KB450114 – MacOS Samba Optimization

Last modified: July 28, 2021
You are here:


  • This article will guide how to configure a samba share to optimize performance and compatibility with MacOS
  • The following performance tunes have been tested with MacOS Big Sur (11.2.3). Previous/Future versions will benefit as well but trial and error are recommended.


  • SMB Share
  • MacOS Client


SMB VFS Objects

  • It is best practice to use the following VFS Objects as parameters in your SMB share or global configuration when using Mac OS clients.
  • Using catia and fruit in combination with streams_xattr significantly enhances performance/compatibility of samba network shares and OSX.
  • These can be applied in MacOS only or MacOS/Windows mixed environments.
vfs objects = catia fruit streams_xattr
fruit:nfs_aces = no
fruit:zero_file_id = yes
fruit:metadata = stream
fruit:encoding = native
The vfs objects = catia fruit streams_xattr, fruit:zero_file_id = yes, fruit:metadata = stream, fruit:encoding = native can be entered in either global or share section, however fruit:nfs_aces = no must be entered in the global section of the smb.conf

SMB Signing (MacOS 10.11.4 and Before)

  • Since the release of OS X 10.11.5, Apple’s SMB Signing has been enabled by default.
  • SMB Signing digitally signs at the packet level of the SMB communication. This enables the receiver of the packets to confirm the point of origin and it’s authenticity. This security mechanism helps avoid issues like tampering and “man in the middle” attacks – as long as you’re on a secure network.  However, this causes poor performance –  to disable this option see below.
  • On each Mac OSX client:
echo “[default]” » /etc/nsmb.conf
echo “signing_required=no” >> /etc/nsmb.conf
  • Reboot client
  • To verify it worked run:
smbutil statshares -a
  • If SIGNING_ON TRUE is not present, then signing is disabled
In macOS 10.13.4 and later, packet signing is off by default. Packet signing for SMB 2 or SMB 3 connections turns on automatically when needed if the server offers it.

Veto AppleDouble Files

  • Veto the creation of ._ and .DS_Store files on the network fileshare to increase directory performance.
  • Add to smb.conf [SHARE] definitions that will be used by OSX clients
veto files = /._*/.DS_Store/
delete veto files = yes
  • Delete existing ._ and .DS_Store files on the share
cd /FILE/SHARE ; find \( -name “.DS_Store” -or -name “.Trashes” -or -name “._*” -or -name “.TemporaryItems” \) -delete
  • On each OSX client, disable the creation of .DS_Store and ._ on network shares
defaults write com.apple.desktopservices DSDontWriteNetworkStores true
NOTE that certain OSX applications require these files to function correctly. Test workflow with these disabled to verify.


  • If we are to do a “testparm -s” on our SMB server, we should see the VFS Objects now appear within the global section, or the share section depending on where we entered it.


Was this article helpful?
Dislike 0
Views: 3586
Unboxing Racking Storage Drives Cable Setup Power UPS Sizing Remote Access