But for the best performance, and 100% compatibility, the native client file sharing protocol is the right choice. So AFP is the best protocol for all Mac clients through OS X 10.8, SMB is the standard for Windows clients, and NFS is perfect between UNIX servers. With the release of OS X 10.9 “Mavericks”, Apple fully supports both SMB2 and AFP. Add username and password explicitely into the Cmd+K connect to server dialog: smb://myusername:mypassword@192.168.1.2/MyFiles; I assume this is a macOS SMB client issue. This issue will go away with reboot. I'd like to fix the issue without restarting macOS – how can I restart SMB.
The SMB server allows a native Oracle Solaris system to serve files, by means of SMB shares, to SMB enabled clients, such as Windows and Mac OS systems. A Windows client (or other SMB client) can interoperate with the SMB server as it would with a Windows server. An SMB server can operate in either workgroup mode or in domain mode. Earlier this year we received a number of reports from users that were unable to delete, move or rename documents on a new SMB file share. Eventually we were able to narrow it down enough to be able to consistently duplicate what they were seeing. It appears the SMB client in Mac OS X (10.11, 10.12 and possibly others) is overly aggressive with file locks. In Mac OS X 10.9 Apple is introducing support for SMBv2. They are also making SMB the standard protocol for Mac to Mac and Mac to Windows file transfers. AFP is being deprecated and will only be used when transferring files between clients 10.8 and below. Mac OS X 10.0 to 10.6 used the open source Samba package for SMB support.
Below are suggested parameters to use in smb.conf file of the Samba server to improve operability with Mac OS X clients.Note that some parameters may not work with your version of Samba - read the smb.conf and vfs_fruit man pages (on Linux) for your system.Other than those shown in the [TimeMachineBackup] share below, I recommend you include all parameters in the [Global] section of smb.conf. For ease of copy > paste, a clean smb.conf section is included at the bottom of this page.
Apple extensions ('AAPL') run under SMB2/3 protocol, make that the minimum (probably shouldn't be running SMB1 anyway...) - defaults to SMB2_2 in Samba 4.11+:
Apple extensions require support for extended attributes(xattr) - defaults to yes in Samba 4.9+:
Load in modules (order is critical!) and enable AAPL extensions:
How to store OS X metadata:
For additional setting see the manpage vfs_fruit.
Server icon in Finder (added in Samba 4.5):
File cleanup:
For Spotlight backend indexing using Elastisearch (added in Samba 4.12):
See smb.conf for 4.12 for other Elastisearch parameters.Gnome tracker is still available (= tracker) or no indexing (= noindex), the default.
For Time Machine backup share (added in Samba 4.8):
As far as I know, testparm will not validate vfs_fruit parameters. (my server runs an old version of Samba :-), but after you have built your smb.conf, you can check for errors anyway with #: testparm
or #: testparm -v
(which will give you the defaults as well.
Here is the smb.conf code - NOTE - THIS IS NOT A COMPLETE SMB.CONF!!!
From Finder, connect to your Samba server using 'smb://User@Server'.Note that TM backups over smb may now be possible with your server.Other Mac models can be found in '/System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist'. Use 'Quick Look', Xcode or plutil to view or convert plist.
Check your connection settings
Server Message Block (SMB) 3 is the default way to connect to a server in macOS. It requires the connection to perform a validate negotiate request after it authenticates. All SMB 3 sessions must be signed unless you connect as a guest or anonymously.
You might have a macOS file server that's an Open Directory client and is anonymously bound to a Lightweight Directory Access Protocol (LDAP) server. If so, use one of these methods to connect:
- When you connect to the LDAP server, use authenticated binding.
- Change the role of the file server to an Open Directory replica. This also sets up kerberos on your server.
- Disable validate negotiate requests on your client.
- Set up your SMB server or client to use only SMB 2.
Learn about session signing
Session signing in SMB 3 requires a bound computer to access the md4 (password) of every user in the directory server. As a result, SMB 3 grants client connections only to 'trusted' computers. These are computers that use directory administrator (diradmin) credentials to be authentication-bound (authbound).
Sometimes diradmin can’t authbind your server to the directory server that contains the accounts that you want your users to authenticate with. In this case, you can either disable the client's requests to validate negotiate, or adjust the server to accept only less secure SMB 2 connections. To do this, modify the SMB Server settings, the client's settings, or both.
Disable validate negotiate requests on your client
If you disable validate negotiate, you will increase susceptibility to man-in-the-middle attacks. You should disable validate negotiate requests only if both client and server are on a secured network.
To set the value of the validate_neg_off setting in the nsmb.conf file in the /etc directory, use a text editor or Terminal. For more client side SMB configuration options, see the man page for nsmb.conf.
When you configure an nsmb.conf to disable validate negotiate requests, here's what it looks like:
[default]
validate_neg_off=yes
Smb Client For Mac Os 10.10
Set your macOS server to deny SMB 3 connections
Validate negotiate requests are an SMB 3 feature that clients initiate. To prevent clients from making these requests, you can set your macOS server to accept only SMB 2 connections. A bit-field in server preferences controls Server Dialect. The keyword for this bit-field is ProtocolVersionMap. It uses only three bits:
Value | Meaning |
1 | Support SMB 1 |
2 | Support SMB 2 |
4 | Support SMB 3 |
To support multiple dialects, combine bits.
This example sets ProtocolVersionMap to allow SMB 2. To do this, it sets the ProtocolVersionMap to '2':
Smb Mac Os
sudo scutil --prefs com.apple.smb.server.plist
get /
d.add ProtocolVersionMap # 2
set /
Smb For Mac
commit
apply
Enable Smb On Mac
quit