| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris SMB and Windows Interoperability Administration Guide Oracle Solaris 11 Express 11/10 |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris SMB and Windows Interoperability Administration Guide Oracle Solaris 11 Express 11/10 |
1. Windows Interoperability (Overview)
2. Identity Mapping Administration (Tasks)
3. Solaris SMB Server Administration (Tasks)
4. Solaris SMB Client Administration (Tasks)
Managing SMB Mounts in Your Local Environment (Task Map)
How to Find Available SMB Shares on a Known File Server
How to Mount an SMB Share on a Directory You Own
How to View the List of Mounted SMB Shares
How to Unmount an SMB Share From a Directory You Own
How to Store an SMB Persistent Password
How to Configure the PAM Module to Store an SMB Persistent Password
How to Delete an SMB Persistent Password
The following table points to the tasks that superuser can perform to manage SMB mounts.
|
If you want to make a share available to one or more users on a system, you can mount the share on a mount point anywhere on the system. When you mount a share as superuser, you do not need to own the mount point.
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
# svcs network/smb/client STATE STIME FMRI online 19:24:36 svc:/network/smb/client:default
This service is enabled by default, so the usual state for the service is online. To enable the service, type the following command:
# svcadm enable -r network/smb/client
# smbutil view //server
For example, you decide to mount shares on the /sales-tools mount point.
# mount -F smbfs -o mount-options //[domain;][user[:password]@]server/share mount-point
For example, to mount the /tmp share from the solarsystem server on the /sales-tools mount point, type:
# mount -F smbfs -o uid=terry,gid=staff,fileperms=0644 //solarsystem/tmp /sales-tools
In this example, the mount options enable users other than root to access the share. User terry and users who are members of the staff group can access the share with mode 0644.
When you mount a share, you can set the uid and gid mount options to specify the user and group owner of the share.
The values specified by these mount options are used to do the following:
Specify the user and group to be used for local access checks. These checks are only used to determine which local users are permitted through the mount point. All other access checks are handled by the server.
Determine the UID and GID that appear in file listings when the mounted share does not support “per-file security.” Such shares might be shared CD-ROMs or Windows FAT volumes. Most shares support “per-file security,” so the UID and GID that are shown in directory listings are derived from the file security properties.
You can customize the global Solaris SMB environment by using the sharectl(1M) command. With the exception of the minauth property, globally set properties can be overridden by a value set in user's .nsmbrc file. The most secure value of the minauth property takes precedence over a less secure value set by the user or set in the global environment.
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
For a description of the properties, see the nsmbrc(4) man page.
# sharectl set [-h] [-p property=value] ... smbfs
For example, to specify a default domain name of SALES for the default section, type:
# sharectl set -p section=default -p domain=SALES smbfs
You can view the global Solaris SMB environment property settings by using the sharectl(1M) command.
If you set a value for the same property in more than one section, the sharectl get output includes the section name, property name, and value.
For a description of the properties, see the nsmbrc(4) man page.
$ sharectl get [-p property] ... smbfs
For example, to view the values for the timeout property, type:
$ sharectl get -p timeout smbfs [SALES] timeout=5 [default] timeout=10
$ sharectl get smbfs [SALES] password=$$178465324253e0c07 timeout=5 [default] timeout=10
You can add an SMB share to an automount map, such as the /etc/auto_direct file, so that the share will be automatically mounted when a user accesses the mount point. You cannot add these automount entries to the /etc/auto_master file.
To successfully use the automount feature, you must store a persistent password for authentication to mount the share. See How to Store an SMB Persistent Password.
 | Caution - When a user mounts a remote SMB share by using smbfs, all accesses through that mount, even by other users, are as the user who established the mount. For shares that will only be used by the owner, you should restrict access to the share by using the dirperms mount option to ensure that only the owner can access the share. |
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
For example, to add automount entries to the /etc/auto_direct file, add the following line to the /etc/auto_master file:
/- auto_direct
The following examples show the changes to the automount map, in this example the /etc/auto_direct file, to configure automount maps.
To configure a private automount (a share that will only be accessed by the owner) of the //solarsystem/test share on the /sam-test mount point, create the following entry in the /etc/auto_direct file:
/sam-test -fstype=smbfs,dirperms=0700,uid=sam //solarsystem/test
The dirperms=0700 mount option ensures that only the owner can access the share. The uid=sam mount option ensures that the share root and everything in the share is owned by user sam.
To configure a public automount of the //solarsystem/public share on the /PUBLIC mount point, create the following entry in the /etc/auto_direct file:
/PUBLIC -fstype=smbfs //solarsystem/public
The dirperms=0555 mount option ensures that everyone has read and execute access to the share.
To configure a public automount of a share and to specify the password to be used for authentication, create the following entry in the /etc/auto_direct file:
/PUBLIC -fstype=smbfs //guest:guest@solarsystem/public
This entry specifies that all access to the //solarsystem/public share is done as the user guest and uses the specified password, which in this example is guest. The dirperms=0777 mount option ensures that everyone has read, write, and execute access to the share.
To configure a public automount of a share that can be accessed anonymously, which does not require a password, specify the noprompt option:
/PUBLIC -noprompt,fstype=smbfs //solarsystem/public
The noprompt mount option suppresses the prompting for a password when mounting the share. The dirperms=0555 mount option ensures that everyone has read and execute access to the share.
# automount
The share is automounted when a user accesses the mounted share, such as by using the ls or cd command.
$ ls /PUBLIC bin docs
After the SMB share is mounted, a user can use regular Oracle Solaris commands to access the files. Automounted shares are automatically unmounted after a period of inactivity.
Use this procedure to delete all of the persistent passwords that are used to authenticate SMB transactions.
If you only want to delete the persistent passwords for a particular user, see How to Delete an SMB Persistent Password.
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
# smbutil logoutall
After the persistent passwords are deleted, each time a user performs a transaction with an SMB server, he is prompted for his password.
|