Administration Guide : Managing User Access/Connections : Install and Configure SMB

Install and Configure SMB
Install SMB on a Mac Server
There are no additional instructions for Mac. Continue to the next section below, on configuring users.
The necessary SMB components are installed with Xinet (through Samba). Xinet runs independently of the OS X System Control Panel "File sharing" setting.
Note: If client machines experience slow file read/write from Mac SMB mounted volumes (as opposed to AFP), turn off packet signing on the Mac clients. For details on how to do this, go to the following page on the Apple Web site: “Turn off packet signing for SMB 2 and SMB 3 connections” (https://support.apple.com/en-euro/HT205926).
Install SMB on a Linux Server
Our Xinet Installers contain separate XinetSMB installers and during installation our install script will determine which XinetSMB installer will get used (based on Linux version and installed Samba version).
Currently the following combinations are possible:
OR:
Even though we call our Samba-modules installer XinetSMB-RedHat, it works with CentOS as well.
After installation, you won't see any modifications in /etc/samba/smb.conf, although existing shares that you had set up prior to the Xinet 19 installation will keep working. Instead of asking administrators to translate or copy existing shares (configured and visible in the web interface under Volume/Users > System Volumes and stored in /var/adm/appletalk/KASPubVols) Xinet will transform existing AFP shares into SMB2 shares for you and it will happen on-the-fly. We will take care of applying existing ACLs, too.
Just log in to your Xinet server as an SMB-enabled user using the URL smb://<yourxinet server IP address or hostname> and you'll see all your existing AFP shares presented to you over the newer SMB2 protocol.
We have also made our standard MacFiles volume available over SMB2 connections. Please make sure you log on through smb ( smb://<your xinet server> ) with the user name “macfiles” and no password (leave the password field blank).
Troubleshooting: Filesystems exported from Linux via SMB to Mac clients must be mounted with "User Extended Attributes" enabled (user_xattr). Typically, this option is enabled by default on Linux systems, but if your organization has disabled it, Mac users will not be able to use Apple-specific features such as Finder labels.
Configuring Users
(This section is applicable to both Mac and Linux servers.)
Samba maintains its own list of users and passwords, which means that every user who is enabled to view SMB shares must be a valid system user before that user can be enabled for SMB.
Depending on the type of users, there are different ways to set this up, as outlined in the three alternatives below.
a. Converting/enabling local OS users
Existing Operating System users, like the ones you are using to access Volumes over AFP, need to be added to the Samba user list. This can be done manually by running the smbpasswd command (smbpasswd -a <username>), or by turning on the new "Can access SMB Volume" user setting and re-entering the user's password on the Edit-User page in the nativeadmin UI.
If you turn on the new "Can access SMB Volume" user setting and submit the page to be saved, a warning, "Please re-enter user's password to enable SMB volumes," will appear, to remind you to reset the user's password.
In order to create new OS users, you can follow the same steps you did when you created users for AFP logins. Once you have created users, you need to turn on the new “Can access SMB Volume” user setting and re-enter the user's password on the Edit-User page in nativeadmin, or by running smbpasswd for that user manually.
One possible scenario could be that an administrator resets all user passwords to the same password and sends all users a link to:
http(s)://<xinet server IP or hostname>/webnative/userperms?-password
This way, users can log on to the site and reset their passwords individually.
b. Converting/enabling Apache/web-only users
If you are using Apache to grant user access to Xinet Portal as a completely separate user list from your local OS users and you want to give these users access to SMB shares, you need to turn them into OS-level system users as a first step and then proceed as explained in section "a" above .
If you try to turn on the new "Can access SMB Volume" user setting for an Apache/Web user, you'll see a warning message to remind you that the user needs to be configured as an OS system user beforehand.
c. Converting/enabling users managed by Directory Services
If a Directory Service, such as Active Directory (AD), is in place already and you are using Samba via PC Connectivity, you probably have configured Samba to talk to that same Directory Service for authentication as Xinet and then everything should just work.
If you have a mix of an AD user list and a local user list, you need to make sure that any user who needs to be set up to access SMB volumes is added to the Samba user list through the nativeadmin UI, or by running smbpasswd manually, or (in case of an AD user list) Samba is configured to authenticate against your AD service.