[global] server max protocol = SMB3 interfaces = 127.0.0.1 192.168.1.100 bind interfaces only = yes encrypt passwords = yes dns proxy = no strict locking = no oplocks = yes deadtime = 15 max log size = 51200 max open files = 2826902 logging = file load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes getwd cache = yes guest account = nobody map to guest = Bad User obey pam restrictions = no ntlm auth = no directory name cache size = 0 kernel change notify = no panic action = /usr/local/libexec/samba/samba-backtrace nsupdate command = /usr/local/bin/samba-nsupdate -g ea support = yes store dos attributes = yes lm announce = yes time server = yes acl allow execute always = true dos filemode = yes multicast dns register = yes domain logons = no local master = yes idmap config *: backend = tdb idmap config *: range = 90000001-100000000 server role = standalone netbios name = SVR workgroup = WORKGROUP security = user pid directory = /var/run/samba create mask = 0666 directory mask = 0777 client ntlmv2 auth = yes dos charset = CP850 unix charset = UTF-8 log level = 10 # USER SETTINGS # SOCKETS socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE # SECURITY client use spnego = yes client ntlmv2 auth = yes client plaintext auth = no invalid users = root reject md5 clients = yes reject md5 servers = yes # WINS SETTINGS dns proxy = yes name resolve order = wins host bcast wins support = yes # cache current directory content getwd cache = yes # speed up SMB by not testing if same filename exists with different casing, when saving case sensitive = yes preserve case = yes short preserve case = yes # disable client side caching csc policy = disable # disable various DOS and OS/2 functions ea support = no # Preferred master - NetBIOS master browser controls preferred master = yes os level = 200 # Maximum number of simultaneous SMB operations that clients can make (dflt=50). Increase for busy PCs, VM servers etc. max mux = 500 # Time between checks for an inoperative client (secs) keepalive = 45 # don't mangle names (said to help win32/64 compatibility) mangled names = no # give PID as well as timestamp if debug enabled (in case running multiple threads) debug pid = yes # Fork SMB echo handler, so clients don't think we're dead if busy async smb echo handler = yes # Announce as SMB timekeeper - useful for SMB communication time server = yes # Allows non-owners able to write a file to to change its times dos filetimes = yes # freenas docs for SMB say this can improve write performance. use any multiple of 4k write cache size = 524288 # normally new files/dirs are owned by creator. This sets the owner/permissions to be inherited from the parent dir. Useful when it's public dir inherit owner = yes # Needed according to samba wiki for Windows ACLs global use: map acl inherit = yes # Check more username case variants to try and find a matching user when user connects. 0 means "try as-is and 1st char uppercased then fail", 1+ will progressively try more options. username level = 5 # Allow more efficient sendfile if able use sendfile = true # DISABLED OPTIONS TO REVIEW ONCE EVERYTHING ELSE IS STABLE. # store dos attributes - NOTE, LEAVE THIS AS DEFAULT FOR WINDOWS ACLs (PER SAMBA WIKI) # DISABLED UNTIL CLEAR IF NEEDED # map hidden = no # map archive = no # map system = no # security - users # deadtime = 15 # host msdfs = no # log each client # log file = /var/log/samba4/%m.log # max log size = 5000 # pkt size (65535 in older Samba, reduced to 16644 for compatibility with NT4/Win2000/WinForWorkgroups) # DISABLED - DON'T EXPERIMENT WITH THIS UNTIL STABLE OTHERWISE # max xmit = 65535 [Share X] # All shares have the same config as this: path = "/mnt/POOLNAME/DATASET_PATH" printable = no veto files = /.snapshot/.windows/.mac/.zfs/ writeable = yes browseable = yes recycle:repository = .recycle/%U recycle:keeptree = yes recycle:versions = yes recycle:touch = yes recycle:directory_mode = 0777 recycle:subdir_mode = 0700 vfs objects = zfs_space zfsacl streams_xattr recycle aio_pthread hide dot files = no hosts allow = 92.168.0.0/16 127.0.0.0/8 guest ok = no nfs4:mode = special nfs4:acedup = merge nfs4:chown = true zfsacl:acesort = dontcare