Recommendation for cross-platform sharing Apple/Windows

[Eldarik]

Hi,

I have to share a dataset (2.5 TB) to apple and windows users.
I've read a lot of reports about such projects within the last weeks, all telling the same. Apple support of SMB is quite broken. No spotlight search, no indexing, not able to extract zip archives on a SMB share.
Those are the issues we also ran into with our enterprise NAS (Netapp).

I then found a how-to which shared the dataset through AFP and SMB simultaneously with freeNAS.
I have also read, that this is not recommended.
I know of some problems which can occur like different filename conventions and windows users which cannot access incorrectly named files.
But at the moment this seems to be the only solution for me.

Can you tell me if spotlight indexing and zip-extraction and so on will work over SMB with freeNAS?

Thanks in advance,
Clemens

 

[Eldarik]

After setting up and running a bunch of tests, we found spotlight indexing not working with SMB.
Using AFP and SMB on the same dataset is not recommended.
So freeNAS seems to be not able to provide cross-platform shares with full funcionality to Apple/Windows users.

Should be stated somewhere on the website, so others can save their time instead of testing and doing implementation attempts.

 

[anodos]

After setting up and running a bunch of tests, we found spotlight indexing not working with SMB.
Using AFP and SMB on the same dataset is not recommended.
So freeNAS seems to be not able to provide cross-platform shares with full funcionality to Apple/Windows users.

Should be stated somewhere on the website, so others can save their time instead of testing and doing implementation attempts.

You can use AFP and SMB on same dataset. You will just need to make sure you have cross-protocol locking enabled and make sure that both protocols are storing OSX-specific metadata in the same way.

Spotlight support isn't currently enabled in FreeNAS because it depends on gnome-tracker, which pulls in a lot of dependencies.

 

[Eldarik]

Could you give me some hints how i can configure this?
Mac users will connect using afp only and windows users will connect using cifs only. Both need to have R/W permissions and are using AD-Credentials to connect.
Guest Access is disabled on both protocols.
I can't find anything regarding cross protocol file locking and i would use samba modules vfs_fruit and vfs_streams_xattr. Is this correct or will i run into major problems with that configuration?

Do i understand you right, that there should be no difference for apple users between connecting by SMB and connecting by AFP?
Spotlight is disabled on both protocols?
At the moment my users report much better search performance using AFP instead of SMB.

 

[DCswitch]

@anodos I'm looking for an answer to this is well. I have Apple and Windows machines that need to access the same data. What is the best way to do this?

 

[anodos]

@anodos I'm looking for an answer to this is well. I have Apple and Windows machines that need to access the same data. What is the best way to do this?

SMB.

 

[seanm]

I have Apple and Windows machines that need to access the same data. What is the best way to do this?

For sure use SMB, as it's the default file sharing protocol on both macOS and Windows. My office has users of all major platforms, here are some notes from my documentation about what I'm using:

For each share:

VFS objects:
zfs_space, streams_xattr, zfsacl - these are default on anyway.
catia - Improves Mac interoperability by translating characters that are unsupported by Windows
fruit - Enhances macOS support by providing the SMB2 AAPL extension

Aux parameters:
"nfs4:mode = simple" - this is what FreeNAS 11.3 will be using, and is needed to solve various permission issues under 11.2. [10]
"smb encrypt = required" - this forces encryption to be enabled by Samba (see [3])
"mangled names = illegal" - improves performance by not worrying about old DOS 8.3 style filenames. (see [4], [9])
"zfsacl:expose_snapdir=True" - this is so that the invisible .zfs/snapshot directory is accessible, allowing users to retrieve old/deleted files (see [7])
"veto files = /.windows/.mac/" - by default veto files includes these two already but also '.snapshot' and '.zfs', which need to be removed due to the above. (see [7])

[10] https://jira.ixsystems.com/browse/NAS-101685
[3] https://www.ixsystems.com/community...affic-be-forced-to-encrypt.30250/#post-329785
[4] https://www.ixsystems.com/community/resources/smb-tips-and-tricks.15/
[9] https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
[7] https://www.ixsystems.com/community/threads/how-to-access-zfs-snapshots-over-smb.69449/


In Services > SMB
Aux parameters:
server min protocol = SMB3_02 (disable old protocols to reduce attack surface, see [1])
disable netbios = yes (disable old netbios to reduce attack surface, see [2])
smb ports = 445 (remove netbios port 139, to reduce attack surface, see [2], [3])
fruit:nfs_aces = no (needed to solve various permission issues [4])

[1] https://www.ixsystems.com/community...-removed-from-smb-services.73442/#post-509432
[2] https://www.ixsystems.com/community/threads/freenas-11-2-u3-vulnerabilities.75353/page-2#post-524491
[3] https://jira.ixsystems.com/browse/NAS-101378
[4] https://jira.ixsystems.com/browse/NAS-101685