I'm not sure if my contribution will help as my network is almost exclusively macOS and until the most recent DSM7 update everything worked flawlessly as my SMB configurations were carefully tuned and honed to perfection. I have also helped many other macOS / Synology users to fully realise the capability within DSM and macOS.
But I have been shaken from my nirvana by inexplicable NetBIOS issues, even though my tuned macOS SMB config and DSM settings should preclude anything to do with SMB 1 or NetBIOS in any way.
My symptoms included an unexpected amount of network traffic, including over wifi APs, to clients that have no shares mounted, on an almost continuous basis. Not good at all for wired network performance and a kicking for wifi. Unhelpfully, macOS lists this inbound traffic under
kernel_task, so no clues to its actual purpose or source.
The Wireshark screenshot below show the magnitude of the issue. My primary NAS (Rivendell) is continually broadcasting NetBIOS Session Service packets at clients (MacBook Pro over wifi in this example). They are full-fat NetBIOS packets (1514 bytes) at a machine-gun rate:
My NAS is configured for SMB 2&3 only and is not set as local master:
I have macOS configured with a nsmb.conf file and it specifically prohibits SMB1 and NetBIOS:
Code:
Last login: Tue Aug 9 23:48:59 on ttys000
rob@MBP-Rob ~ % cat /etc/nsmb.conf
[default]
# Disable signing, this became default in later macOS versions
signing_required=no
# Lock negotiation to SMB2/3 only
# 7 == 0111 SMB 1/2/3 should be enabled
# 6 == 0110 SMB 2/3 should be enabled
# 4 == 0100 SMB 3 should be enabled
protocol_vers_map=6
# No SMB1 = no NetBIOS (WINS) and it should be disabled
port445=no_netbios
# Prefer wired networks over Wi-Fi networks that may advertise faster speeds than appropriate
mc_prefer_wired=yes
# Remember, after editing and saving with VI, to log out of macOS account and log back in again for the new settings to load
rob@MBP-Rob ~ %
Only SMB2 and SMB3 enabled on macOS shares:
Code:
rob@MBP-Rob ~ % smbutil statshares -a
==================================================================================================
SHARE ATTRIBUTE TYPE VALUE
==================================================================================================
--------------------------------------------------------------------------------------------------
Time Machine Storage
SERVER_NAME Rivendell._smb._tcp.local
USER_ID 501
SMB_NEGOTIATE SMBV_NEG_SMB2_ENABLED
SMB_NEGOTIATE SMBV_NEG_SMB3_ENABLED
SMB_VERSION SMB_3.1.1
SMB_ENCRYPT_ALGORITHMS AES_128_CCM_ENABLED
SMB_ENCRYPT_ALGORITHMS AES_128_GCM_ENABLED
SMB_ENCRYPT_ALGORITHMS AES_256_CCM_ENABLED
SMB_ENCRYPT_ALGORITHMS AES_256_GCM_ENABLED
SMB_CURR_ENCRYPT_ALGORITHM OFF
SMB_SHARE_TYPE DISK
SIGNING_SUPPORTED TRUE
EXTENDED_SECURITY_SUPPORTED TRUE
UNIX_SUPPORT TRUE
LARGE_FILE_SUPPORTED TRUE
OS_X_SERVER TRUE
FILE_IDS_SUPPORTED TRUE
DFS_SUPPORTED TRUE
FILE_LEASING_SUPPORTED TRUE
MULTI_CREDIT_SUPPORTED TRUE
--------------------------------------------------------------------------------------------------
Documents
SERVER_NAME Rivendell._smb._tcp.local
USER_ID 501
SMB_NEGOTIATE SMBV_NEG_SMB2_ENABLED
SMB_NEGOTIATE SMBV_NEG_SMB3_ENABLED
SMB_VERSION SMB_3.1.1
SMB_ENCRYPT_ALGORITHMS AES_128_CCM_ENABLED
SMB_ENCRYPT_ALGORITHMS AES_128_GCM_ENABLED
SMB_ENCRYPT_ALGORITHMS AES_256_CCM_ENABLED
SMB_ENCRYPT_ALGORITHMS AES_256_GCM_ENABLED
SMB_CURR_ENCRYPT_ALGORITHM OFF
SMB_SHARE_TYPE DISK
SIGNING_SUPPORTED TRUE
EXTENDED_SECURITY_SUPPORTED TRUE
UNIX_SUPPORT TRUE
LARGE_FILE_SUPPORTED TRUE
OS_X_SERVER TRUE
FILE_IDS_SUPPORTED TRUE
DFS_SUPPORTED TRUE
FILE_LEASING_SUPPORTED TRUE
MULTI_CREDIT_SUPPORTED TRUE
--------------------------------------------------------------------------------------------------
Something has changed in the DSM7 network stack and it isn't pretty.
I am currently experimenting with killing DSM services (synosamba) and have gained control of almost all the recent DSM NetBIOS madness but with some impact to macOS smbutil. NetBIOS is old and rubbish so I have no idea why DSM wants to play this way but this recent errata may help explain your issues.
Thoughts from the knowledgable?
️
