Hi everyone,
I’m working on a setup with TrueNAS Scale 25.04 and macOS 15.4 clients, aiming to share files using both Syncthing and SAMBA while preserving macOS Finder tags (stored as extended attributes). My goal is for files written either locally on macOS or to an SMB share on TrueNAS to retain their tags seamlessly across both methods. Here’s where I’m at and the issue I’ve hit—hoping for some insights or solutions
TLDR: I may have SAMBA vfs fruit objects misconfigured, as my macOS file’s alternate data streams are being stored as user.DosStream.* attributes, which I think is only for NTFS-style streams, not for macOS metadata.
Setup Details
TrueNAS ZFS Configuration
I’ve confirmed that my ZFS dataset supports extended attributes:
sudo zfs get xattr data-sb/spaces/household
NAME PROPERTY VALUE SOURCE
data-sb/spaces/household xattr on local
Syncthing Configuration
Syncthing is set up on TrueNAS and two macOS machines with extended attribute support enabled:
- Sync Extended Attributes: Enabled
- Maximum single entry size: 2097152
- Maximum total size: 10485760
The Syncthing app is run as apps:apps, for which ACL is set for Full Control
SAMBA Configuration
I’ve manually configured SAMBA (not using presets like “Multi-protocol (NFSv4/SMB) shares”). Here’s the output from testparm -s:
Load smb config files from /etc/smb4.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)
Server role: ROLE_STANDALONE
# Global parameters
[global]
bind interfaces only = Yes
disable spoolss = Yes
dns proxy = No
load printers = No
logging = file
max log size = 5120
obey pam restrictions = Yes
passdb backend = tdbsam:/var/run/samba-cache/private/passdb.tdb
printcap name = /dev/null
registry shares = Yes
restrict anonymous = 2
server multi channel support = No
server string = TrueNAS Server
winbind request timeout = 2
zfs_core:zfs_block_cloning = False
zfs_core:zfs_integrity_streams = False
idmap config * : range = 90000001 - 100000000
rpc_server:mdssvc = disabled
rpc_daemon:mdssd = disabled
fruit:zero_file_id = False
fruit:nfs_aces = False
idmap config * : backend = tdb
create mask = 0664
directory mask = 0775
[homes]
browseable = No
path = /mnt/data-sb/home/%U
posix locking = No
read only = No
smbd max xattr size = 2097152
vfs objects = fruit streams_xattr ixnas zfs_core io_uring
zfs_core:zfs_auto_create = true
fruit:resource = stream
fruit:metadata = stream
[household]
mangled names = no
path = /mnt/data-sb/spaces/household
posix locking = No
read only = No
smbd max xattr size = 2097152
vfs objects = catia fruit streams_xattr ixnas zfs_core io_uring
fruit:encoding = native
fruit:resource = stream
fruit:metadata = stream
Testing Results
Syncthing Sharing macOS Tagged Files
When files are written locally on macOS and synced via Syncthing, everything works perfectly:
- Write a tagged file locally on workstation A.
- Syncthing on workstation A syncs it to TrueNAS.
- Syncthing on workstation B syncs it from TrueNAS.
- On workstation B, tags are intact (verified with
xattr -l).
Syncthing API on workstation B shows the extended attributes under the “Darwin” platform section, e.g.:
"Darwin": {
"Xattrs": [
{
"Name": "com.apple.metadata:_kMDItemUserTags",
"Value": "YnBsaXN0MDChAVxzdGF0ZS90ZXN0CjAICgAAAAAAAAEBAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAX"
}
]
}
SAMBA Sharing macOS Tagged Files
SAMBA also handles tags well (only) when accessed via SMB:
- Write a tagged file to the SMB share from workstation A.
- Read it from the SMB share on workstation B, and tags are visible.
On TrueNAS, getfattr shows attributes like:
user.DOSATTRIB
user.DosStream.com.apple.metadata:_kMDItemUserTags:$DATA
The Problem
The issue arises when files written via SMB are synced by Syncthing:
- Write a tagged file to the SMB share from workstation A.
- TrueNAS Syncthing syncs it to workstation B.
- On workstation B, macOS doesn’t recognize the tags unless accessed via SMB.
Looking at the Syncthing API for an SMB-written file, the extended attributes appear under “Linux”, not “Darwin”… with a prefixed key “user.DosStream.”:
"Linux": {
"Xattrs": [
{
"Name": "user.DosStream.com.apple.metadata:_kMDItemUserTags:$DATA",
"Value": "YnBsaXN0MDChAVxzdGF0ZS90ZXN0CjAICgAAAAAAAAEBAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAXAA=="
}
]
},
"Darwin": {
"Xattrs": [
{
"Name": "com.apple.provenance",
"Value": "AQIARU+dR7n6I4k="
}
]
}
When Syncthing syncs these files to macOS, the tags aren’t displayed because macOS expects attributes like com.apple.metadata:_kMDItemUserTags, not user.DosStream.com.apple.metadata:_kMDItemUserTags:$DATA. However, when accessed via SMB, SAMBA translates these back to the macOS format, and tags work fine.
Analysis
It seems SAMBA stores macOS extended attributes as alternate data streams (e.g., user.DosStream.*), which Syncthing syncs as Linux extended attributes. macOS, expecting native Darwin attributes, can’t interpret them without SMB’s translation. Conversely, files written locally on macOS have native attributes that Syncthing syncs correctly under “Darwin.”
With the correct SAMBA vfs fruit config, I’m pretty sure extended attributes should be stored and synced in a way that both SAMBA and Syncthing handle consistently for macOS clients.
Any insights as to what I might be doing wrong?
Has anyone successfully unified macOS Finder tags across SAMBA and Syncthing on TrueNAS?
Thanks in advance