This guide covers the deployment of a high-performance Samba server on Manjaro (Arch-based) using apparmor, optimized for 10Gbps networking and high-core-count CPUs like AMD Epyc.
First, install the necessary packages and create the system user and shared directory.
# Install Samba and utilities
sudo pacman -S samba cifs-utils ethtool
# Create the share directory
sudo mkdir -p /mnt/smb-share
sudo chown -R $USER:$USER /mnt/smb-share
sudo chmod -R 775 /mnt/smb-share
# Add your user to the Samba database (use a separate password or the same as your login)
sudo smbpasswd -a your_username
Edit /etc/samba/smb.conf. This configuration includes optimizations for Multi-Channel, 10Gbps throughput, and symlink support.
[global]
workgroup = WORKGROUP
server string = Manjaro Samba Server
server role = standalone server
map to guest = Bad User
min protocol = SMB2
max protocol = SMB3_11
#log file = /var/log/samba/log.%m
#max log size = 50
# Symlink/Wide Link Support
unix extensions = no
follow symlinks = yes
wide links = yes
# 10Gbps & Multi-channel Optimizations
server multi channel support = yes
interfaces = "192.168.0.100;capability=RSS,speed=10000000000"
bind interfaces only = yes
# High-Performance I/O Throughput Tuning
max xmit = 131072
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
aio read size = 1
aio write size = 1
# Latency/Stutter Fixes
strict locking = no
strict sync = no
read raw = yes
write raw = yes
oplocks = yes
getwd cache = yes
vfs objects = fruit streams_xattr
[Storage]
path = /mnt/smb-share
writable = yes
guest ok = no
#Can be helpful:
force user = your_username
force group = your_username
create mask = 0666
directory mask = 0777
If your share is on a separate mount point or involves symlinks, AppArmor will block access by default.
sudo nano /etc/apparmor.d/local/usr.sbin.smbd
2. **Add the following lines** (adjust paths to your actual mount point):
```text
/mnt/smb-share/ r,
/mnt/smb-share/** rwk,
sudo systemctl reload apparmor
---
## 4. Hardware Optimization (NIC Ring Buffers)
Increasing ring buffers prevents packet loss during high-speed bursts.
### Create the Optimization Service
```bash
sudo nano /etc/systemd/system/nic-optimization.service
Paste the following, commenting/uncommenting the ExecStart based on your hardware. Use ethtool -g <interface> to find your "Pre-set maximums."
[Unit]
Description=Optimize Network Interface Ring Buffers
After=network.target
[Service]
Type=oneshot
# --- BROADCOM (Example: 2047) ---
ExecStart=/usr/bin/ethtool -G eno1np0 rx 2047 tx 2047
# --- INTEL (Example: 4096) ---
# ExecStart=/usr/bin/ethtool -G eth0 rx 4096 tx 4096
# Increase transmit queue for 10G
ExecStartPost=/usr/bin/ip link set eno1np0 txqueuelen 10000
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Enable and Start:
sudo systemctl daemon-reload
sudo systemctl enable --now nic-optimization.service
Optimize the Linux network stack for 10Gbps buffers.
Create /etc/sysctl.d/10-samba-performance.conf:
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.rmem_default = 33554432
net.core.wmem_default = 33554432
net.ipv4.tcp_rmem = 4096 87380 33554432
net.ipv4.tcp_wmem = 4096 65536 33554432
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
net.core.netdev_max_backlog = 10000
Apply with: sudo sysctl --system
To mount this share on another Linux system (like Mint or Ubuntu) with optimized settings:
~/.smbcreds:
username=your_username
password=your_samba_password
`chmod 600 ~/.smbcreds`
2. **Add to `/etc/fstab**`:
```text
//192.168.0.100/Storage /media/share cifs credentials=/home/user/.smbcreds,iocharset=utf8,vers=3.1.1,multichannel,uid=1000,gid=1000,x-systemd.automount 0 0
(Note: If the client hangs, remove multichannel from the fstab options.)
Always restart Samba after config changes:
sudo systemctl restart smb nmb
Check Status:
sudo smbstatus (Shows active connections and protocol versions)ethtool -g eno1np0 (Verifies ring buffers are maxed)Would you like me to add a section on how to automate these steps with a Bash script for even faster deployment?