JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Managing SMB File Sharing and Windows Interoperability in Oracle Solaris 11.1     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Sharing Files Between Windows and Oracle Solaris Systems

The SMB File Sharing Environment

SMB Server

SMB Client

Identity Mapping Service

Managing SMB Configuration Properties

Configuring the SMB Server - Process Overview

Utilities and Files Associated With the SMB Server and Client

SMB Utilities

mount_smbfs Command

sharectl Command

share Command

smbadm Command

smbstat Command

umount_smbfs Command

unshare Command

zfs Command

SMB Service Daemon

SMB Files

/etc/auto_direct File

/etc/dfs/sharetab File

/etc/smbautohome File

Authentication, Directory, Naming, and Time Services

SMB Shares

SMB Share Properties

SMB Share Access Control

Host-Based Access Control to SMB Shares

Access Control Lists on SMB Shares

SMB Autohome Shares

SMB Autohome Entries

SMB Autohome Map Entry Format

SMB Autohome Map Key Substitution

Wildcard Rule

nsswitch Map

Local SMB Groups

Client-Side Caching for Offline Files

SMB Share Execution Properties

SMB Support for the Distributed File System

SMB Support for SMB Printing

2.  Setting Up Identity Mapping Between Windows and Oracle Solaris Systems

3.  Setting Up a Oracle Solaris SMB Server to Manage and Share Files

4.  Using SMB File Sharing on Client Systems

A.  SMB DTrace Provider

Glossary

Index

SMB Shares

A shared resource, or share, is a local resource on a server that is accessible to SMB clients on the network. For the SMB server, a share is typically a directory. Each share is identified by a name on the network. An SMB client sees the share as a complete entity on the SMB server, and does not see the local directory path to the share on the server.


Note - A share and a directory are independent entities. Removing a share does not affect the underlying directory.


Shares are commonly used to provide network access to home directories on a network file server. Each user is assigned a home directory. A share is persistent and remains defined regardless of whether users are connected to the server.

The SMB server provides a special kind of share called an autohome SMB share. An autohome share is a transient share of a user's home directory that is created when a user logs in and removed when the user logs out.

When a user browses the system, only statically defined shares and his autohome share will be listed.

SMB Share Properties

You can use share properties to modify the attributes and behavior of an SMB share. Use the zfs set and share commands to set share properties. There are two types of share properties: global and protocol-specific.

The global share properties include the following:

The protocol-specific share properties for the SMB protocol include the following:

When you specify share properties, specify the global properties first, followed by the prot property and then by any protocol-specific properties. For more information about SMB share properties, see the share_smb(1M) man page.

To create a share, you must specify the path property. To change a global share property, specify only the global properties you want to change and not the prot property. To change protocol-specific property values, you must also specify the name and prot global share properties.

SMB Share Access Control

The SMB server uses the following access-control mechanisms to limit access by users, hosts, or both, to SMB shared file systems (shares):

Host-based access control is applied first and grants or denies access to the client system. If the host is granted access, the share ACL is applied to grant or deny access to the user. Each mechanism acts as a filter, which might restrict the type of access granted based on the access-control setting.

Shares are always created with the default share ACL and, unless otherwise specified when the share is created, default host-based access control. You can apply non-default values to the share after the share is created.

Host-Based Access Control to SMB Shares

This access-control mechanism enables you to limit the access of a host or group of hosts to an SMB share. This mechanism is a share-level access control and does not apply to local file access. By default, all hosts have full access to a share. The SMB server enforces host-based access control each time a client requests a connection to a share.

You can use the zfs set and share commands to specify host-based access control on a share. For more information, see How to Restrict Client Host Access to an SMB Share (zfs), and the share(1M) and zfs(1M) man pages.

Access Control Lists on SMB Shares

An ACL on a ZFS share provides the same level of access control as a Windows ACL does for its shares. Each share can have an ACL that includes entries to specify which types of access are allowed or denied to users and groups. Like host-based access control, this mechanism is a share-level form of access control and does not apply to local file access.

These share ACLs are only available for ZFS shares. You can manage a ZFS share's ACL in the Oracle Solaris OS by using the chmod and ls commands. See the chmod(1) and ls(1) man pages. You can also manage these ACLs by using the Windows share management GUI on a Windows client.

Although a ZFS file system is used to store a share's ACL, the access control is enforced by the SMB server each time a client requests a connection to a share. The default ACL setting permits full access to everyone.


Note - You cannot specify an ACL on an autohome share. Autohome shares are created at runtime with a predefined, unmodifiable ACL that grants full control to the owner. Only the autohome share owner can access the share.


SMB Autohome Shares

The autohome share feature eliminates the administrative task of defining and maintaining home directory shares for each user that accesses the system through the SMB protocol. The system creates autohome shares when a user logs in, and removes them when the user logs out. This process reduces the administrative effort needed to maintain user accounts, and increases the efficiency of service resources.

For example, if /home is a home directory that contains subdirectories for users bob and sally, you can manually define the shares as follows:

bob

/home/bob

sally

/home/sally

However, defining and maintaining directory shares in this way for each user is inconvenient. Instead, you can use the autohome feature.

To configure the autohome feature, you need to specify autohome share rules. For example, if a user's home directory is /fort/sally, the autohome path is /fort. The temporary share is named sally. Note that the user's home directory name must be the same as the user's login name. See How to Create a Specific Autohome Share Rule.

When a user logs in, the SMB server looks for a subdirectory that matches the user's name based on any rules that have been specified. If the server finds a match and if that share does not already exist, the subdirectory is added as a transient share. When the user logs out, the server removes that transient share.

Some Windows clients log a user out after 15 minutes of inactivity, which results in the autohome share disappearing from the list of defined shares. This behavior is expected for SMB autohome shares. Even after an SMB autohome share is removed, the share reappears when the user attempts to access the system (for example, in an Explorer window).


Note - All autohome shares are removed when the SMB server is restarted.


SMB Autohome Entries

The SMB server can automatically share home directories when an SMB client connects. The autohome map file, /etc/smbautohome, uses the search options and rules to determine whether to share a home directory when an SMB client connects to the server.

For example, the following entries specify the autohome rules for a particular environment:

+nsswitch        dc=ads,dc=oracle,dc=com,ou=users
jane    /home/?/&    dc=ads,dc=oracle,dc=com,ou=users

The nsswitch autohome entry uses the naming service to match users to home directories. The second autohome entry specifies that the home directory for user jane is /home/j/jane.

SMB Autohome Map Entry Format

A map entry, also referred to as a mapping, uses the following format:

key location [ container ]

key is a user name, location is the fully qualified path for the user's home directory, and container is an optional AD container.

If you intend to publish the share in AD, you must specify an AD container name, which is specified as a comma-separated list of attribute name-value pairs. The attributes use the Lightweight Directory Access Protocol (LDAP) distinguished name (DN) or relative distinguished name (RDN) format.

The DN or RDN must be specified in LDAP format by using the following prefixes:

cn=, ou=, and dc= are attribute types. The attribute type used to describe an object's RDN is called the naming attribute, which for AD includes the following object classes:

SMB Autohome Map Key Substitution

The autohome feature supports the following wildcard substitutions for the value of the key field:

Wildcard Rule

When supplied in the key field, the asterisk (*) is recognized as the “catch-all” entry. Such an entry matches any key not previously matched.

For example, the following entry would map any user to a home directory in /home in which the home directory name was the same as the user name:

*    /home/&

Note - The wildcard rule is only applied if an appropriate rule is not matched by another map entry.


nsswitch Map

The nsswitch map is used to request that the home directory be obtained from a password database, such as the local, NIS, or LDAP database. If an AD path is appended, it is used to publish shares.

+nsswitch

Like the “catch-all” entry, the nsswitch map is only searched if an appropriate rule is not matched by another map entry.


Note - The wildcard and nsswitch rules are mutually exclusive. Do not include an nsswitch rule if a wildcard rule has already been defined.