Skip to content

Instantly share code, notes, and snippets.

@ppdac ppdac/NSMB.CONF(5)

Last active Oct 29, 2019
Embed
What would you like to do?
The manpage for masOS 10.15
NSMB.CONF(5) BSD File Formats Manual NSMB.CONF(5)
NAME
nsmb.conf -- configuration file for SMB requests
DESCRIPTION
The nsmb.conf file contains information about the computers and shares or mount points for the SMB network protocol.
The configuration hierarchy is made up of several sections, each section containing a few or several lines of parameters and their assigned values.
Each of these sections must begin with a section name enclosed within square brackets, similar to:
[section_name]
The end of each section is marked by either the start of a new section, or by the abrupt ending of the file, commonly referred to as the EOF. Each
section may contain zero or more parameters such as:
[section_name]
key=value
where key represents a parameter name, and value would be the parameter's assigned value.
The SMB library uses the following information for section names:
A) [default]
B) [SERVER]
C) [SERVER:SHARE]
Possible keywords may include:
Keyword Section Default Comment
A B C Values
addr - + - DNS name or IP address of server
nbtimeout + + - 1s Timeout for resolving a NetBIOS name
minauth + + - NTLMv2 Minimum authentication level allowed
port445 + + - both How to use SMB TCP/UDP ports
streams + + + yes Use NTFS Streams if server supported
soft + + + Make the mount soft
notify_off + + + no Turn off using notifications
kloglevel + - - 0 Turn on smb kernel logging
protocol_vers_map + - - 7 Bitmap of SMB Versions that are enabled
signing_required + - - no Turn on smb client signing
signing_req_vers + - - 6 Bitmap of SMB Versions that have signing required
validate_neg_off + - - no Turn off using validate negotiate
max_resp_timeout + + - 30s Max time to wait for any response from server
submounts_off + + + no Turn off using submounts
dir_cache_async_cnt + + - 10 Max async queries to fill dir cache
dir_cache_max + + - 60s Max time to cache for a dir
dir_cache_min + + - 30s Min time to cache for a dir
The minimum authentication level can be one of:
kerberos Kerberos - NTLMv2, NTLM, LM, and plain-text password authentication are not attempted.
ntlmv2 NTLMv2 - Kerberos authentication is attempted if a Kerberos token can be obtained, otherwise NTLMv2 authentication is attempted; if the
server doesn't support encrypted passwords, the authentication fails.
ntlm NTLM - Kerberos authentication is attempted if a Kerberos token can be obtained, otherwise NTLMv2 authentication is attempted and, if that
fails, NTLMv1 authentication is attempted, with zeroes in the LM hash; if the server doesn't support encrypted passwords, the authentication
fails.
lm LM - Kerberos authentication is attempted if a Kerberos token can be obtained, otherwise NTLMv2 authentication is attempted and, if that
fails, NTLMv1 authentication is attempted, including the LM hash; if the server doesn't support encrypted passwords, the authentication
fails.
none none - The same as lm except that, if the server doesn't support encrypted passwords, plain-text passwords are used. Required for servers
that don't support extended security.
(Note: "NetBIOS" as used below means "NetBIOS over TCP/IP.")
"How to use SMB TCP/UDP ports" can be one of:
both Attempt to connect via port 445. If that is unsuccessful, try to connect via NetBIOS.
netbios_only Do not attempt to connect via port 445.
no_netbios Attempt to connect via port 445. If that is unsuccessful, do not try to connect via NetBIOS.
"Bitmap of SMB Versions that are enabled" can be one of:
7 == 0111
SMB 1/2/3 should be enabled
6 == 0110
SMB 2/3 should be enabled
4 == 0100
SMB 3 should be enabled
"Bitmap of SMB Versions that have signing required" can be one of:
7 Signing required for SMB 1/2/3.
6 Signing required for SMB 2/3.
4 Signing required for SMB 3.
FILES
/etc/nsmb.conf The global configuration file.
~/Library/Preferences/nsmb.conf
The user's configuration file, conflicts will be overwritten by the global file.
EXAMPLES
What follows is a sample configuration file which may, or may not match your environment:
# Configuration file for example.com
[default]
minauth=ntlmv2
streams=yes
soft=yes
notify_off=yes
[WINXP]
addr=windowsXP.apple.com
All lines which begin with the `#' character are comments and will not be parsed. The ``default'' section specifies that only Kerberos and NTLMv2
authentication should be attempted; NTLM authentication should not be attempted if NTLMv2 authentication fails, and plain-text authentication should
not be attempted if the server doesn't support encrypted passwords.
SEE ALSO
smbutil(1), mount_smbfs(8)
AUTHORS
This manual page was originally written by Sergey Osokin <osa@FreeBSD.org> and Tom Rhodes <trhodes@FreeBSD.org>.
BSD June 30, 2003 BSD
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.