server>\<username>.|
The modifications mean that a user creates a file and directory with permission similar to it on the bash shell.
Samba serves a network directory with the name of the section.
Add the new [storage] section linked with the storage directory on which you mount the filesystem for sharing some files.
|path||/storage.pool/storage||Set an absolute local path to link the network directory. In this case, Samba links the storage network directory to the /storage.pool/storage local directory.|
|valid users||patine||Declare valid users. In this value, ‘patine’ is the only valid user.|
|access based share enum||yes||Permit only ‘valid users’ access to the directory or not. ‘yes’ means permit only ‘valid users’, ’no’ means do all users.|
|browseable||yes||The network directory can be browsable with an SMB client if the value is ‘yes,’ otherwise ’no’.|
|writable||yes||‘yes’ means the network directory can be writable. Otherwise, ’no.’|
The example of the storage section:
[storage] path = /storage.pool/storage valid users = patine access based share enum = yes browseable = yes writable = yes
Configure Samba connected with macOS
I suggest the configuration of Samba connected with macOS:
- Important: Choice the
fruit:resource = xattron the ZFS filesystem
fruit:resource = fileon the ext4 filesystem
- Disable weak crypto, MD5 and RC4.
- Disable ‘print service’ and RPC for Spotlight.
- Show AppleDouble files.
# disable crypto crypt require strong key = yes reject md5 clients = yes allow nt4 crypto = no # No print service. printcap name = /dev/null load printers = no printing = bsd # No RPC for Spotlight rpc_server:mdssvc = disabled rpc_daemon:spoolssd = disabled # vfs-fruit vfs objects = catia fruit streams_xattr # vfs-fruit GLOBAL OPTIONS fruit:model = MacSamba # fruit:copyfile = yes # vfs-fruit OPTIONS # fruit:resource = file fruit:metadata = netatalk fruit:locking = netatalk fruit:encoding = native # fruit:wipe_intentionally_left_blank_rfork = yes # fruit:delete_empty_adfiles = yes fruit:veto_appledouble = no
For your preferences:
fruit:copyfileif you need OS X specific copychunk ioctl.
fruit:delete_empty_adfilesmean that Samba removes unused resource fork.
Details of fruit Parameters are vfs-fruit — Enhanced OS X and Netatalk interoperability.
The Time Machine section
vfs objects and
fruit:time machine parameters into the timemachine section.
The details about
fruit:time machine are vfs-fruit — Enhanced OS X and Netatalk interoperability.
[timemachine] vfs objects = catia fruit streams_xattr path = /var/timemachine valid users = patine access based share enum = yes browseable = yes writable = yes fruit:time machine = yes fruit:time machine max size = 500G
Finder and Cyberduck
Apple’s Finder and Cyberduck, which transfers files on macOS:
- Cyberduck does on sftp most fast.
- Apple’s Finder does fast and succeeds on the other protocols.
I recommend Cyberduck on sftp with many files transfer and Finder on others.
In addition, I investigated the Finder.
I found the Finder transfers files slowly with the standard protocols, confirmed on Netatalk, NFSv4, sshfs, ftps, and sftp.
Commands on Ubuntu
- Add a user to Ubuntu
- Restart Samba service
systemctl restart smbd.service
- Show the Samba status
- Comfirm the smb.conf file
testparmreports “Weak crypto is allowed” in the bug of
Samba will release version 4.16 to include a fix, see more:
Hide the /lost+found/ directory
Configure the below Parameter if you hide the /lost+found/ directory at the root directory on the ext4 filesystem.
|veto files||/lost+found/||Hide directories and files. In this case, hide the /lost+found/ directory.|
Interesting Samba options
|min receivefile size (G)||Kernel writes received data to file buffer directly.|
|use sendfile (S)||Use more efficient
|root preexec (S)||Run a command when connected from someone.|
IBM PC compatible
- Samba Version 4.15.5 on Ubuntu Linux 22.04 LTS Server
- Samba Version 4.13.3 on Ubuntu Linux 21.04 Server
Raspberry Pi 4B Memory 2GB model
- Samba Version 4.13 on Raspberry Pi OS 64 bits Bullseye
- Samba Version 4.11 on Raspberry Pi OS 32 bits Buster
- smb.conf — The configuration file for the Samba suite
- vfs-fruit — Enhanced OS X and Netatalk interoperability