Mac and SMB File Sharing
Apple deprecated their AFP file sharing protocol back in 2013 and advised Mac users to migrate to Server Message Block (SMB) file sharing.
However, using SMB has been problematic on past few years with numerous reported problems with speed, permissions and file corruption. Hence, AFP is still popular, where the Acronis Access Connect (previously known as GroupLogic ExtremeZ IP) solution is a popular alternative to SMB.
What is the real life compatibility of macOS working with SMB file shares?
Let’s start by mentioning blogs and comments advising Mac users to switch back to use SMBv1 or CIFS. This is really bad advice due to inherent security flaws in SMBv1 that was instrumental in the WannaCry ransomware attack. SMBv1 should not be used at all.
It’s definitely possible to run a reliable file sharing service using SMB shares with macOS if your environment is configured appropriately with some workflow changes.
SMB Shares
- Use flat permissions across each shares. Do not allow folders with different permissions within a share.
- Do not use the ‘Creator Owner’ permission on shares. This will cause a permissions disaster if multiple users create files.
SMB Protocol Version
- Use the SMBv3 protocol with a modern NAS or Windows Server 2012r2 or 2016. macOS is currently compatible up to SMBv3.02.
macOS Clients Settings
- Use macOS 10.12 or later. File sharing performance with macOS 10.13 or later is much better than previous macOS versions with improved folder enumeration of files due to changes in the browsing behaviour – See Adjust SMB browsing behavior in macOS High Sierra 10.13
- Disable network .DS_Store files to speed up SMB file browsing – See Disable ds_store files on the network
- Ensure SMB packet signing is turned off to speed up file downloads. Note that Apple changed the default for packet signing to be off from macOS 10.13.4 – See Turn off packet signing for SMB 2 and SMB 3 connections
- Disable local SMB caching, but note that this can impact browsing on high latency network – See Disable local SMB directory enumeration caching
Below is an example of recommended SMB settings to disable SMB signing and caching with an nsmb.conf file.
# Run this script as root
defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool TRUE
if [ -f /etc/nsmb.conf ]; then
rm -vf /etc/nsmb.conf
fi
OSversion="$(sw_vers -productVersion)"
if [ "$(echo ${OSversion} | grep -o "10.14")" = "10.14" ]; then
echo "[default]" >> /etc/nsmb.conf
echo "dir_cache_async_cnt=0" >> /etc/nsmb.conf
echo "dir_cache_max=0" >> /etc/nsmb.conf
echo "dir_cache_min=0" >> /etc/nsmb.conf
echo "dir_cache_off=yes" >> /etc/nsmb.conf
exit fi
if [ "$(echo ${OSversion} | grep -o "10.13")" = "10.13" ]; then
echo "[default]" >> /etc/nsmb.conf
echo "dir_cache_async_cnt=0" >> /etc/nsmb.conf
echo "dir_cache_max=0" >> /etc/nsmb.conf
echo "dir_cache_min=0" >> /etc/nsmb.conf
echo "signing_required=no" >> /etc/nsmb.conf
echo "dir_cache_off=yes" >> /etc/nsmb.conf
exit fi
if [ "$(echo ${OSversion} | grep -o "10.12")" = "10.12" ]; then
echo "[default]" >> /etc/nsmb.conf
echo "dir_cache_async_cnt=0" >> /etc/nsmb.conf
echo "dir_cache_max_cnt=0" >> /etc/nsmb.conf
echo "dir_cache_max=0" >> /etc/nsmb.conf
echo "dir_cache_min=0" >> /etc/nsmb.conf
echo "signing_required=no" >> /etc/nsmb.conf
exit fi
exit 0
Finder / Samba Issues and Workarounds
macOS 10.14 – Admin prompt when moving or renaming a folder
Certain files when added to a folder prevent moving or renaming the folder because a file lock persists after the file is closed. An admin prompt error will be presented when the folder is moved. This issue is linked to anti-virus software on-access remote scanning and the way the macOS SMB implementation interacts with SAMBA and Windows SMB. This issue affects most, but not all SMB Server/NAS solutions.
This issue can be mitigated by turning off Antivirus software on-access remote scanning.
macOS 10.14 – Adobe Photoshop Error: Could not save because write access was not granted
The Finder is keeping a file open for Read, when the application requests an exclusive Read/Write to save the file. This only occurs with SMB shares and stops files from saving in Adobe Photoshop. If the file being saved is selected in the Finder with Column or Gallery view enabled, the problem is encountered.
This issue can be mitigated by upgrading to the latest version of Adobe Photoshop CC 2019 or only using list or icon view in the Finder. If column view is used, turn off Finder icon previews including “Show Preview Column”.
Network Traffic
Certain macOS and Adobe InDesign settings can generate additional network traffic. This can impact Mac SMB performance on networks with latency over 5ms. Especially if there are a large number of the macOS clients connecting to the server.
- When macOS Finder icon previews are enabled, the Finder performs a pseudo read of all files within folders to generate icon previews. This occurs every time folders are opened so will causes additional network traffic.
- If Adobe InDesign display performance is set on ‘High Quality Display’, it invokes reading all links when documents are opened. This behaviour also causes additional network traffic, but doesn’t happen with default display performance which is set on ‘Typical’
Network Search
- Network searching or client side Spotlight indexing of network shares cannot to done efficiently or effectively so you may need to find a new workflow that doesn’t require client side searching of network shares.
- An alternative is using EasyFind from Devon Technologies. This application doesn’t require Indexing for metadata search results that are much faster than searching a network share with the macOS Finder.
“Do not use the ‘Creator Owner’ permission on shares. This will cause a permissions disaster if multiple users share files.”
How to disable the use of ‘Creator Owner’ permission on shares? Thank you!
Disable inheritance if enabled then remove the creator owner permission using an account that has full Control access or is a server admin. See https://activedirectoryfaq.com/2016/11/ntfs-authorization-creator-owner/
The problem you talk about: macOS 10.14 – Admin prompt when moving or renaming a folder.
I have this same issue with 10.11 and 10.13.6.
On 10.13.6 it says ‘Preparing to move file’ and then goes to Beach Ball and locks up the finder, only way to recover is to force shut down the mac and restart.
Would this be caused by the virus protection we have on server ‘Trend Micro’ (Server 2012 r2)?
We also have Trend Micro on the macs, do we need to disable Real Time scan on both the Mac and the server or just the server?
Thanks.
I haven’t seen the Finder getting locked. The usual workaround is to dismount and remount the SMB share.
I recommend doing some testing disabling Antivirus remote server scanning from the client.
Also, a lot of people says its the Icon preview and Quick look view that causes the server to lock the file so its can’t be moved, do you have any thoughts on that?
Quick look and display preview when using column view can cause problems. Recommend switching to list view if experiencing problems. If extreme problems, turn off icon previews for all views.
Disabling Icon Preview has stopped the finder locking up. So good to find this solution. Hope it helps others.
Hi,
Thanks for this topic.
defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool TRUE
This must be done for the user account not for root.
Because the script is executed by root (via sudo), so, we need do that for the current user :
if [ “$(sudo -u $(logname) defaults read com.apple.desktopservices DSDontWriteNetworkStores)” -eq 0 ]
then
sudo -u $(logname) defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool TRUE
fi
If the current user is not the target, list of users can be listed by this command :
dscl . list /Users | egrep -v ‘^(_|root|nobody|daemon)’
No need to remove /etc/nsmb.conf, just overwrite (it will be better to copy for backup), here is my solution with less lines 😉 :
if echo ${OSversion} | egrep -q “^(10.15|10.14|10.13|10.12)”
then
cat > /etc/nsmb.conf <> /etc/nsmb.conf || echo “dir_cache_off=yes” >> /etc/nsmb.conf
echo ${OSversion} | egrep -q “^(10.13|10.12)” && echo “signing_required=no” >> /etc/nsmb.conf
fi
Hello, thanks for posting this. I’m on 10.13.6, and I have been trying the terminal commands. I get 730 read/write when direct connected fiber, but the same raid is 200 write/570 read when connected SMB over 10G. Is that all that’s possible? Also is there a way to easily return SMB back to default settings? Do you freelance? Please email if you are able to log in set up some of these fixes. Thanks!
Delete the nsmb.conf you created.
Hi All,
Any other tips for bin sur ?
I have disabled dsstore and smb singning.
The performance is still poor.
best regards
Alex