SMB Tips and FAQs

 

If you use SMB1 to mount a Samba share, a symbolic link is displayed. If you use SMB2/SMB3, the symbolic link does not appear as a file or directory, or does not appear at all.

If you use SMB1, you can use the Samba Unix extensions but that feature is not available with SMB2 (or later). SMB2 does not display a broken symbolic link, and a symbolic link appears as a file or directory depending on the destination.

Samba attempts to prevent a directory loop; therefore, a symbolic link such as the following is not displayed:

ln -s . my-dir

 

Beginning with Appliance Controller 3.1.0, the Samba implementation requires a minimum SMB version of SMB2_02. To enable SMB1 support, run the following controller command:

share smb global set server min protocol = NT1

 

By default, the SMB server does not enforce strict allocation due to performance reasons. As a result, the server does not validate a pre-allocation call. To avoid this issue, configure the following option:

share set smb global strict allocate = yes

or

share change smb smb1 strict allocate = yes

 

In some versions of Catalina, the SMB client can cause slow entry processing of directories containing a large number of files. This issue has been fixed in Catalina 10.15.4.

There are also new tuning parameters in Catalina 10.15.4 that improve the performance for MAC systems with a lot of memory (as shown in the max_dirs_cached and max_cached_per_dir sections of the /etc/nsmb.conf file. See man nsmb.conf on the MacOS terminal command line for additional information.

Because of these enhancements, Quantum recommends upgrading to Catalina 10.15.4 or later.

 

Note: This does not effect Linux or Mac clients.

When using local auth after upgrading to Appliance Controller 2.2.0 or later, Samba requires more specific credentials on Windows than it previously required to access a Samba share. Prior to 2.2.0, only the username was required. As of 2.2.0, use: WORKGROUP\<username>.

 

Windows SMB clients may lose connections to shares when the node they were connected to fails over. This is expected client side SMB protocol behavior.

After the fail-over is complete:

  • SMB clients should reconnect without intervention
  • NAS share(s) will remain mapped
  • Restart any file system operations that were in progress and failed when the fail over occurred (If desired)
  • New file system operations can be initiated

 

The Appliance Controller 2.0 release updates Samba packages to 4.6.8. This version of Samba includes security patches to disable non-secure clients. Some older Linux CIFS clients are affected by these security patches, and cannot mount SMB shares.

Resolution

To resolve this issue, we recommend obtaining a newer SMB client for your Linux machines. If that is not possible, then use the following workaround.

Workaround

  1. Log in to the Appliance Controller CLI from the NAS cluster's master node.
  2. Enter the following to update your SMB shares with the smb global ntml auth option:

    share change smb global ntlm auth = yes

    Example:

    > share change smb global ntlm auth = yes

    Broadcasting share config-sync to NAS cluster ...

    Waiting for nascluster_share_config_sync to complete on node 10.42.xx.yy

    Share global successfully changed

     

    > share show

    SMB global options: ntlm auth = yes

    2 shares:

    1: tstsmbshare1 | smb | /stornext/snfs1/smbshare | public = no,writable = yes

    2: tstsmbshare2 | smb | /stornext/snfs2/smbshare | public = no,writable = yes

 

SMB Signing provides a security mechanism that enables signing at the packet level. Use the following 2 SMB options to control whether the client is allowed to or required to use SMB signing, as well as to specify the SMB signing signature that the client must use.

You can configure SMB Signing with the global SMB server signing option. This option controls whether the client is allowed to or required to use SMB1 and SMB2 Signing. ForStorNext NAS, the default for server signing is auto. For specific details, see the smb.conf man pages.

You can configure Client Signing with the global SMB client signing option. This option controls whether the client is allowed to or required to use SMB signing. ForStorNext NAS, the default for client signing is auto. For specific details, see the smb.conf man pages.

 

When troubleshooting an issue, you may need to increase the output being logged for Samba. To change the output level, you need to add the log level option to the global section of the smb.conf file.

The default log level value is 0, or no logging. To troubleshoot an issue, we recommend setting the log level to 3 to provide the most useful amount of debugging information. Levels above 3 provide information primarily used by developers to track down internal issues, and these levels slow down the Appliance Controller System considerably.

  1. Log in to the Appliance Controller CLI.
  2. Enter:

    share change smb global log level = 3

  3. When you are finished troubleshooting the issue, return the logging level back to the default by issuing the following command:

    share change smb global log level = 0

    Important

    If you do not reset the log level back to 0, the Appliance Controller will slow down considerably.

See Modify Shares for information on setting global options.