【macのSMBが高速に?】macOSのWindowsファイル共有・・今はMacもだけどSMBの設定で今後役に立つかもしれないのでメモ【MacもまだSMBはnsmb.confの設定を見てる?】

Twitter(現X)を見ていたらこのようなツイートが流れて来ました。


MacOS Slow SMB shares : r/MacOS

Posting this for visibility since Apple has yet to properly implement SMB. Took me years of trial and error to come up with this catch-all solution which has been tested and works flawlessly on Mojave, Catalina, Big Sur, Monterey, Ventura, and Sonoma. This solution disables packet/session signing, caching, and indexing to prevent slowdowns while browsing SMB shares. It also forces SMB v3, enables multichannel connections, and prioritizes Ethernet/Thunderbolt connections over wireless.

If the server is a Mac, you will want to turn off packet signing on it. With file sharing off, run this command and then restart the server:

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server SigningRequired -bool FALSE

On all clients, open Terminal, type sudo su, enter your password and press return, then copy/paste the entire text below:

rm /private/etc/nsmb.conf; echo "[default]" >> /etc/nsmb.conf; echo "signing_required=no" >> /etc/nsmb.conf; echo "streams=yes" >> /etc/nsmb.conf; echo "notify_off=yes" >> /etc/nsmb.conf; echo "port445=no_netbios" >> /etc/nsmb.conf; echo "unix extensions = no" >> /etc/nsmb.conf; echo "veto files=/._*/.DS_Store/" >> /etc/nsmb.conf; echo "protocol_vers_map=6" >> /etc/nsmb.conf; echo "mc_prefer_wired=yes" >> /etc/nsmb.conf; defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool TRUE; exit

That's it. Enjoy your unthrottled, highly reliable SMB connections on macOS!
Apple がまだ SMB を適切に実装していないため、これを公開します。この包括的なソリューションを思いつくのに何年も試行錯誤しました。このソリューションは、Mojave、Catalina、Big Sur、Monterey、Ventura、Sonoma でテスト済みで、問題なく動作します。このソリューションは、SMB 共有の参照中に速度低下を防ぐために、パケット/セッション署名、キャッシュ、インデックス作成を無効にします。また、SMB v3 を強制し、マルチチャネル接続を有効にし、ワイヤレスよりも Ethernet/Thunderbolt 接続を優先します。

サーバーが Mac の場合は、パケット署名をオフにする必要があります。ファイル共有をオフにして、次のコマンドを実行してサーバーを再起動します:

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server SigningRequired -bool FALSE

すべてのクライアントで、ターミナルを開き、sudo su と入力し、パスワードを入力してリターン キーを押し、以下のテキスト全体をコピー/貼り付けします:


以前に
【昔はServer.Appで出来たのに】macOSの共有フォルダに接続中のユーザー及びPC(ホスト)確認したいけどできない?(2023年02月07日 (火曜日))
ような調べ事をしていて、今回のとは直接は関係ないのだけれども、上記の設定を見る限り未だに
nsmb.conf
でSMB関連の設定をしている?となると
Mac OS X Serverでファイル共有でゴミ箱作りたい場合って(2021年03月14日 (日曜日))
Macをファイルサーバーにした場合、よくNASとかには普通にあるネットワーク上のファイルを捨ててもゴミ箱に入る奴、作れる?
というか上記エントリからリンクしているサイトにもわからなかったらターミナルでman nsmb.confしろ、と書いてありますね。


という事でメモでした。

NSMB.CONF(5) File Formats Manual NSMB.CONF(5)

NAME
nsmb.conf - configuration file for SMB requests

DESCRIPTION
The nsmb.conf file contains information about the computers and shares or
mount points for the SMB network protocol.

The configuration hierarchy is made up of several sections, each section
containing a few or several lines of parameters and their assigned values.
Each of these sections must begin with a section name enclosed within
square brackets, similar to:

[section_name]

The end of each section is marked by either the start of a new section, or
by the abrupt ending of the file, commonly referred to as the EOF. Each
section may contain zero or more parameters such as:

[section_name]
key=value

where key represents a parameter name, and value would be the parameter's
assigned value.

The SMB library uses the following information for section names:

A) [default]
B) [SERVER]
C) [SERVER:SHARE]

Possible keywords may include:

Keyword Section Default Comment
A B C Values
addr - + - DNS name or IP
address of server
nbtimeout + + - 1s Timeout for resolving
a NetBIOS name
minauth + + - NTLMv2 Minimum
authentication level
allowed
port445 + + - both How to use SMB
TCP/UDP ports
streams + + + yes Use NTFS Streams if
server supported
soft + + + no Force all mounts to
be soft
notify_off + + + no Turn off using
notifications
kloglevel + - - 0 Turn on smb kernel
logging
protocol_vers_map + - - 7 Bitmap of SMB
Versions that are
enabled
signing_required + - - no Turn on smb client
signing
signing_req_vers + - - 6 Bitmap of SMB
Versions that have
signing required
validate_neg_off + - - no Turn off using
validate negotiate
max_resp_timeout + + - 30s Max time to wait for
any response from
server
submounts_off + + + no Turn off using
submounts
dir_cache_async_cnt + + - 10 Max async queries to
fill dir cache
dir_cache_max + + - 60s Max time to cache for
a dir
dir_cache_min + + - 30s Min time to cache for
a dir
max_dirs_cached + + - Varies Varies from 200-300
depending on RAM
amount
max_cached_per_dir + + - Varies Varies from
2000-10000 depending
on RAM amount
netBIOS_before_DNS + + + no Try NetBIOS
resolution before DNS
resolution
mc_on + - - yes Turn on SMB
multichannel (allow
more than one channel
per session)
mc_prefer_wired + - - no Prefer wired NIC's
over wireless in
multichannel mode
encrypt_cipher_map + - - 15 Bitmap of SMB 3.1.1
encryption algorithms
that are enabled
force_sess_encrypt + - - no Force session
encryption for all
mounts
force_share_encrypt + - - no Force share
encryption for all
mounts

The minimum authentication level can be one of:

kerberos Kerberos - NTLMv2, NTLM, LM, and plain-text password
authentication are not attempted.

ntlmv2 NTLMv2 - Kerberos authentication is attempted if a Kerberos
token can be obtained, otherwise NTLMv2 authentication is
attempted; if the server doesn't support encrypted passwords,
the authentication fails.

ntlm NTLM - Kerberos authentication is attempted if a Kerberos
token can be obtained, otherwise NTLMv2 authentication is
attempted and, if that fails, NTLMv1 authentication is
attempted, with zeroes in the LM hash; if the server doesn't
support encrypted passwords, the authentication fails.

lm LM - Kerberos authentication is attempted if a Kerberos token
can be obtained, otherwise NTLMv2 authentication is attempted
and, if that fails, NTLMv1 authentication is attempted,
including the LM hash; if the server doesn't support
encrypted passwords, the authentication fails.

none none - The same as lm except that, if the server doesn't
support encrypted passwords, plain-text passwords are used.
Required for servers that don't support extended security.

(Note: "NetBIOS" as used below means "NetBIOS over TCP/IP.")

"How to use SMB TCP/UDP ports" can be one of:

both Attempt to connect via port 445. If that is unsuccessful,
try to connect via NetBIOS.

netbios_only Do not attempt to connect via port 445.

no_netbios Attempt to connect via port 445. If that is unsuccessful,
do not try to connect via NetBIOS.

"Bitmap of SMB Versions that are enabled" can be one of:

7 == 0111
SMB 1/2/3 should be enabled

6 == 0110
SMB 2/3 should be enabled

4 == 0100
SMB 3 should be enabled

"Bitmap of SMB Versions that have signing required" can be one of:

7 Signing required for SMB 1/2/3.

6 Signing required for SMB 2/3.

4 Signing required for SMB 3.

"Bitmap of SMB 3.1.1 encryption algorithms that are enabled" can be one of:

15 == 1111
AES-256-GCM/AES-256-CCM/AES-128-GCM/AES-128-CCM should be enabled

7 == 0111
AES-256-CCM/AES-128-GCM/AES-128-CCM should be enabled

3 == 0011
AES-128-GCM/AES-128-CCM should be enabled

1 == 0001
AES-128-CCM should be enabled

FILES
/etc/nsmb.conf The global configuration file.

~/Library/Preferences/nsmb.conf
The user's configuration file, conflicts will be
overwritten by the global file.

EXAMPLES
What follows is a sample configuration file which may, or may not match
your environment:

# Configuration file for example.com
[default]
minauth=ntlmv2
streams=yes
soft=yes
notify_off=yes
[WINXP]
addr=windowsXP.apple.com

All lines which begin with the `#' character are comments and will not be
parsed. The "default" section specifies that only Kerberos and NTLMv2
authentication should be attempted; NTLM authentication should not be
attempted if NTLMv2 authentication fails, and plain-text authentication
should not be attempted if the server doesn't support encrypted passwords.

SEE ALSO
smbutil(1), mount_smbfs(8)

AUTHORS
This manual page was originally written by Sergey Osokin
and Tom Rhodes .

macOS 12.7 June 30, 2003 macOS 12.7

macOS12.7でman nsmb.confを実行した結果。

macOSのSMBファイル共有のクライアント、サーバーの設定は
/Library/Preferences/SystemConfiguration/com.apple.smb.server.plist

/etc/nsmb.conf
で設定する感じなのかな?基本はnsmb.confファイルは存在しませんけど。