Jump to content

Feature Request Custom SMB with out Unraids Default Config options.


Go to solution Solved by bmartino1,

Recommended Posts

 

I would like to request a Major overhead to Samba. I would like to have lime tech Unraid implement a disable Unraids Default smb.conf

this can be accomplished by having another line in smb.conf with include unraid-smb.conf located under the config folder.

 

The smb.conf would only have included conf file for exta-conf and unraid-smb.conf and shares.conf

 

this way we can add a GUI option that would # out unraid-smb.conf with a warning for advance users only.
Then advance users can add their own 

[global] option to the extra config in the web gui.

 

I would just delete the smb.conf under /boot but its a persistent file. Otherwise, as per other forum clients. extra should by default trump unraids default options.

Link to comment
1 hour ago, bmartino1 said:

 

I would like to request a Major overhead to Samba. I would like to have lime tech Unraid implement a disable Unraids Default smb.conf

this can be accomplished by having another line in smb.conf with include unraid-smb.conf located under the config folder.

 

The smb.conf would only have included conf file for exta-conf and unraid-smb.conf and shares.conf

 

this way we can add a GUI option that would # out unraid-smb.conf with a warning for advance users only.
Then advance users can add their own 

[global] option to the extra config in the web gui.

 

I would just delete the smb.conf under /boot but its a persistent file. Otherwise, as per other forum clients. extra should by default trump unraids default options.

 

 

I ended up implementing this my own way inside of Unraid since I needed the additional functionality this brings. It's pretty easy to do, actually.

In /boot/config/go, I added this line:
 

until [ -f /etc/samba/smb.conf ]; do sleep 1; done && echo "\tinclude = /boot/config/smb-override.conf" >> /etc/samba/smb.conf

 

Then I added my custom samba changes to /etc/samba/smb.conf.

 

What the above does is:

  1. Wait for Unraid's smb.conf to be present in the ramdisk (realistically it already should be by the time this executes - but we need to be certain so we check, and wait if not).
  2. Append a line saying to include /boot/config/smb-override.conf after the include for smb-shares.conf which is generated by unraid.

Samba processes these config files from top to bottom, and includes are processed inline. This means anything declared in the first include happens there, then the second, then the third, and each of those respective files is processed from top to bottom completely when samba stitches the configurations together. This is good for us, since we can now override any per-share settings we want to, or create additional shares outside of what Unraid provides.

 

  • Like 1
Link to comment

Awesome, thank you for this, I will definetly test, and try to implement this.

 

As long as I pre-make a smb-override.conf and store in /boot the flash drive. As was debating on trying to find the commands to overwrite a file, but didn't known where in the boot process, if I need to restart the samba service if the file was overwritten.

Link to comment

Sadly, this did not work. all this did was include my override, i explicitly want to set different samba settings that unraid decided should be set.


With the go file to suposedly repace this smb conf... i still don't have my smb config...

root@BMM-Unraid:/etc/samba# cat smb.conf 
[global]
        # configurable identification
        include = /etc/samba/smb-names.conf

        # log stuff only to syslog
        logging = syslog@0

        # we don't do printers
        show add printer wizard = No
        disable spoolss = Yes
        load printers = No
        printing = bsd
        printcap name = /dev/null

        # disable aio by default
        aio read size = 0
        aio write size = 0

        # misc.
        invalid users = root
        unix extensions = No
        wide links = Yes
        use sendfile = Yes
        host msdfs = No

        # ease upgrades from Samba 3.6
        acl allow execute always = Yes
        # permit NTLMv1 authentication
        ntlm auth = Yes

        # default global fruit settings:
        #fruit:aapl = Yes
        #fruit:nfs_aces = Yes
        fruit:nfs_aces = No
        #fruit:copyfile = No
        #fruit:model = MacSamba

        # hook for user-defined samba config
        include = /boot/config/smb-extra.conf

[global]
        # hook for unassigned devices shares
        include = /etc/samba/smb-unassigned.conf

        # auto-configured shares
        include = /etc/samba/smb-shares.conf
\tinclude = /boot/config/smb-override.conf
root@BMM-Unraid:/etc/samba# 

 

FYI Default smb config for noting when using the unraid plugin as well.

 

Default before go file and reboot

root@BMM-Unraid:/etc/samba# ls
lmhosts  smb-fruit.conf  smb-names.conf  smb-shares.conf  smb-unassigned.conf  smb.conf
root@BMM-Unraid:/etc/samba# cat smb.conf 
[global]
        # configurable identification
        include = /etc/samba/smb-names.conf

        # log stuff only to syslog
        logging = syslog@0

        # we don't do printers
        show add printer wizard = No
        disable spoolss = Yes
        load printers = No
        printing = bsd
        printcap name = /dev/null

        # disable aio by default
        aio read size = 0
        aio write size = 0

        # misc.
        invalid users = root
        unix extensions = No
        wide links = Yes
        use sendfile = Yes
        host msdfs = No

        # ease upgrades from Samba 3.6
        acl allow execute always = Yes
        # permit NTLMv1 authentication
        ntlm auth = Yes

        # default global fruit settings:
        #fruit:aapl = Yes
        #fruit:nfs_aces = Yes
        fruit:nfs_aces = No
        #fruit:copyfile = No
        #fruit:model = MacSamba

        # hook for user-defined samba config
        include = /boot/config/smb-extra.conf

[global]
        # hook for unassigned devices shares
        include = /etc/samba/smb-unassigned.conf

        # auto-configured shares
        include = /etc/samba/smb-shares.conf
root@BMM-Unraid:/etc/samba# 

 

 

the smb conf i want implemented:

root@BMM-Unraid:/boot/config# cat smb-override.conf
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba, 
# read the Samba-HOWTO-Collection. This may be obtained from:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the 
# Samba-Guide which is generated daily and can be downloaded from: 
# http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors. 
#
#======================= Global Settings =====================================
[global]

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;include = /usr/local/samba/lib/smb.conf.%m

#UnRaid Default Configurable Identification
#cat /etc/samba/smb-names.conf
#Generated names
netbios name = BMM-Unraid
server string = VM - Docker Server
hide dot files = no
server multi channel support = yes
max open files = 40960
multicast dns register = No
disable netbios = No
local master = yes
os level = 200
security = USER
workgroup = WORKGROUP
map to guest = Bad User
passdb backend = smbpasswd
idmap config * : backend = tdb
idmap config * : range = 3000-7999
create mask = 0777
directory mask = 0777
bind interfaces only = yes
local master = yes
#######
#Unraid smb.conf settings
logging = syslog@0
# we don't do printers
show add printer wizard = No
disable spoolss = Yes
load printers = No
printing = bsd
printcap name = /dev/null
###########
#Unknown Fruit Conf never included in smb.conf ... cat /etc/samba/smb-fruit.conf 
fruit:nfs_aces = No
vfs objects = catia fruit streams_xattr
fruit:encoding = native
##########

#========Other Settings that should be set
#Domain/AD Server Settings
dns proxy = no 
preferred master = yes
server role = standalone server
name resolve order = bcast host lmhosts wins
winbind request timeout = 5

#File Path / share Settings
follow symlinks = yes
unix extensions = No
wide links = Yes

map to guest = Bad User
guest account = nobody
guest ok = Yes
#force group = nogroup
#force user = nobody

case sensitive = True
default case = lower
preserve case = yes
short preserve case = yes

acl allow execute always = Yes
map hidden = Yes
map system = Yes

#Performance tuning
smbd max xattr size = 2097152
#posix locking = No
read raw = yes
write raw = yes
use sendfile = Yes

        #v -Warning Know your Numbers!
#socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
        #^ -Warning Know your Numbers!

#UnRaid disabled aio by default
aio read size = 0
aio write size = 0

#min receivefile size = 16384
#aio read size = 16384
#aio write size = 16384


#Needed by some Windows installs server sign auto
server signing = auto
#server signing = no
strict locking = no

*Use NT1 for win 95 and older connections... samba shuold be using smb2 fix crypt...
#old win95 access samba area: NT1 and needs ntlm
ntlm auth = yes
ntlm auth = ntlmv1-permitted
#server min protocol = NT1
server min protocol = SMB2

#Control client and Protcal access
#client min protocol = SMB2
#client max protocol = SMB3
#Note null passwords is depreciated but need for empty passwords form ayno and guest user
null passwords = Yes

#Apple SMB2 samba File Settings

fruit:encoding = native
fruit:zero_file_id = false
fruit:nfs_aces = false
fruit:nfs_aces = No
rpc_server:mdssvc = disabled
rpc_daemon:mdssd = disabled
fruit:encoding = native
fruit:time machine max size = 0 #Unlimted
fruit:time machine = True
fruit:resource = stream
fruit:metadata = stream
vfs objects = catia fruit streams_xattr

#======================= Global Notes if using as Domain Controller ==============
# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone sever" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
;domain master = yes

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;hosts allow = 192.168.1. 192.168.2. 127.

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;guest account = pcguest

# Specifies the Kerberos or Active Directory realm the host is part of
;realm = MY_REALM

# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.
;passdb backend = tdbsam

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one  WINS Server on the network. The default is NO.
;wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
dns proxy = no 

# These scripts are used on a domain controller or stand-alone 
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g

#============================ Share Definitions ==============================
#Samba as Primary Domain Controller
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes

# NOTE: If you have a BSD-style print system there is no need to 
# specifically define each individual printer
;[printers]
;   comment = All Printers
;   path = /usr/spool/samba
;   browseable = no
# Set public = yes to allow user 'guest account' to print
;   guest ok = no
;   writable = no
;   printable = yes


# hook for user-defined samba config
include = /boot/config/smb-extra.conf

[global]
        # hook for unassigned devices shares
        include = /etc/samba/smb-unassigned.conf

        # auto-configured shares
        include = /etc/samba/smb-shares.conf
root@BMM-Unraid:/boot/config# 

Edited by bmartino1
fix notes feature request still needed.
Link to comment

the go comand should be more like

 

  GNU nano 7.2                                                            go                                                            Modified  
#!/bin/bash
# Start the Management Utility
/usr/local/sbin/emhttp &


until [ -f /etc/samba/smb.conf ]; rm /etc/samba/smb.conf && do sleep 1
until [ -f /etc/samba/smb.conf ]; do sleep 1; done && cp /boot/config/smb-override.conf  /etc/samba/smb.conf
#restart samba...
#until [ -f /etc/samba/smb.conf ]; 

 

##################################################

 

The problem is restarting samb service to run my SMB conf...

 

root@BMM-Unraid:/boot/config# systemctl smbd restart
bash: systemctl: command not found
root@BMM-Unraid:/boot/config# /etc/rd.d/rc.samba restart  
bash: /etc/rd.d/rc.samba: No such file or directory
root@BMM-Unraid:/boot/config# /etc/init.d/samba restart
bash: /etc/init.d/samba: No such file or directory
root@BMM-Unraid:/boot/config# service smbd restart
bash: service: command not found
root@BMM-Unraid:/boot/config# systemctl restart smbd
bash: systemctl: command not found
 

so whats the comand to restart the samba service?

Edited by bmartino1
Link to comment

testing solutions with go file

 

#!/bin/bash
# Start the Management Utility
/usr/local/sbin/emhttp &

do sleep 60; rm /etc/samba/smb.conf && do sleep 1; cp /boot/config/smb-override.conf /etc/samba/smb.conf && do sleep 1
until [ -f /etc/samba/smb.conf ]; /etc/rc.d/rc.samba restart

 

Thank you dlandon

When this happens, go to a command line and do this command:

/etc/rc.d/rc.samba restart

and see if SMB will work.

 

as this did restart samba. If i need to use user script at start of array and have a sh script instead

 

User script sh file...

sleep 30

rm /etc/samba/smb.conf

cp /boot/config/smb-override.conf /etc/samba/smb.conf

/etc/rc.d/rc.samba restart

 

Edited by bmartino1
Link to comment

In theory, anything added to the smb-override.conf with my example should override anything already set in the smb.conf, since it's under a [global] header.
`chkconfig` would verify that. I personally only use it to override settings within shares, and not parent samba settings. You shouldn't need to restart samba with the change being made in the `go` file since the samba service isn't started until after the array start, and the smb.conf file is created long before the disks are mounted, even with an unencrypted array.

 

Either way, I'm glad this helped you find a solution that works for you, and I'm glad you shared the result of your efforts. More options. More open. More flexibility!

  • Thanks 1
Link to comment

it did not at best it added an include(Which is the same as me adding that to the exta smb config via the gui) and kept unraid default options that I wanted to remove.

 

I had to user the plugin user scripts to remove the etc/samba/smb config replace it with my own and restart the samb service...

the SMB config on unraid is all over the place...

Link to comment
  • 2 weeks later...
  • Solution

Rant - Notes and Finally some words...

Since this is kinda not really supported and can be done. I still think it's a good note / feature request.

Assuming Unraid maintains certain settings in their /etc/samba folder for configs from the web gui. 
As web gui share information should only contain share data, same as identification data should only contain that data...
*Now I can properly tell samba to be the true local master non ad with ad settings and controls. Re-enable root user login and fix some setting that I want to run on my samba network.

This is my completed samba config for future reference:
it is recommended that you cat your setting before making the smb-override.conf on the USB command:

#cat /etc/samba/smb-names.conf and replace settings in this smb config. This config works for Windows 7 - 11 samba and Apple OS 10.15 and higher using the more secure smb2 protocol (which has some problems and will eventually be upgraded to smb3).

This config also maintains the use of the web GUI shares. But this config Breaks the identification as it can't be called as Unraid devs decided to put some samba setting in that config. So instead of being able to include, it would be easier to cat that config after you have set up the settings and find replace in this SMB config below.
 

root@BMM-Unraid:/boot/config# cat smb-override.conf 

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba, 
# read the Samba-HOWTO-Collection. This may be obtained from:
#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the 
# Samba-Guide which is generated daily and can be downloaded from: 
#  http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors. 
#
#======================= Global Settings =====================================
[global]

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;include = /boot/config/smb-permachine.conf.%m


#Unraid settings we want to keep...

########
#Unraid identity settings that you need to update and change... settings to carry over
# Generated names
netbios name = YouUnraidNamer Defauilt Tower
server string = RouterVM - Samba Server
hide dot files = no
server multi channel support = yes
max open files = 40960
multicast dns register = No
disable netbios = No
local master = yes
os level = 200
security = USER
workgroup = WORKGROUP
map to guest = Bad User
passdb backend = smbpasswd
;null passwords = Yes
idmap config * : backend = tdb
idmap config * : range = 3000-7999
create mask = 0777
directory mask = 0777
bind interfaces only = yes

#bind to interface is all we need... ip / interface name need in advace config with more than 3 adapters on a single host outside of bond / bridge of the nic adapters...
;interfaces = 192.168.1.2 127.0.0.1

#Unriad uses Backwards compatible lib pam for samba...
# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.
;passdb backend = tdbsam

#Unraid smb.conf settings to carry over... cat /etc/samba/smb.conf
logging = syslog@0
# we don't do printers
show add printer wizard = No
disable spoolss = Yes
load printers = No
printing = bsd
printcap name = /dev/null

###########
#Unriad Unknown / Old Apple Fruit Conf... cat /etc/samba/smb-fruit.conf 
;fruit:nfs_aces = No
;vfs objects = catia fruit streams_xattr
;fruit:encoding = native

##########

#OSX Apple SMB2 samba File Settings Fix:
fruit:encoding = native
fruit:zero_file_id = false
fruit:nfs_aces = false
fruit:nfs_aces = No
rpc_server:mdssvc = disabled
rpc_daemon:mdssd = disabled
fruit:encoding = native
fruit:time machine max size = 0 #Unlimted
fruit:time machine = True
fruit:resource = stream
fruit:metadata = stream
vfs objects = catia fruit streams_xattr


#========Other Settings that should be set (Some set by default named to guarantee this option...)

#Domain/AD Server Settings

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone sever" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
;domain master = yes
server role = standalone server
# Specifies the Kerberos or Active Directory realm the host is part of
;realm = MY_REALM

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
dns proxy = no 
preferred master = yes
name resolve order = bcast host lmhosts wins
winbind request timeout = 5

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one  WINS Server on the network. The default is NO.
;wins proxy = yes

#Needed by some Windows installs server sign auto
#server signing = no
server signing = auto
strict locking = no

####Deprecating and securing settings:
#old win95 and nt systems will neet NT1 for access to samba: NT1 and needs ntlm auth...
#ntlm auth = yes
#server min protocol = NT1

#Recomend Secure it more settings...
ntlm auth = ntlmv1-permitted
server min protocol = SMB2

#Control Client and Access
#client min protocol = SMB2
#client max protocol = SMB3

#Depreciated but some may still need it... carry over from nt1
#lanman auth = no #lanman auth may no longer work...
#null passwords = Yes #null passwords may not work...

#File Path / Share Settings / Permission Access fixes
follow symlinks = yes
unix extensions = No
wide links = Yes
case sensitive = True
default case = lower
preserve case = yes
short preserve case = yes
guest ok = Yes
acl allow execute always = Yes
map hidden = Yes
map system = Yes
#posix locking = No


#Guest Account needs to be defined this is a permission access issue and file permission set when windows/apple makes a unix file permission on unraid!
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
guest account = nobody


#These should be set at share level...
#force group = nogroup
#force user = nobody

#========Other Settings that should lookup and inspect for Performance tuning [increase and saturate your network for higher and faster file copying]
        #v -Warning Know your Numbers!
#socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
        #^ -Warning Know your Numbers!

smbd max xattr size = 2097152
read raw = yes
write raw = yes
use sendfile = Yes

#UnRaid disabled aio by default [ 0 = unlimited]
aio read size = 0
aio write size = 0

#min receivefile size = 16384
#aio read size = 16384
#aio write size = 16384

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;logon path = \\%L\Profiles\%U

# These scripts are used on a domain controller or stand-alone 
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g

#============================ Share Definitions and Notes ==============================
#Samba as Primary Domain Controller make a share sambadc and make 2 folders netlogon and profiles...
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /mnt/usrs/sambadc/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no

# Un-comment the following to provide a specific roaming profile shares
# the default is to use the user's home directory
;[Profiles]
;   path = /mnt/usrs/sambadc/profiles
;    browseable = no
;    guest ok = yes

# NOTE: If you have a BSD-style print system there is no need to 
# specifically define each individual printer
;[printers]
;   comment = All Printers
;   path = /usr/spool/samba
;   browseable = no
;   writable = no
;   printable = yes
# Set public = yes to allow user 'guest account' to print
;   guest ok = no
#^Printers disabled at Global settings... Saved for thoese who want samba to also be the printer server...

#Restore Other Plugins
# hook for user-defined samba config
include = /boot/config/smb-extra.conf

[global]
        # hook for unassigned devices shares
        include = /etc/samba/smb-unassigned.conf

        # auto-configured shares
        include = /etc/samba/smb-shares.conf



To have this smb config take effect, you will need to install the user script plugin from the community apps page:
image.thumb.png.c5611149e95647b267fdc5d0cfa86701.png

This is my script that I found to work to allow unraid to generate its SMB config, then we remove that config and replace it with our own. We have the script run at array startup to replace the file to maintain settings and not break other places.

image.thumb.png.37a0ac3475b7ef9cd0c169e06e2f87ab.png

Script to remove and replace
 

#!/bin/bash
sleep 30
rm /etc/samba/smb.conf
cp /boot/config/smb-override.conf /etc/samba/smb.conf
/etc/rc.d/rc.samba restart


Before running the script you can confirm it replaces as you can run samba testparm to see the before and after.

If testparm didn't run or error there, you must review your smb-overide script and fix any syntax / errors. Then run the script again.
testparm etc...


Some final notes:
This has been stable and fixed for my network needs for over 2 weeks. And is stable Enough to make share web gui changes.... This doesn't fix the terparm notice for weak crypto. But enables and fixes other settings and actions I require on a network to file share without issues. It is a dry read, but I highly recommend looking over the many smb options a config can have.

With samba, config placement and ordering is everything! Hope Unraid Devs clean up and move non webgui settings out of the weird smb config files in samba to make an easier include for the future.

Notes for Unraid Devs:
Not sure what was going on in apple past / unraid evolution of samba for apple to have the old fruits: "smb-fruit.conf". < this config is no longer beign called form what i can tell...
Quite a few commands we want and don't want in smb-names.conf most of these setting have no business being in this config and SHOULD be in the main smb config....

Unraid's SMB web gui and shares is quite well done: the smb-shares.conf is perfect the way it is. this must be called at the end of the smb config to close the global option
*Placement is everything... -- Plugins and addons may have an echo command attached to add at the end of the smb conf. I also run the unattended disk plugin and to use its shares we must add its include to have disk mount shares... Since the plugin adds this data at boot, and we remove, we need to add the plugins data to the smb-overide command as that is where it would have been...

Community:
This should also help other clients and user to leverage samba and the vpn / domain controller for ldap purposes... <Thats a entire different smb config and setting change!

Since we don't have a normal package manager (from what I can tell of the kernel unraid sits closely related to the Debian environment) and the fact that we are missing libs to run LDAP stuff.... we may never have full DC/ldap support.

Similar libs are missing to leverage python scripts and database for web scrapes. All in all Unraids SMB is not bad and ONLY ADVANCE SYSTEM USERS should attempt to edit and maintain their own smb config. Breaking this can break many other things within unraid!

This may break in future release on unraid. AS of writing, this has been tested in latest stable 6.12.6 and found to be working...

Edited by bmartino1
clean up smb conf and fix spelling
Link to comment
  • 4 weeks later...
Posted (edited)

Upgraded to unriad v6.12.8. Glad the devs used some of the samba config options and fixed quite a bit.

 

Here is my updated - cleaned up config that I run and seems to be stable.

 

#
#======================= Global Settings =====================================
[global]

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;include = /usr/local/samba/lib/smb.conf.%m

#UnRaid Default Configurable Identification

netbios name = BMM-Unraid
server string = VM - Docker Server
hide dot files = no
server multi channel support = yes
max open files = 40960
multicast dns register = No
disable netbios = No
local master = yes
os level = 200
security = USER
workgroup = WORKGROUP
map to guest = Bad User
passdb backend = smbpasswd
;null passwords = Yes
idmap config * : backend = tdb
idmap config * : range = 3000-7999
create mask = 0777
directory mask = 0777
bind interfaces only = yes
;interfaces = 192.168.1.254 127.0.0.1

# log stuff only to syslog
logging = syslog@0

# we don't do printers
show add printer wizard = No
disable spoolss = Yes
load printers = No
printing = bsd
printcap name = /dev/null

# disable aio by default
aio read size = 0
aio write size = 0

# misc.
#invalid users = root
unix extensions = No
wide links = Yes
use sendfile = Yes
host msdfs = No

# ease upgrades from Samba 3.6
acl allow execute always = Yes

#========Other Settings that should be set

#Security:
ntlm auth = ntlmv1-permitted
server min protocol = SMB2

#Domain/AD Server Settings
local master = yes
dns proxy = no
preferred master = yes
server role = standalone server
name resolve order = host wins lmhosts bcast
winbind request timeout = 5
server signing = auto
strict locking = no

#File Path / share Settings
follow symlinks = yes
guest account = nobody
guest ok = Yes
map hidden = Yes
map system = Yes

case sensitive = True
default case = lower
preserve case = yes
short preserve case = yes

#Apple SMB2 samba File Settings
fruit:encoding = native
fruit:zero_file_id = false
fruit:nfs_aces = false
fruit:nfs_aces = No
rpc_server:mdssvc = disabled
rpc_daemon:mdssd = disabled
fruit:encoding = native
fruit:time machine max size = 0 #Unlimted
fruit:time machine = True
fruit:resource = stream
fruit:metadata = stream
vfs objects = catia fruit streams_xattr

#Performance tuning
smbd max xattr size = 2097152
#posix locking = No
read raw = yes
write raw = yes
use sendfile = Yes
#min receivefile size = 16384
#aio read size = 16384
#aio write size = 16384

[global]
        # hook for unassigned devices shares
        include = /etc/samba/smb-unassigned.conf

        # auto-configured shares
        include = /etc/samba/smb-shares.conf

 

Edited by bmartino1
Link to comment
  • 3 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...