JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Managing SMB File Sharing and Windows Interoperability in Oracle Solaris 11.1     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Sharing Files Between Windows and Oracle Solaris Systems

2.  Setting Up Identity Mapping Between Windows and Oracle Solaris Systems

3.  Setting Up a Oracle Solaris SMB Server to Manage and Share Files

Disabling the Samba Service

How to Disable the Samba Service

Configuring the SMB Server Operation Mode (Task Map)

How to Configure the SMB Server in Domain Mode

How to Configure the SMB Server in Workgroup Mode

Managing SMB Shares

Managing SMB Shares in This Release

Managing SMB Shares (Task Map)

How to Enable Cross-Protocol Locking

How to Create an SMB Share (zfs)

How to Enable Guest Access to an SMB Share

How to Enable Access-Based Enumeration for a Share

How to Modify SMB Share Properties (zfs)

How to Remove an SMB Share (zfs)

How to Create a Specific Autohome Share Rule

How to Restrict Client Host Access to an SMB Share (zfs)

Managing SMB Groups (Task Map)

How to Create an SMB Group

How to Add a Member to an SMB Group

How to Remove a Member From an SMB Group

How to Modify SMB Group Properties

Configuring the WINS Service

How to Configure WINS

Enabling CATIA V4/V5 Character Translations

How to the Enable CATIA Interoperability Feature

Configuring SMB Printing (Task Map)

How to Enable the SMB Print Service

Troubleshooting the SMB Service

Cannot Join a Windows Domain

Checking the DNS Configuration

Ensuring That Kerberos Is Correctly Configured

Ensuring That You Specify the Correct Password for Your Domain User

Ensuring the Firewall Software Does Not Filter Out Required Ports

Viewing Oracle Solaris SMB Service Property Settings

Excluding IP Addresses From WINS Name Resolution

Changes to Windows Group Membership and to User Mapping Do Not Take Effect

Windows Clients Cannot Connect by NetBIOS Name or Are Missing From Browse List or Network Neighborhood

Cannot Set Share Security, All Shares Inherit the Security of the Directory Object

Older Versions of Windows Cannot Copy Files Larger Than Four Gbytes

Cannot Use SMB to Map Drives

Cannot See the Security Tab From Windows Clients

Microsoft Access or SQL Server Sessions Time Out After a Period of Inactivity

Cannot Add Windows Local Groups to Access Control List

SMB Browsing Fails When share.smb=on Is Set on a ZFS Pool

Samba or SMB Service Cannot Bind Various Ports

SMB Shares on a ZFS File System are Inaccessible After a Reboot

Invalid Password Errors Appear When Mapping a Drive or Browsing Computers in the Workgroup

Access Control List Inheritance Issues

Missing Security Tab on Windows XP Clients

4.  Using SMB File Sharing on Client Systems

A.  SMB DTrace Provider

Glossary

Index

Managing SMB Groups (Task Map)

This section describes how to manage SMB groups and privileges for the SMB server.


Note - SMB groups apply only to users that are connected through SMB.


For information about SMB groups and local users, see Local SMB Groups.

The following table points to the tasks that you can use to manage SMB groups through the SMB server.

Task
Description
For Instructions
Create an SMB group.
Create an SMB group to manage users.
Add a member to an SMB group.
Add a member to an SMB group by using the smbadm command.
Remove a member from an SMB group.
Remove a member from an SMB group by using the smbadm command.
Modify SMB group properties.

An SMB group can grant the following privileges:

  • backup. Permit group members to back up file system objects.
  • restore. Permit group members to restore file system objects.

  • take-ownership. Permit group members to take ownership of file system objects.

You can specify a description of the SMB group if you modify the value of the description property.

You use the smbadm(1M) command to manage SMB groups on the system that runs the SMB server.

How to Create an SMB Group

In order to provide proper identity mapping between SMB groups and Oracle Solaris groups, an SMB group must have a corresponding Oracle Solaris group. This requirement has two consequences. First, the group name must conform to the intersection of the Windows and Oracle Solaris group name rules. Thus, an SMB group name can be up to eight (8) characters long and contain only lowercase characters and numbers. Second, an Oracle Solaris group has to be created before an SMB group can be created. The Oracle Solaris group is created by using the groupadd command. See the groupadd(1M) man page.

  1. Become an administrator, obtain the solaris.smf.value.shares and solaris.smf.manage.shares RBAC authorizations, or use the SMB Management RBAC profile.

    For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.

  2. Choose the name of the group to create.

    You might choose a name that reflects a common set of tasks that the group can perform or the organization to which the group members belong.

  3. Create the SMB group.
    # smbadm create-group [-d description] group-name

    The -d option is used to specify a textual description of the SMB group.

    For example, to create a group called wsales, type:

    # smbadm create-group -d "Sales Force for the Western Region" wsales

How to Add a Member to an SMB Group

  1. Become an administrator, obtain the solaris.smf.value.shares and solaris.smf.manage.shares RBAC authorizations, or use the SMB Management RBAC profile.

    For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.

  2. Add a user to the SMB group.
    # smbadm add-member -m member-name [[-m member-name] ...] group-name

    member-name can be specified as [domain-name\]username or [domain-name/]username. The domain name is the domain in which the user can be authenticated. By default, the domain name is the name of the domain that you joined.

    The backslash (\) is a shell special character and must be quoted. For instance, escape the backslash with another backslash: domain\\username. For more information about handling shell special characters, see the man page for your shell.

    For example, to add user terry of the sales domain to the wsales group, type:

    # smbadm add-member -m sales\\terry wsales

    To add a local user to an SMB group, specify the Oracle Solaris host name rather than the domain name. For example, to add local user terry of the solarsystem host to the wsales group, type:

    # smbadm add-member -m solarsystem\\terry wsales

How to Remove a Member From an SMB Group

  1. Become an administrator, obtain the solaris.smf.value.shares and solaris.smf.manage.shares RBAC authorizations, or use the SMB Management RBAC profile.

    For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.

  2. Remove a user from the SMB group.
    # smbadm remove-member -m member-name [[-m member-name] ...] group-name

    member-name can be specified as [domain-name\]username or [domain-name/]username. The domain name is the domain in which the user can be authenticated. By default, the domain name is the name of the domain that you joined.

    The backslash (\) is a shell special character and must be quoted. For instance, escape the backslash with another backslash: domain\\username. For more information about handling shell special characters, see the man page for your shell.

    For example, to remove user terry of the sales domain from the wsales group, type:

    # smbadm remove-member -m sales\\terry wsales

    To remove a local user from an SMB group, specify the Oracle Solaris host name rather than the domain name. For example, to remove local user terry of the solarsystem host from the wsales group, type:

    # smbadm remove-member -m solarsystem\\terry wsales

How to Modify SMB Group Properties

  1. Become an administrator, obtain the solaris.smf.value.shares and solaris.smf.manage.shares RBAC authorizations, or use the SMB Management RBAC profile.

    For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.

  2. Modify one or more SMB group properties.
    # smbadm set-group -p property=value [[-p property=value] ...] group-name

    You can specify one or more property-value pairs on the command line. Each property-value pair must be preceded by the -p option. Valid values for privileges are on or off. The value of the description property is an arbitrary text string.

    For example, to grant the backup privilege and to modify the description of the wsales group, type:

    # smbadm set-group -p backup=on \
    -p description="Sales force for the Western region" wsales