home-assistant · iamGavinJ · Mar 2, 2026 · Mar 2, 2026 · Mar 2, 2026 · agners
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,11 @@
+# macOS
+._*
+.DS_Store
+.AppleDouble
+
+.Spotlight-V100
+.Trashes
+.fseventsd
+
+.AppleDB
+.AppleDesktop
diff --git a/samba/CHANGELOG.md b/samba/CHANGELOG.md
@@ -1,5 +1,15 @@
 # Changelog
 
+## 12.6.1
+
+- Add `mdnsd` for macOS discoverability
+- Rename `smb.conf` Go template for disambiguation with new templates
+- Add config option, and `nmbd` startup logic, to disable NetBIOS
+- Add config options, and startup logic, to override default ports (445/139)
+- Colocate mapped mounts to a `/smbshare` prefix to avoid potential confusion
+- Update `config.yaml` `map:` to new object syntax
+- Refactor `smb.conf` to use Go template iterators
+
 ## 12.6.0
 
 - Do initial healthcheck after 3s to speedup startup

diff --git a/samba/Dockerfile b/samba/Dockerfile
@@ -6,8 +6,11 @@ ENV LANG C.UTF-8
 
 # Setup base
 RUN \
-    apk add --no-cache samba \
-    && mkdir -p /var/lib/samba \
+    echo '@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing' >> \
+        /etc/apk/repositories && \
+    apk add --no-cache samba mdnsd@testing=0.12-r1 \
+    && rm -f /etc/mdns.d/* \
+    && mkdir -p /var/lib/samba /smbshare \
     && touch \
         /etc/samba/lmhosts \
         /var/lib/samba/account_policy.tdb \

diff --git a/samba/config.yaml b/samba/config.yaml
@@ -1,5 +1,5 @@
 ---
-version: 12.6.0
+version: 12.6.1
 slug: samba
 name: Samba share
 description: Expose Home Assistant folders with SMB/CIFS
@@ -12,18 +12,31 @@ host_network: true
 image: homeassistant/{arch}-addon-samba
 init: false
 map:
-  - addons:rw
-  - all_addon_configs:rw
-  - backup:rw
-  - homeassistant_config:rw
-  - media:rw
-  - share:rw
-  - ssl:rw
+  - type: addons
+    read_only: false
+    path: "/smbshare/addons"
+  - type: all_addon_configs
+    read_only: false
+    path: "/smbshare/addon_configs"
+  - type: backup
+    read_only: false
+    path: "/smbshare/backup"
+  - type: homeassistant_config
+    read_only: false
+    path: "/smbshare/homeassistant"
+  - type: media
+    read_only: false
+    path: "/smbshare/media"
+  - type: share
+    read_only: false
+    path: "/smbshare/share"
+  - type: ssl
+    read_only: false
+    path: "/smbshare/ssl"
 options:
   username: homeassistant
   password: null
   workgroup: WORKGROUP
-  local_master: true
   enabled_shares:
     - addons
     - addon_configs
@@ -32,9 +45,11 @@ options:
     - media
     - share
     - ssl
+  local_master: true
   compatibility_mode: false
   apple_compatibility_mode: true
   server_signing: "default"
+  netbios: true
   veto_files:
     - ._*
     - .DS_Store
@@ -52,14 +67,21 @@ schema:
   username: str
   password: password
   workgroup: str
-  local_master: bool
   enabled_shares:
     - "match(^(?i:(addons|addon_configs|backup|config|media|share|ssl))$)"
+  local_master: bool
   compatibility_mode: bool
   apple_compatibility_mode: bool
   server_signing: list(default|auto|mandatory|disabled)
+  netbios: bool
   veto_files:
     - str
   allow_hosts:
     - str
 startup: services
+ports:
+  445/tcp: null
+  139/tcp: null
+ports_description:
+  445/tcp: SMB over IP
+  139/tcp: SMB over NetBIOS
diff --git a/samba/rootfs/etc/s6-overlay/s6-rc.d/init-smbd/run b/samba/rootfs/etc/s6-overlay/s6-rc.d/init-smbd/run
@@ -38,11 +38,17 @@ bashio::log.info "Interfaces: $(printf '%s ' "${interfaces[@]}")"
 
 # Generate Samba configuration.
 jq ".interfaces = $(jq -c -n '$ARGS.positional' --args -- "${interfaces[@]}") |
-    .enabled_shares.[] |= ascii_downcase" /data/options.json \
+    .enabled_shares.[] |= ascii_downcase |
+    .ports = $(bashio::addon.network)" /data/options.json \
     | tempio \
-      -template /usr/share/tempio/smb.gtpl \
+      -template /usr/share/tempio/smb.conf.gtpl \
       -out /etc/samba/smb.conf
 
+tempio \
+    -conf /data/options.json \
+    -template /usr/share/tempio/smb.conf.inc.gtpl \
+    -out /etc/samba/smb.conf.inc
+
 # Init user
 username=$(bashio::config 'username')
 password=$(bashio::config 'password')

diff --git a/samba/rootfs/etc/s6-overlay/s6-rc.d/mdnsd/dependencies.d/smbd b/samba/rootfs/etc/s6-overlay/s6-rc.d/mdnsd/dependencies.d/smbd
diff --git a/samba/rootfs/etc/s6-overlay/s6-rc.d/mdnsd/run b/samba/rootfs/etc/s6-overlay/s6-rc.d/mdnsd/run
@@ -0,0 +1,40 @@
+#!/command/with-contenv bashio
+# vim: ft=bash
+# shellcheck shell=bash
+
+
+if bashio::var.true "$(bashio::addon.host_network)"; then
+    bashio::log.info "Host network detected. Configuring mDNS"
+
+    # Read hostname from API or setting default "hassio"
+    HOSTNAME=$(bashio::info.hostname)
+    if bashio::var.is_empty "${HOSTNAME}"; then
+        bashio::log.warning "Can't read hostname, using default."
+        HOSTNAME="hassio"
+    fi
+
+    declare -r smbfile="/etc/mdns.d/smb.service"
+    declare -r adiskfile="/etc/mdns.d/adisk.service"
+    declare -r _TMP="$(mktemp -d -t mdnsd.XXXXXX)"
+    rm -f -v "${smbfile}" "${adiskfile}"
+
+    # Generate JSON configuration for tempio
+    jq -c "
+        .ports = $(bashio::addon.network) 
+        | .sambaversion = \"$(smbstatus --version | cut -d '[ \t]+' -F 2)\"
+        " /data/options.json > "${_TMP}/options.json"
+
+    # Generate _smb._tcp service advertisement
+    tempio \
+    -conf "${_TMP}/options.json" \
+    -template /usr/share/tempio/smb.service.gtpl \
+    -out ${smbfile}
+
+    # Generate _adisk._tcp service advertisement
+    tempio \
+    -conf "${_TMP}/options.json" \
+    -template /usr/share/tempio/adisk.service.gtpl \
+    -out ${adiskfile}
+
+    builtin exec $(which mdnsd) -n -i $(bashio::network.name)
+fi
diff --git a/samba/rootfs/etc/s6-overlay/s6-rc.d/mdnsd/type b/samba/rootfs/etc/s6-overlay/s6-rc.d/mdnsd/type
@@ -0,0 +1 @@
+longrun
diff --git a/samba/rootfs/etc/s6-overlay/s6-rc.d/mdnsd/up b/samba/rootfs/etc/s6-overlay/s6-rc.d/mdnsd/up
@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/discovery/run
diff --git a/samba/rootfs/etc/s6-overlay/s6-rc.d/nmbd/run b/samba/rootfs/etc/s6-overlay/s6-rc.d/nmbd/run
@@ -4,7 +4,12 @@
 # ==============================================================================
 # Start nmbd service
 # ==============================================================================
-exec nmbd \
+
+if ! bashio::config.true 'netbios'; then
+    builtin exec sleep infinity
+fi
+
+builtin exec nmbd \
   --foreground \
   --debug-stdout \
   --no-process-group
diff --git a/samba/rootfs/etc/s6-overlay/s6-rc.d/smbd/run b/samba/rootfs/etc/s6-overlay/s6-rc.d/smbd/run
@@ -4,7 +4,7 @@
 # ==============================================================================
 # Start smbd service
 # ==============================================================================
-exec smbd \
+builtin exec smbd \
   --foreground \
   --debug-stdout \
   --no-process-group
diff --git a/samba/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/mdnsd b/samba/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/mdnsd
diff --git a/samba/rootfs/usr/share/tempio/adisk.service.gtpl b/samba/rootfs/usr/share/tempio/adisk.service.gtpl
@@ -0,0 +1,10 @@
+# /etc/mdns.d/adisk.service -- mDNS-SD _adisk._tcp for macOS Finder
+# macOS uses _adisk._tcp TXT records to discover SMB shares and honours
+# the port from the companion _smb._tcp SRV record.
+name {{ env "HOSTNAME" }}
+type _adisk._tcp
+port 9
+txt sys=adVF=0x100
+{{ range $i, $share := .enabled_shares -}}
+txt dk{{ $i }}=adVN={{ $share }},adVF=0x80
+{{ end -}}
diff --git a/samba/rootfs/usr/share/tempio/smb.conf.gtpl b/samba/rootfs/usr/share/tempio/smb.conf.gtpl
@@ -0,0 +1,56 @@
+[global]
+   netbios name = {{ env "HOSTNAME" }}
+   dns hostname = {{ env "HOSTNAME" }}.local
+   additional dns hostnames = {{ env "HOSTNAME" }}._smb._tcp.local
+   workgroup = {{ .workgroup }}
+   server string = Samba Home Assistant
+   local master = {{ .local_master | ternary "yes" "no" }}
+   preferred master = {{ .local_master | ternary "yes" "auto" }}
+   server role = standalone
+   {{ $smb_port := default 445 (index .ports "445/tcp") -}}
+   {{ $nbt_port := default 139 (index .ports "139/tcp") -}}
+   smb ports = {{ cat $smb_port (ternary $nbt_port nil .netbios) }}
+
+   security = user
+   idmap config * : backend = tdb
+   idmap config * : range = 1000000-2000000
+
+   load printers = no
+   disable spoolss = yes
+   {{ if .netbios -}}
+   server services = smb nbt
+   {{ else -}}
+   disable netbios = yes
+   server services = smb
+   {{ end -}}
+   dns proxy = no
+
+   log level = 1
+
+   bind interfaces only = yes
+   interfaces = lo {{ .interfaces | join " " }}
+   hosts allow = 127.0.0.1 {{ .allow_hosts | join " " }}
+
+   {{ if .compatibility_mode -}}
+   client min protocol = NT1
+   server min protocol = NT1
+   lanman auth = yes
+   ntlm auth = yes
+   {{ end -}}
+
+   mangled names = no
+   dos charset = CP850
+   unix charset = UTF-8
+
+   {{ if .apple_compatibility_mode -}}
+   vfs objects = catia fruit streams_xattr
+   {{ end -}}
+
+   server signing = {{ .server_signing }}
+   allow dns updates = disabled
+
+{{ range $i, $share := .enabled_shares -}}
+[{{ $share }}]
+   path = /smbshare/{{ ternary "homeassistant" $share ( eq $share "config" ) }}
+   include = /etc/samba/smb.conf.inc
+{{ end -}}
diff --git a/samba/rootfs/usr/share/tempio/smb.conf.inc.gtpl b/samba/rootfs/usr/share/tempio/smb.conf.inc.gtpl
@@ -0,0 +1,8 @@
+   browseable = yes
+   writeable = yes
+
+   valid users = {{ .username }}
+   force user = root
+   force group = root
+   veto files = /{{ .veto_files | join "/" }}/
+   delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}