| Skip Navigation Links | |
| Exit Print View | |
|
Managing SMB File Sharing and Windows Interoperability in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Managing SMB File Sharing and Windows Interoperability in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
1. Sharing Files Between Windows and Oracle Solaris Systems
2. Setting Up Identity Mapping Between Windows and Oracle Solaris Systems
3. Setting Up a Oracle Solaris SMB Server to Manage and Share Files
How to Disable the Samba Service
Configuring the SMB Server Operation Mode (Task Map)
How to Configure the SMB Server in Domain Mode
How to Configure the SMB Server in Workgroup Mode
Managing SMB Shares in This Release
Managing SMB Shares (Task Map)
How to Enable Cross-Protocol Locking
How to Create an SMB Share (zfs)
How to Enable Guest Access to an SMB Share
How to Enable Access-Based Enumeration for a Share
How to Modify SMB Share Properties (zfs)
How to Remove an SMB Share (zfs)
How to Create a Specific Autohome Share Rule
How to Restrict Client Host Access to an SMB Share (zfs)
Managing SMB Groups (Task Map)
How to Add a Member to an SMB Group
Enabling CATIA V4/V5 Character Translations
How to the Enable CATIA Interoperability Feature
Configuring SMB Printing (Task Map)
How to Enable the SMB Print Service
Troubleshooting the SMB Service
Checking the DNS Configuration
Ensuring That Kerberos Is Correctly Configured
Ensuring That You Specify the Correct Password for Your Domain User
Ensuring the Firewall Software Does Not Filter Out Required Ports
Viewing Oracle Solaris SMB Service Property Settings
Excluding IP Addresses From WINS Name Resolution
Changes to Windows Group Membership and to User Mapping Do Not Take Effect
Cannot Set Share Security, All Shares Inherit the Security of the Directory Object
Older Versions of Windows Cannot Copy Files Larger Than Four Gbytes
Cannot See the Security Tab From Windows Clients
Microsoft Access or SQL Server Sessions Time Out After a Period of Inactivity
Cannot Add Windows Local Groups to Access Control List
SMB Browsing Fails When share.smb=on Is Set on a ZFS Pool
Samba or SMB Service Cannot Bind Various Ports
SMB Shares on a ZFS File System are Inaccessible After a Reboot
Invalid Password Errors Appear When Mapping a Drive or Browsing Computers in the Workgroup
Access Control List Inheritance Issues
Missing Security Tab on Windows XP Clients
This section describes how to manage SMB groups and privileges for the SMB server.
Note - SMB groups apply only to users that are connected through SMB.
For information about SMB groups and local users, see Local SMB Groups.
The following table points to the tasks that you can use to manage SMB groups through the SMB server.
|
You use the smbadm(1M) command to manage SMB groups on the system that runs the SMB server.
In order to provide proper identity mapping between SMB groups and Oracle Solaris groups, an SMB group must have a corresponding Oracle Solaris group. This requirement has two consequences. First, the group name must conform to the intersection of the Windows and Oracle Solaris group name rules. Thus, an SMB group name can be up to eight (8) characters long and contain only lowercase characters and numbers. Second, an Oracle Solaris group has to be created before an SMB group can be created. The Oracle Solaris group is created by using the groupadd command. See the groupadd(1M) man page.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
You might choose a name that reflects a common set of tasks that the group can perform or the organization to which the group members belong.
# smbadm create-group [-d description] group-name
The -d option is used to specify a textual description of the SMB group.
For example, to create a group called wsales, type:
# smbadm create-group -d "Sales Force for the Western Region" wsales
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# smbadm add-member -m member-name [[-m member-name] ...] group-name
member-name can be specified as [domain-name\]username or [domain-name/]username. The domain name is the domain in which the user can be authenticated. By default, the domain name is the name of the domain that you joined.
The backslash (\) is a shell special character and must be quoted. For instance, escape the backslash with another backslash: domain\\username. For more information about handling shell special characters, see the man page for your shell.
For example, to add user terry of the sales domain to the wsales group, type:
# smbadm add-member -m sales\\terry wsales
To add a local user to an SMB group, specify the Oracle Solaris host name rather than the domain name. For example, to add local user terry of the solarsystem host to the wsales group, type:
# smbadm add-member -m solarsystem\\terry wsales
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# smbadm remove-member -m member-name [[-m member-name] ...] group-name
member-name can be specified as [domain-name\]username or [domain-name/]username. The domain name is the domain in which the user can be authenticated. By default, the domain name is the name of the domain that you joined.
The backslash (\) is a shell special character and must be quoted. For instance, escape the backslash with another backslash: domain\\username. For more information about handling shell special characters, see the man page for your shell.
For example, to remove user terry of the sales domain from the wsales group, type:
# smbadm remove-member -m sales\\terry wsales
To remove a local user from an SMB group, specify the Oracle Solaris host name rather than the domain name. For example, to remove local user terry of the solarsystem host from the wsales group, type:
# smbadm remove-member -m solarsystem\\terry wsales
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# smbadm set-group -p property=value [[-p property=value] ...] group-name
You can specify one or more property-value pairs on the command line. Each property-value pair must be preceded by the -p option. Valid values for privileges are on or off. The value of the description property is an arbitrary text string.
For example, to grant the backup privilege and to modify the description of the wsales group, type:
# smbadm set-group -p backup=on \ -p description="Sales force for the Western region" wsales
|