Default Samba settings for a modern network.

[Middling]

I'd like to preface my post by saying i'm no developer and don't understand half the Samba config options so may be talking out my ass here.

That being said, i'd like to start a discussion about the default Samba options in FreeNAS with a view to seeing 9.1 more suited to modern networks out of the box.

From this bug Jeremy Allison says that "max xmit" and "encrypt passwords" are legacy. Both appear in FreeNAS default smb.conf.

I'd like to see "max protocol = SMB2" included by default in FreeNAS 9.1. I'd also like to see "._*" and ".DS_Store" added to the list of "veto files" for shares. Extremely annoying when Macs spew crap on your shares.

As everything since Windows 2000 supports using DNS for name resolution instead of NetBIOS perhaps NetBIOS could default to disabled and be hidden behind an advanced button?

Not directly related to Samba, but an annoyance for me is Avahi's service entry for SMB. It's got a honking big "CIFS Shares on %h" where other service entries just use "%h" to advertise the hostname. Please, please, please get rid of the "CIFS Shares on " bit. The client computer already knows what the service is from the service type.

Anyway, those are just a few of my thoughts. Would be interested in others' opinions and suggestions for a modern config. Might be good to reach out the Samba developers and see what they suggest for a modern default config.

 

[cyberjock]

I'd like to preface my post by saying i'm no developer and don't understand half the Samba config options so may be talking out my ass here.

No offense, but as soon as I saw this I knew you would. FreeBSD isn't "simple" so most everyone finds they are talking out of their ass and don't even know it. My first few posts are embarassing, so don't go looking :)

That being said, i'd like to start a discussion about the default Samba options in FreeNAS with a view to seeing 9.1 more suited to modern networks out of the box.

From this bug Jeremy Allison says that "max xmit" and "encrypt passwords" are legacy. Both appear in FreeNAS default smb.conf.

You are sorta correct. The problem is that finding the actual defaults seems to be difficult to find. I've asked a few mods here and nobody knows where to actually get them. They do change from time to time too, so I'm not too surprised that "legacy" stuff may be found. I'd say its probably not too big of a deal considering its legacy to just leave it in. /shrug

I'd like to see "max protocol = SMB2" included by default in FreeNAS 9.1. I'd also like to see "._*" and ".DS_Store" added to the list of "veto files" for shares. Extremely annoying when Macs spew crap on your shares.

I agree 100% on the "max protocol = SMB2", except that it's already the default. I know this for a fact, it changed about 2-4 years ago if I remember correctly. Depending on what stuff you read they may recommend that setting because it wasn't the default for 2-3 years while it was in testing phase. But towards the end of the testing phase it was very stable and alot of people used it because the difference between SMB1 and SMB2 is enormous.

As for veto files, I don't agree with those. For one, Macs seem to be used less commonly than other OSes. And having a configuration that has default settings that hides stuff right off the bat that isn't FreeBSD standard is.. asking for trouble.. to say the least. I know the ._* could really be ugly in Windows as many files I deal with look just like that and would be filtered out. I don't have a problem adding a recommendation in the manual to use the vetos you mentioned if you use Macs, but making it the default adds unnecessary complexity for the majority of users that aren't using Macs. I'm not sure how effective it would be to mention those in the manual because so few people actually use the manual until they ask a dumb question and one of the moderators replies with "read the manual.. that'll answer all of your questions".

As everything since Windows 2000 supports using DNS for name resolution instead of NetBIOS perhaps NetBIOS could default to disabled and be hidden behind an advanced button?

I agree, but I don't. What are you really expecting to gain from disabling NetBIOS? I can't imagine leaving it on is using lots of CPU resources or RAM. If there's a measurable difference, I could be persuaded to agree. But NetBIOS is still used alot for some dumb reason, so I'm not sure if disabling it by default is really an improvement. The number of people that would see stuff break could be quite high.

Not directly related to Samba, but an annoyance for me is Avahi's service entry for SMB. It's got a honking big "CIFS Shares on %h" where other service entries just use "%h" to advertise the hostname. Please, please, please get rid of the "CIFS Shares on " bit. The client computer already knows what the service is from the service type.

In all honesty, if you want this changed I'd recommend you put a ticket in at support.freenas.org. It sounds like you know what needs to be edited to fix this issue. If you provide the modified file or a diff or something its quite possible it could be implemented in very short order(just a few days). I tend to agree that this change isn't necessarily "bad", and if it fixes some stuff then why not.

 

[Middling]

In 8.3.1p2 the settings for Samba are in /usr/local/etc/smb.conf.

I'm pretty sure the SMB2 isn't enabled by default. According to this it needs to be enabled by "max protocol = SMB2" and out of the box FreeNAS doesn't include that in its smb.conf. It's entirely possible that SMB2 was switched on by default in a later Samba 3.6.x release and just not mentioned on that page.

Unfortunately there doesn't seem to be a simple way of telling if a connection is using SMB2 or not. There was a brief mention of adding such information to smbstatus, but i don't think it ever came to anything.

Of course, SMB2 might be the default in Samba 4.0 and if FreeNAS 9.1 is going to use that, great.

I kind of agree with you about vetoing files, i just figured that since it's already vetoing .snap, .windows, and .zfs files, a few Mac specific files wouldn't hurt.

 

[cyberjock]

No, I promise you, SMB2 is the default. Its virtually impossible to get above about 40MB/sec even with 0ms of latency with SMB1. If you go back and look at forums from when Vista came out and find reviews that included benchmarks you'll see that they were able to hit over 100MB/sec while SMB1 was limited to 35 or so. Also, I've sniffed the traffic and it was SMB2. I asked some questions about SMB2 back in April 2012.

As for your link, that's one of several places that made me think max protocol = smb2 was required back in April 2012. Now you see why there's so much frustration over what you should and shouldn't use. That entry is also dated from 2011. The problem is that there is no one-stop-shop to see what is the defaults for all of the settings. And if Samba is anything like FreeNAS(and most other projects), not every single change is documented in the release notes. So you can't even trust the release notes to tell you that SMB2 is the new default.

Read this thread, in particular posts 11 & 13 in that thread. I tested both SMB1 and SMB2 and again confirmed that SMB2 is the default in February based on performance testing. While I could maybe let you argue that SMB2 isn't the default in Samba since I couldn't find the post in the samba forums where a developer mentioned it was the default now it is absolutely most certainly the default in FreeNAS and has been for at least 16 months.

SMB2 is near and dear to my heart because I started using Gb LAN back when your 8 port switch was over $1500 and the NICs were over $200 each. I was thrilled to finally be able to get high speeds. But then I was horrible disappointed to find that I couldn't copy files faster than about 35-40MB/sec no matter what I did. I could even copy from a ramdrive on the server to a ramdrive on the client and still be limited to 40MB/sec. I was more than a little pissed after the amount of money I had spent and reading online everyone was talking about how SMB in Windows(there was no Vista yet) was slow and if you used NFS then things would be much faster. Unfortunately NFS wasn't an option for me back then. Vista was the first Windows OS to introduce SMB2 and I refused to install that excuse-for-an-OS and kept Windows XP until Windows 7 came out.