Skip to main content

Global Parameters

The following parameters are in the [global] section of the configuration file.

access_based_share_enumeration

Enables or disables access-based share enumeration.

Value Type: boolean

Value Format: true|false

  • true: Enables access based share enumeration for the server.
  • false: Disables access based share enumeration for the server.

Default Value: false

apple_extensions

Controls Apple Extensions for SMB.

Value Type: boolean

Value Format: true|false

  • true: Enables Apple Extensions for SMB.
  • false: Disables Apple Extensions for SMB.

Default Value: true

apple_server_side_copy

Controls the behavior of server side copy for macOS clients.

Possibly Overridden by Global Parameter: server_side_copy

Value Type: boolean

Value Format: true|false

  • true: Enables server-side copy macOS clients (has no effect if server_side_copy is false).
  • false: Disables server-side copy for macOS clients.

Default Value: false

audit_enable

Enables or disables audit logging globally. Used in conjunction with audit_params.

Value Type: boolean

Value Format: true|false

  • true: Enables audit logging.
  • false: Disables audit logging.

Default Value: false

audit_params

Controls the output parameters for audit logging. Used in conjunction with audit_enable.

Value Type: string

Value Format: path=<path>[,days=<days>][,uid=<uid>][,gid=<gid>][,cn=<cn>][,sensitive_data=<sensitive_data>]

  • path=<path>: (required) The path where the audit log files are stored. Each audit log file will have a suffix containing the date of the day for which the log is generated.
  • days=<days>: (optional) The number of days for which the audit log files are retained. Default value: 1.
  • uid=<uid>: (optional) Specifies whether log messages should include the POSIX user ID of the authenticated user whose actions are being logged. Possible values:
    • true: Include the POSIX user ID in log messages.
    • false: Do not include the POSIX user ID in log messages. Default value: true.
  • gid=<gid>: (optional) Whether log messages should include the POSIX group ID of the authenticated user whose action is being logged. Possible values:
    • true: Include the POSIX group ID in log messages.
    • false: Do not include the POSIX group ID in log messages Default value: true.
  • cn=<cn>: (optional) Specifies whether log messages should include the common name of the authenticated user whose action is being logged. Possible values:
    • true: Include the common name in log messages.
    • false: Do not include the common name in log messages Default value: true.
  • sensitive_data=<sensitive_data>: (optional) Defines how sensitive data should be handled in log messages. Sensitive data includes domain names, IP addresses, user names and IDs, and file paths. Possible values:
    • allow: All data appears as-is in log messages.
    • strip: Sensitive data is stripped from log messages, and replaced with ***.
    • hash: Sensitive data is hashed in log messages, allowing for differentiation between different sensitive data appearances (e.g., distinguishing one IP address from another), without revealing the original values.
      Default value: allow.

Default Value: none.

Examples:

  • path=/var/log/tsmb-audit,days=1,uid=true sets the path to /var/log/tsmb-audit, retains the audit log files for 1 day, and includes the POSIX user ID in log messages.

authz_require_posix

Requires all users to have a valid POSIX ID mapping.

Value Type: boolean

Value Format: true|false

  • true: Requires all users to have a valid POSIX ID mapping.
  • false: Allows all SMB users to connect, regardless of POSIX ID mapping.

Default Value: false

ca

Enables or disables the persistent file handle database globally. Used in conjunction with ca_path.

Overridden by Per-Share Parameter: ca

Value Type: boolean

Value Format: true|false

  • true: Enables the persistent file handle database globally.
  • false: Disables the persistent file handle database globally.

Default Value: false

ca_path

Controls the path for the persistent file handle database. Used in conjuction with ca.

Value Type: string

Possibly Overridden by Per-Share Parameter: ca_params

Value Format: <path>

  • <path> is the path on a shared storage where the Fusion File Share Server stores its persistent file handle database. This path must be accessible by all nodes in the Fusion File Share Server to support continuous or high availability. If not overridden on a per-share basis by the optional <path> portion of the share's ca_params parameter, the path of the the persistent file handle database for each share with continuous availability enabled will be <path>/<share_name>, as determined by the share's netname parameter.

Default Value: none.

Examples:

  • /mnt/shared/ca would store the persistent file handle database in /mnt/shared/ca/<share_name> for each share where continuous availability is enabled.

case_insensitive

Controls default case-sensitivity for all shares.

Overridden by Per-Share Parameter: case_insensitive

Value Type: boolean

Value Format: true|false

  • true: Makes file operations case-insensitive by default.
  • false: Leaves file operations case-sensitive by default.

Default Value: false

change_notify

Controls the method used to generate change notifications.

Value Type: string

Value Format: smb|kernel|none

  • smb: Generates change notifications based on file operations performed by SMB clients against the Fusion File Share Server. This option does not detect changes made by other means, such as direct access to the storage, or changes made by other protocols (e.g., NFS shares enabled for the same data). Use this setting for custom VFS modules that don't trigger inotify events.
  • kernel: Generates change notifications for clients based on notifications Fusion File Share Server receives from the kernel's inotify interface. This includes changes made via any method, including direct access to storage, or changes made by other protocols.
  • none: Disables change notifications.

Default Value: kernel

compression_algorithms

Controls the compression algorithms used by the server.

Value Type: string

Value Format: <algorithm>[,<algorithm>,...]

  • <algorithm>: The compression algorithm to use for SMB compression. The supported algorithms are:
    • LZ77

Default Value: none (SMB compression is disabled))

Examples:

  • LZ77: Enables SMB compression using the LZ77 algorithm.

compression_threads

Controls the number of threads used for compression.

Value Type: integer

Value Format: <threads>

  • <threads>: A positive integer representing the number of threads to use for compression.

Default Value: 1

Examples:

  • 10 starts 10 threads for compression.

compression_threshold

Controls the minimum message size for compression.

Value Type: integer

Value Format: <bytes>

  • <bytes>: A non-negative integer, representing the threshold size in bytes for SMB compression. Messages exceeding this threshold will be compressed if SMB compression is enabled.

Default Value: 4096

Examples:

  • 8192: Only messages larger than 8KB will be compressed.
  • 0: Compress all messages, regardless of size.

connections_max

Controls the maximum number of connections.

Value Type: integer

Value Format: <connections>
The maximum number of concurrent client connections allowed to the server. Once the limit is reached, new connections will be rejected. A value of 0 allows for unlimited number of connections, limited only by available system resources.

Default Value: 1024

dfs

Enables/disables the Distributed File System (DFS) namespace.

Value Type: boolean

Value Format: true|false

  • true: Enables inclusion in DFS.
  • false: Disables inclusion in DFS.

Default Value: false

dialect_max

Controls the maximum SMB dialect version exposed by the server.

Mutually exclusive with: dialects

Value Type: string

Value Format: <dialect>

Default Value: SMB3.1.1

Examples:

  • SMB3.1.1: Enables all supported SMB dialects.
  • SMB2.1: Enables only dialects SMB1 through SMB2.1.
  • SMB1: Enables only SMB1 (CIFS).

dialects

Controls which SMB dialects are exposed by the server.

Mutually exclusive with: dialect_max

Value Type: string

Value Format: <dialect> [<dialect> ...]

Default Value: SMB2.002 SMB2.1 SMB3.0 SMB3.02 SMB3.1.1

Examples:

  • SMB1 SMB2.002 SMB2.1 SMB3.0 SMB3.02 SMB3.1.1: Enables all supported SMB dialects.
  • SMB2.002 SMB2.1 SMB3.0 SMB3.02 SMB3.1.1: Enables all supported SMB dialects, except for SMB1 (CIFS).

domain

Controls the domain or workgroup name for Active Directory or Apple Open Directory, or the NetBIOS workgroup name for standalone servers or when part of a NetBIOS workgroup.

  • When part of an Active Directory domain:

    Value Type: string

    Value Format: <domain>
    <domain>: specifies the name of the Active Directory domain (or in rare cases, Apple Open Directory domain). It should be a fully-qualified domain name (e.g., acme.local).

    Default Value: none.

    Examples:

    • acme.local specifies the Active Directory domain acme.local.

  • When part of a NetBIOS workgroup:

    Value Type: string

    Value Format: <workgroup>
    <workgroup>: specifies the name of the workgroup. Should be a NetBIOS name (e.g., ACME).

    Default Value: none.

    Examples:

    • ACME specifies the NetBIOS workgroup ACME.

domain_servers

Overrides the domain controller server names for Active Directory.

Value Type: string

Value Format: [<server>[,<server>,...]]
If specified, the value should be in square brackets ([...]), containing comma-separated values <server>, where each <server> is a domain controller server name.

Default Value: none. Fusion File Share Server will automatically discover domain controller server names by querying the DNS for the _ldap._tcp SRV records.

Examples:

  • [dc1.acme.local, dc2.acme.local] will use the domain controller server names dc1.acme.local and dc2.acme.local to authenticate SMB users.

durable_v1_timeout

Controls the timeout for durable handles V1.

Value Type: integer

Value Format: <duration>

  • <duration> is a positive integer representing the number of seconds for the timeout of durable handles V1.

Default Value: 960

Examples:

  • 960 seconds (16 minutes) is the default timeout for durable handles V1.

durable_v2_timeout

Controls the timeout for durable handles V2.

Value Type: integer

Value Format: <duration>

  • <duration> is a positive integer representing the number of seconds for the timeout of durable handles V2.

Default Value: 180

Examples:

  • 180 seconds (3 minutes) is the default timeout for durable handles V2.

enable_ipc

Enables/disables IPC$ shares.

Value Type: boolean

Value Format: true|false

  • true: Enables the IPC$ share.
  • false: Disables the IPC$ share.

Default Value: true

enable_oplock

Enables/disables opportunistic locks (oplocks).

warning

This parameter is deprecated. Use oplock instead.

Overriden by Share Parameter: enable_oplock

Value Type: boolean

Value Format: true|false

  • true: Allows the user to acquire opportunistic locks (oplocks) on files.
  • false: Disables the acquisition of oplocks on files.

Default Value: true

encrypt_data

Enables/disables encryption in transit.

Overridden by Per-Share Parameter: encrypt_data

Value Type: boolean

Value Format: true|false

  • true: enable encryption in transit for all shares.
  • false: disable encryption in transit for all shares.

Default Value: false

group_member_db

Value Type: string

Value Format: <path>
Where <path> is the path of group members database for the file-backed user database. The file needs to exist before the starting Fusion File Share Server.

Example:

  • /etc/tsmb-group would configure Fusion File Share Server to use /etc/tsmb-shadow as the file-backed user database file.

ignore_unresolved_share_deny_permission

Controls whether to deny access to shares with unresolved permission grantees when their access level is no, or to ignore handling them altogether.

Value type: boolean

Value Format: true|false

  • true: Ignores handling of unresolved permission grantees when their access level is no.
  • false: Denies access to shares with unresolved permission grantees when their access level is no.

Default value: false

ldap_base_dn

Controls the base distinguished name (DN) for LDAP user authentication when userdb_type is set to ldap.

Value Type: string

Value Format: <dn>

  • <dn>: The distinguished name (DN) of the organization unit (OU) that contains the users.

Default Value: none

Examples:

  • ou=people,dc=acme,dc=com: The users are in the people OU in the acme.com domain.

ldap_bind_dn

Controls the binding distinguished name (DN) for LDAP user authentication when userdb_type is set to ldap.

Value Type: string

Value Format: <dn>

  • <dn>: The distinguished name (DN) of the user account that has access to the NT hashes for the users.

Default Value: none

Examples:

  • cn=admin,dc=acme,dc=com: The user is admin in the acme.com domain.

ldap_bind_pw

Sets the password to use for binding to the LDAP server when userdb_type is set to ldap.

Value Type: string

Value Format: <password>

  • <password>: The password for the user specified in the ldap-bind-dn parameter.

Default Value: none

ldap_nthash_attr

Sets the LDAP attribute that contains the users' NT hash when userdb_type is set to ldap.

Value Type: string

Value Format: <attr>

  • <attr>: The name of the attribute that contains the NT hash for the users. For most configurations, the value should be sambaNTPassword.

Default Value: none

Examples:

  • sambaNTPassword: The NT hash is stored in the sambaNTPassword attribute.

ldap_timeout

Sets the timeout for LDAP operations when userdb_type is set to ldap.

Value Type: integer

Value Format: <seconds>

  • <seconds>: The number of seconds to wait for an LDAP operation to complete before timing out.

Default Value: none

Examples:

  • 30: Wait 30 seconds for an LDAP operation to complete before timing out.

ldap_uri

Sets the URI of the LDAP server when userdb_type is set to ldap.

Value Type: string

Value Format: <uri>

  • <uri>: the LDAP server URI.

Default Value: none

Examples:

  • ldap://ldap.acme.com: the LDAP server URI, without encryption.
  • ldaps://ldap.acme.com: the LDAP server URI, with TLS encryption.

ldap_username_attr

Sets the LDAP attribute that contains the users' username when userdb_type is set to ldap.

Value Type: string

Value Format: <attr>

  • <attr>: The name of the attribute that contains the users' username.

Default Value: none

Examples:

  • username: The username is stored in the username attribute.

listen

Controls the network listening addresses, protocols and ports.

Value Type: string

This parameter is required.

Fusion File Share Server will fail to start unless a value is specified.

Multiple Values Allowed

This parameter can be specified multiple times in your configuration to enable multiple listening configurations—for example, to listen on both IPv4 and IPv6.

Value Format: <interface>,<address>,<family>,<port>,<protocol>[,<options>]

  • <interface>: The network interface to listen on. To listen on all interfaces, use ANY.

  • <address>: An IPv4 or IPv6 address to listen on, depending on <family>. To listen on all addresses, use 0.0.0.0 for IPv4 and :: for IPv6.

    note

    If <protocol> is NBNS, NBSS, NBDS, LLMNR, or WSD, Fusion File Share Server will listen on all addresses regardless of the value of <address>.

  • <family>: The address family to listen on:

    • IPv4: Listen on an IPv4 address.
    • IPv6: Listen on an IPv6 address.
    • RDMA_IPv4: (for RDMA-enabled NICs) Listen on an IPv4 address for RDMA. Requires <protocol> to be SMBD. Requires <address> to be 0.0.0.0.
    • RDMA_IPv6: (for RDMA-enabled NICs) Listen on an IPv6 address for RDMA. Requires <protocol> to be SMBD. Requires <address> to be ::.

  • <port>: The TCP/UDP port number to listen on.

  • <protocol>: The transport protocol to use:

    note

    The WSD and LLMNR protocols use multicast groups and cannot be bound to the loopback interface or address (e.g., 127.0.0.1).

  • <options>: Additional listening configuration in the following format, <option>=<value>[,<option>=<value>,...], where <option>=<value> can be:

    • RSS=<num>, where <num> is the number of RSS queues to use.
      For some testing and troubleshooting cases, you might enable RSS on a non-RSS-capable NIC by specifying a value greater than 0. This will cause Fusion File Share Server to advertise the NIC as RSS-capable, although it is unlikely to result in any performance gains.

      Default value: none. When the RSS option is omitted, Fusion File Share Server determines the NIC's RSS capabilities and sets the number of receive queues accordingly.

      Possible values:

      • 0: Disables advertising the NIC as RSS-capable.
      • any positive 32-bit integer (14294967294): Sets the number of receive queues to the specified value. Values greater than 32 are unlikely to be useful.

    • max_read_write_size=<bytes>, where <bytes> is the maximum size of an RDMA read or write request in bytes when using SMB Direct.

      This option is valid only when <protocol> is SMBD. For other settings of <protocol>, this option is ignored.

      It sets the maximum number of bytes the server can send or receive in a single RDMA read or write request (MaxReadWriteSize). Note that the actual request size may be smaller than this value, depending on the client's capabilities and implementation.

      Default value: none. When the max_read_write_size option is omitted, a default value of 8388608 (8 MiB) is used, which is consistent with the value in the Windows implementation of RDMA.

      Possible values:

      • any positive 32-bit integer (14294967294): Sets the maximum size of an RDMA read or write request to the specified value.

    • server=<name>, where <name> is the server name for share scoping.

      When set, the shares accessed through this interface on the specified port and protocol will be scoped to clients that access the server using the specified server name.

      Default value: none. When the server option is omitted, share scoping on the interface is disabled for all shares by default (although it can be specified on a per-share basis).

Default Value: N/A. Value MUST be set.

Examples:

  • eth0,0.0.0.0,IPv4,445,DIRECT_TCP: Listens on all IPv4 addresses on port 445 using Direct TCP on the eth0 interface.
  • eth0,0.0.0.0,IPv4,445,DIRECT_TCP,RSS=2: Listens on all IPv4 addresses on port 445 using Direct TCP on the eth0 interface with 2 RSS queues.
  • ANY,::,IPv6,445,DIRECT_TCP: Listens on all IPv6 addresses on port 445 using Direct TCP on all interfaces.
  • ANY,::,IPv6,445,DIRECT_TCP,RSS=0: Listens on all IPv6 addresses on port 445 using Direct TCP on all interfaces with RSS disabled.
  • ANY,0.0.0.0,IPv4,139,NBSS: Listens on all IPv4 addresses on port 139 using NetBIOS Session Service on all interfaces.
  • ANY,0.0.0.0,RDMA_IPv4,445,SMBD: Listens on all IPv4 addresses on port 445 for RDMA using SMB Direct on all interfaces.
  • ANY,::,RDMA_IPv6,445,SMBD: Listens on all IPv6 addresses on port 445 for RDMA using SMB Direct on all interfaces.

log_destination

Controls the destination for the log.

Value type: string

Value format: <destination>
Where <destination> can be one of the following:

  • console: Logs are written to the standard output and standard error.
  • syslog: Logs are written to the system log (syslog).
  • file: Logs are written to a file.

Default value: console

log_level

Controls the level of the log.

Value type: integer

Value format: <level>
Where <level> can be one of the following:

  • 0: No logging
  • 1: Critical
  • 2: Error
  • 3: Warning
  • 4: Info
  • 5: Debug
  • 10 to 15: Authentication events
    • User authentication failures
    • User authorization failures
    • Successful user logins
  • 20 to 25: Network level events
    • Client handled SMB protocol errors
    • Received SMB packets names
  • 30 to 35: VFS operations
    • File and directory opening/closing
    • readdir with dumped contents
    • File reads/writes
    • Other operations
  • 80 to 89: Raw network packet information
    • Raw network packets: complete TCP data stream dumped as is (can be used to reconstruct a packet capture)
    • Packets after decryption
    • Packets as seen on network
  • 90 to 100: function traces

Default value: 4

log_params

Controls the parameters for the log.

Value type: string

Value format: [path=<path>][,long][,timestamp][,time_usec=<true|false>][,tid][,trace][,sensitive_data=<sensitive_data>]
Where <parameter> can be one of the following:

  • path=<path>: (required) if the log_destination parameter is set to file. The path to the log file.
  • long: (optional) Disables truncation of log messages, allowing the entire message to be printed. By default, log messages are truncated:
    • 'Log-metadata' is truncated to a maximum of 80 characters.
    • 'Log-content' is truncated to a maximum of 256 characters, plus any bytes unused by the 'log-metadata' component.
    • The total message is limited to 337 bytes (80 + 256 + 1 newline character). Enabling this option prints the full log message, which may improve debugging but can incur a performance penalty.
  • timestamp: (optional) Includes timestamps in the ISO 8601 format format in the log messages (YYYY-MM-DD HH:MM:SS[.uuuuuu]).
  • time_usec=<true|false>: (optional) Includes microsecond resolution timestamps in the log messages. Enabled by default when timestamp is enabled.
  • tid: (optional) Includes thread identifiers in the log messages.
  • trace: (optional) Includes trace identifiers in the log messages, specifically the function name and a line number.
  • sensitive_data=<sensitive_data>: (optional) How sensitive data should be handled in the log messages. Data deemed "sensitive" includes domain names, IP addresses, user names and IDs, and file paths. Possible values:
    • allow: All data appears as-is in the log messages.
    • strip: Sensitive data is stripped from the log messages, and instead appears as ***.
    • hash: Sensitive data is hashed in the log messages. This is useful in order to differentiate between different sensitive data (e.g., distinguishing one IP address from another), yet cannot be used to recover the original values. Default value: allow.

Default value: none. None of the formatting options are enabled.

open_files_max

Controls the maximum number of open files.

Value Type:: integer

Value Format: <files>
The number of files that can be kept open simultaniously by the server, for all client sessions. 1024 is the minimum value. 0 indicates that the server will use the system's default value (i.e., the value in /proc/sys/fs/nr_open).

Default Value: 8192

oplock

Controls the type of opportunistic locks to be issued.

Potentially Overridden by Share Parameter: oplock

Value Type: string

Value Format: <type>
Where <type> indicates the type of opportunistic lock to be issued:

  • all: Full oplock/lease support.
  • disabled: Disables oplock/lease support. This prevents the server from advertising the SMB2_GLOBAL_CAP_LEASING capability to clients.
  • none: Enables oplock/lease support and advertises the SMB2_GLOBAL_CAP_LEASING capability to clients. However, Fusion File Share Server server only grants NONE oplock/lease regardless of the value of RequestedOplockLevel.
  • exclusive: Similar to all, however only one oplock can be granted on a file at a time. Multiple clients can access a file, as long as there are no oplocks on it, or all clients have the same lease key.

Default Value: all

privilegedb

Controls the path to the privileges database.

Value Type: string

Value Format: <path>

  • <path> specifies the path to the privilege database file.

Default Value: none.

Examples:

  • /var/lib/tsmb/privilegedb specifies that the path to the privilege database is the privilegedb file in the /var/lib/tsmb directory.
important

If you are in a clustered environment, ensure that the path to the privilege database path is on the shared storage.

reject_unencrypted_access

When using encryption in transit, controls whether to reject unencrypted SMB messages from clients.

Value Type: boolean

Value Format: true|false

  • true: Causes the server to reject all unencrypted messages from clients.
  • false: Allows processing unencrypted messages from clients.

Default Value: false

require_message_signing

Controls whether to require clients to perform message signing.

Value Type: boolean

Value Format: true|false

  • true: Requires all incoming SMB messages to be signed, and drops any unsigned messages.
  • false: Allows unsigned messages to be processed.

Default Value: false

runstate_dir

Controls the path to the runtime state directory.

This parameter is required.

Fusion File Share Server will fail to start unless a value is specified.

Value Type: string

Value Format: <path>

  • <path> for the runtime state directory for Fusion File Share Server.

Default Value: none.

Examples:

  • /var/lib/tsmb–a common choice for the runtime state directory.

scale_out

Enables/disables and toggles between scale-out modes.

Value Type: string

Value Format: true|false|autonomous:

  • true: Enables scale-out.
  • false: Disables scale-out.
  • autonomous: Enables scale-out, but without synchronizing the FSA state between nodes.

Default Value: true

server_name

Controls the NetBIOS name of the server.

Value Type: string

Value Format: <name>
Where <name> is the name of the server you want to use, up to 15 characters (NetBIOS limitation).

Default Value: none. If not specified the hostname of the machine will be used.

sess_open_files_max

Controls the maximum number of open files per session.

Value Type:: integer

Value Format: <sessions>
The maximum number of open files per session. 0 indicates that the maximum number of open files is unlimited, capped by the open-files-max parameter.

Default Value: 1024

sessions_max

Controls the maximum number of client sessions.

Value Type:: integer

Value Format: <sessions>
The maximum number of client sessions that can be active on the server at any given time. 0 indicates an unlimited number of sessions.

Default Value: 0.

server_side_copy

Controls the behavior of server side copy for all clients.

Possibly Overrides Global Parameter: apple_server_side_copy

Value Type: boolean

Value Format: true|false

  • true: Enables server-side copy for all clients.
  • false: Disables server-side copy (including macOS clients).

Default Value: true

shares_max

Controls the maximum number of shares.

Value Type:: integer

Value Format: <shares>
Specifies the maximum number of shares that can be configured on the server, including both administrative and user shares.

Default Value: 1048576

smb2_credits_max

Controls the maximum number of credits for SMB2.

Value Type: integer

Value Format: <credits>
Controls the maximum amount of credits the server will advertise to clients.

Default Value: 8092

smb2_read_max

Controls the maximum number of bytes in a read operation.

Value Type: integer

Value Format: <bytes>
Where <bytes> specifies the maximum data size the server can return in a single READ operation to the client. The maximum value is determined by the SMB dialect being used.

Default Value:

  • 65536 for dialect 2.002 and lower
  • 8388608 for dialect 2.1 and higher

smb2_trans_max

Controls the maximum number of bytes in metadata operations.

Value Type: integer

Value Format: <bytes>
Where <bytes> will be used to communicate to the client the maximum buffer size that may be used for QUERY, SET, and NOTIFY operations. The maximum value is determined by the SMB dialect in use.

Default Value:

  • 65536 for dialect 2.002 and lower
  • 8388608 for dialect 2.1 and higher

smb2_write_max

Controls the maximum number of bytes in a write operation.

Value Type: integer

Value Format: <bytes>
Where <bytes> will be used to communicate to the client the maximum data size the server will accept in a single WRITE operation. The maximum value is determined by the SMB dialect being used.

Default Value:

  • 65536 for dialect 2.002 and lower
  • 8388608 for dialect 2.1 and higher

tcp_tickle

Controls connection recovery with TCP Tickle. Used in conjuction with tcp_tickle_params.

Value Type: boolean

Value Format: true|false

  • true: Enables connection recovery with TCP tickle.
  • false: Disables connection recovery with TCP tickle.

Default Value: false

tcp_tickle_params

Controls the location of the connection recovery database. Used in conjuction with tcp_tickle.

Value Type: string

Value Format: path=<path>

  • <path> is the path to the connection recovery database on the shared storage.

Default Value: none.

Examples:

  • /mnt/shared/cr would store the connection recovery database in the specified directory

transport_rx_threads

Controls the number of threads for receiving data.

Value Type:: integer

Value Format: <threads>
The number of transport threads used for receiving data from clients. 0 indicates that the data from packets will be read in the context of the kernel's io_mux threads.

Default Value: 256

transport_tx_threads

Controls the number of threads for sending data.

Value Type:: integer

Value Format: <threads>
The number of transport threads used for sending data to clients.

Default Value: 256

userdb_file

The path of the file-backed user database. Used in conjuction with userdb_type.

Value Type: string

Value Format: <path>
Where <path> is the path of the file-backed user database file. The file needs to exist before the starting Fusion File Share Server.

danger

The file-backed user database must be properly secured, since it contains password hashes. Some ways of securing it include:

  • Store it in a directory that is not accessible to non-privileged users.
  • Set appropriate permissions on the file to limit access (e.g., chmod 600 <path>).
  • Store it on an encrypted file system.

Example:

  • /etc/tsmb-shadow would configure Fusion File Share Server to use /etc/tsmb-shadow as the file-backed user database file.

userdb_idmap

Controls the POSIX ID mapping method.

Value Type: string

Value Format: <method>[,<method>,...]
Where <method> is one of the following:

  • nss: Specifies that the ID mapping is performed using the system Name Service Switch (NSS), as defined in the /etc/nsswitch.conf file. This is the default method. When using nss, other methods cannot be specified.
  • rfc2307[:<domain>]: Specifies that the ID mapping is performed using the RFC 2307 schema. Optionally, you can specify the <domain> to scope the ID mapping to a specific domain.
  • rid:[<domain>]:<uid_min>[:<uid_max>]: Indicates that the ID mapping is done dynamically based on the RID portion of the user's SID:
    • If <domain> is specified, the ID mapping is scoped to that domain.
    • <uid_min> and <uid_max> define the range of UIDs to use for the mapping. If <uid_max> is not specified, the range extends from <uid_min> to the maximum UID value.
    • <uid_max> is required when multiple trusted domains are specified.

Default Value: nss.

Examples:

  • nss specifies that the ID mapping is done using the system Name Service Switch (NSS).
  • rfc2307:acme.local specifies that the ID mapping is done using the RFC 2307 schema.
  • rid:acme.local:1000:1999,rid:example.com:2000:2999 specifies dynamic ID mapping based on the the RID portion of the user's SID, with the UID range of 1000 to 1999 for the acme.local domain, and 2000 to 2999 for example.com.

userdb_type

The user authentication method to use.

This parameter is required.

Fusion File Share Server will fail to start unless a value is specified.

Value Type: string

Value Format: <type>[,<type>][,<type>]
Where <type> is one of:

  • ad: Use Active Directory. This requires the domain parameter to be configured.
  • aod: Use Apple Open Directory. This requires the domain parameter to be configured.
  • text: Use the file-backed user database. This requires the userdb_file to be configured.
  • ldap: Use LDAP. This requires all the ldap_* parameters to be configured.

Default Value: none

vfs_data_threads

Controls the number of threads in the global pool for VFS data operations.

Potentially Overridden by Share Parameter: vfs_data_threads

Value Type:: integer

Value Format: <threads>
Sets the number of threads for VFS data operations in the global pool (shared across all shares without a dedicated pool). If set to 0, data operations will use the same thread pool as metadata operations, as specified by the vfs_metadata_threads parameter.

Default Value: 1

vfs_metadata_threads

Controls the number of threads in the global pool for VFS metadata operations.

Potentially Overridden by Share Parameter: vfs_metadata_threads

Value Type:: integer

Value Format: <threads>
Determines the number of threads for VFS metadata operations in the global pool (i.e., shared between all shares without a dedicated pool). If set to 0, data operations will share the same thread pool as data operations, as specified in the vfs_data_threads parameter.

Default Value: 1

vfs_zerocopy_write_threshold

Controls the minimal threshold for enabling zero-copy write operations.

Value Type:: integer

Value Format: <bytes>
Sets the threshold for zero-copy writes. Write operations larger than this value will use zero-copy, while writes equal to or smaller than this value will not. Setting this parameter to 0 disables zero-copy writes.

Default Value: 0

vss

Controls whether to enable or disable Volume Shadow Copy Service (VSS) by default.

Overridden by Per-Share Parameter: vss

Value Type: boolean

Value Format: true|false

  • true: Enables VSS on all shares, except for shares for which it was explicitly disabled.
  • false: Disables VSS on all shares, except for shares for which it was explicitly enabled.

Default Value: false

vss_params

Controls the default VSS configuration.

Overridden by Per-Share Parameter: vss_params

Value Type: string

note

The following format applies only when when the default VSS implementation is used. If the underlying file system of the share has a different VSS implementation, use that file system's specific format to configure VSS.

Value Format: path=<path>[,share_root=<share_root>]

  • path=<path> (required): <path> is where the snapshot roots are located. Under this directory, subdirectories are expected named with the following timestamp format: @GMT-YYYY.MM.DD-hh.mm.ss (e.g., @GMT-2019.11.11-12.10.10, @GMT-2024.05.03-22.12.42, etc.). To allow for a consistent naming pattern across all shares, <path> can include the following variables:
    • ${share.netname}: refers to the share's name, as defined in the share's netname parameter.
    • ${share.path.dirname}: refers to the share's path, as defined in the share's path parameter, without the last component (e.g., /path/to for /path/to/share).
    • ${share.path.basename}: refers to the share's path, as defined in the share's path parameter, without the leading path (e.g., share for /path/to/share).
  • share_root=<share_root> (optional): This parameter is used when you have multiple shares on the same volume, and when a snapshot is taken, it's taken for the entire volume. Hence, <share_root> specifies the the directory inside each snapshot subdirectory that contains the files for this particular share at that point of time. If not specified, the share root defaults to the root of the snapshot subdirectory.

Default Value: none.

Examples:

  • path=/mnt/.snapshots/${share.netname},share_root=data, if the share's name is sh1 and its path is /mnt/data, specifies that the snapshot roots are located in the /mnt/.snapshots/sh1 directory, and the share's data for each snapshot is in the /mnt/.snapshots/sh1/@GMT-<timestamp>/data directory.
  • path=${share.path.dirname}/.snapshots,share_root=data, if the share's path is /mnt/data, specifies that the snapshot roots are located in the /mnt/.snapshots directory, and the share's data for each snapshot is in the /mnt/.snapshots/@GMT-<timestamp>/data directory.
  • path=${share.path.dirname}/.snapshots,share_root=${share.path.basename}, if the share's path is /mnt/data/public, specifies that the snapshot roots are located in the /mnt/.snapshots directory, and the share's data for each snapshot is in the /mnt/.snapshots/@GMT-<timestamp>/public directory.

watchdog_interval

Controls the time interval (in seconds) between for the watchdog's keep-alive requests.

Value Type: integer

Value Format: <seconds>
Where <seconds> is the time interval (in seconds) between the watchdog's keep-alive requests. The value must be a positive integer.

Default Value: 10

watchdog_timeout

Controls the timeout for the watchdog's keep-alive requests.

Value Type: integer

Value Format: <seconds>
Where <seconds> is the amount of time (in seconds) to wait for a keep-alive response. The value must be a positive integer, of a reasonably high value, otherwise, under heavy load some services might be temporarly unresponsive. For example, if a lot of users (e.g. 1000) are trying to authenticate at the same time, then authentication service can take some time to process each authentication request. If the keep-alive timeout is kept very small, then authentication service will fail to respond to a watchdog keep-alive request within the timeout, thus terminating the service. Usually, there's no need to change this value from the default.

Default Value: 200