Getting Started With the Solaris CIFS Service

From Genunix

Copyright Notice

Contents 1 Getting Started With the Solaris CIFS Service 1.1 How to Install the Solaris CIFS Service Software (Solaris Express) 1.2 How to Install the Solaris CIFS Service Software (OpenSolaris) 1.3 How to Join a Workgroup 1.4 How to Join an AD Domain 1.4.1 Before You Begin 1.5 How to Create a CIFS Share

Getting Started With the Solaris CIFS Service

Caution - This is a beta release of the Solaris[tm] Common Internet File System (CIFS) service for evaluation and OpenSolaris[tm] development. Do not use this service in a production environment where service availability and data reliability are required.

This document is intended to get you running the CIFS service on your Solaris system. You should already be familiar with these Solaris utilities. For more information, see the man pages for these utilities and files:

• idmap(1M)
• sharemgr(1M) and sharectl(1M)
• svcs(1M) and svcadm(1M)
• zpool(1M) and zfs(1M)
• krb5.conf(4)
• resolv.conf(4)

Solaris CIFS services can operate in two modes: domain and workgroup. These modes are mutually exclusive. Choose one or the other based on your environment and authentication needs.

• If you have an Active Directory (AD) domain and want to give domain users access to the Solaris CIFS service, choose domain mode by joining that domain.
• If you have no AD domains or have no need to support domain users, and you want to use local Solaris users to access the CIFS service, choose workgroup mode by joining the workgroup.

After you have successfully joined a workgroup or an AD domain, you can create and access CIFS shares.

For more information about configuring the identity mapping service and the Solaris CIFS service, see the following chapters of the Solaris CIFS Administration Guide:

• Identity Mapping Administration (Tasks)
• Solaris CIFS Service Administration (Tasks)

This page includes the following procedures, which must be run as superuser or as a user with the "SMB Management" RBAC profile:

• #How to Install the Solaris CIFS Service Software (Solaris Express)
• #How to Install the Solaris CIFS Service Software (OpenSolaris)
• #How to Join a Workgroup
• #How to Join an AD Domain
• #How to Create a CIFS Share

How to Install the Solaris CIFS Service Software (Solaris Express)

You can obtain the software packages for the Solaris CIFS service from the OpenSolaris Download Center.

The Solaris CIFS service packages are available beginning with the Solaris Express Developer Edition 1/08 (SXDE 1/08) and Solaris Express Community Edition build 79 (SXCE b79) releases. Use this procedure if you want to install these packages separately from the operating system.

The Solaris CIFS packages are SUNWsmbskr, SUNWsmbsr, and SUNWsmbsu.

1. Download at least the SXDE 1/08 DVD or SXCE b79 image from the OpenSolaris Download Center.
   
   Go to the following URL:
   
   http://www.opensolaris.org/os/downloads
   
   Note - You must be registered at www.sun.com to access the images.
2. Determine the device to be used for mounting the image file.
   
   # lofiadm -a sol-nv-bn-arch-dvd.iso
   
   Where n is the build number and arch is the architecture of the packages.
   
   For example:
   
   # lofiadm -a sol-nv-b84-sparc-dvd.iso /dev/lofi/1
3. Mount the downloaded HSFS image on your system.
   
   # mount -F hsfs device mount-point
   
   device is the device name of the image and mount-point is the directory on which to mount the image.
   
   For example:
   
   # mount -F hsfs /dev/lofi/1 /mnt
4. Install the Solaris CIFS service packages.
   
   # pkgadd -d mount-point/Solaris_11/Product SUNWsmbskr SUNWsmbsr SUNWsmbsu
   
   Note - Install the packages in the order shown to satisfy package dependencies.
   
   To uninstall the Solaris CIFS service with the pkgrm command, reverse the order of the packages shown on the pkgadd command line to satisfy package dependencies.

How to Install the Solaris CIFS Service Software (OpenSolaris)

When you have at least the OpenSolaris 2008.05 release installed, you can use the pkg command to install OpenSolaris packages automatically from the OpenSolaris package repository.

Use this procedure if you want to install these packages separately from the operating system.

The Solaris CIFS packages are SUNWsmbs and SUNWsmbskr.

1. Log in to the system that is running the OpenSolaris 2008.05 release and become superuser.




2. Install the Solaris CIFS service packages.


# pkg install SUNWsmbs
# pkg install SUNWsmbskr

How to Join a Workgroup

1. Start the CIFS Service.
   
   # svcadm enable -r smb/server
2. Join the workgroup.
   
   # smbadm join -w workgroup-name
   
   The default workgroup name is WORKGROUP. If you want to use the default, skip this step.
3. Establish passwords for CIFS workgroup users.
   
   CIFS does not support UNIX or NIS style passwords. The SMB PAM module is required to generate CIFS style passwords. When the SMB PAM module is installed, the passwd command generates additional encrypted versions of each password that are suitable for use with CIFS.
   
   
   1. Install the PAM module.
      
      Add the following line to the end of the /etc/pam.conf file to support creation of an encrypted version of the user's password for CIFS.
      
      other password required pam_smb_passwd.so.1 nowarn
      
      Note - After the PAM module is installed, the passwd command automatically generates CIFS-suitable passwords for new users. You must also run the passwd command to generate CIFS-style passwords for existing users.
   2. Create local user passwords.
      
      # passwd username

How to Join an AD Domain

Before You Begin

Determine your name mapping strategy and, if appropriate, create Solaris-to-Windows mapping rules. See "Creating Your Identity Mapping Strategy" in the Solaris CIFS Administration Guide.

Creating name-based mapping rules is optional and can be performed at any time. By default, identity mapping uses ephemeral mapping instead of name-based mapping.

1. Start the CIFS Service.
   
   # svcadm enable -r smb/server
2. Configure the Solaris CIFS service as an AD client.
   
   See "How to Configure an AD Client" in the Solaris CIFS Administration Guide.
   This step no longer required as of snv_82.
3. Ensure that system clocks on the domain controller and the Solaris system are synchronized.
   
   For more information, see Step 3 of "How to Configure the Solaris CIFS Service in Domain Mode" in the Solaris CIFS Administration Guide.
4. Join the domain.
   
   # smbadm join -u domain-user domain-name
   
   You must specify a user that has appropriate access rights to perform this step.
5. Restart the CIFS Service.
   
   # svcadm restart smb/server

How to Create a CIFS Share

This procedure describes how to use the ZFS[tm] file system sharesmb property to create CIFS shares. In general, you can use sharemgr to create a CIFS share for any file system, see "How to Create a CIFS Share (sharemgr)" in the Solaris CIFS Administration Guide.

For examples of using the zfs command to create CIFS shares, see "How to Create a CIFS Share (zfs)" in the Solaris CIFS Administration Guide.

Support for CIFS shares requires that ZFS pools be at least Version 9 and that ZFS datasets be at least Version 3.

For information about checking ZFS versions and upgrading ZFS pool and dataset versions, see "CIFS Browsing Fails When sharesmb=on Set on a ZFS Pool" on the Solaris CIFS Service Troubleshooting page.

1. Enable SMB sharing for the ZFS file system.
   • Enable SMB sharing for an existing ZFS file system.
     
     # zfs set sharesmb=on fsname
     
     For example, to enable SMB sharing for the ztank/myfs file system, type:
     
     # zfs set sharesmb=on ztank/myfs
     
     Note - The resource name for the share is automatically constructed by the zfs command when the share is created. The resource name is based on the dataset name, unless you specify a resource name. Any characters that are illegal for resource names are replaced by an underscore character (_).
     
     To specify a resource name for the share, specify a name for the sharesmb property, sharesmb=name=resource-name.
     
     For example, to specify a resource name of myfs for the ztank/myfs file system, type:
     
     # zfs set sharesmb=name=myfs ztank/myfs
   • Create a new ZFS file system that enables SMB sharing.
     
     When creating a ZFS file system to be used for SMB file sharing, set the casesensitivity option to mixed to permit a combination of case-sensitive and case-insensitive matching. Also, set the nbmand option to enforce mandatory cross-protocol share reservations and byte-range locking.
     
     # zfs create -o casesensitivity=mixed -o nbmand=on -o sharesmb=on fsname
     
     For example, to create a ZFS file system with SMB sharing and nbmand enabled for the ztank/yourfs file system, type:
     
     # zfs create -o casesensitivity=mixed -o nbmand=on -o sharesmb=on ztank/yourfs
     
     To specify a resource name for the share, specify a name for the sharesmb property, sharesmb=name=resource-name.
     
     For example, to specify a resource name of yourfs for the ztank/yourfs file system, type:
     
     # zfs create -o casesensitivity=mixed -o nbmand=on -o sharesmb=name=yourfs ztank/yourfs

2. Verify how the new file system is shared.
   
   # sharemgr show -vp
   
   Now, you can access the share by connecting to \\solaris-hostname\share-name. For information about how to access CIFS shares from your client, refer to the client documentation.