JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris SMB and Windows Interoperability Administration Guide     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information


1.  Windows Interoperability (Overview)

The Solaris SMB Server

Solaris SMB Server

Solaris SMB Client

Identity Mapping Service

Managing Solaris SMB Configuration Properties

Configuring the Solaris SMB Server - Process Overview

Utilities and Files Associated With the Solaris SMB Server and Client

Solaris SMB Utilities

mount_smbfs Command

sharectl Command

share Command

smbadm Command

smbstat Command

smbutil Command

umount_smbfs Command

unshare Command

zfs Command

Solaris SMB Service Daemon

Solaris SMB Files

/etc/auto_direct File

/etc/dfs/sharetab File

/etc/smbautohome File

$HOME/.nsmbrc File

Authentication, Directory, Naming, and Time Services

SMB Shares

Share Properties

Access Control to Shares

Host-Based Access Control to Shares

Access Control Lists on Shares

Autohome Shares

Autohome Entries

Autohome Map Entry Format

Autohome Map Key Substitution

Wildcard Rule

nsswitch Map

Local SMB Groups

Client-Side Caching for Offline Files

Share Execution Properties

Support for the Distributed File System

2.  Identity Mapping Administration (Tasks)

3.  Solaris SMB Server Administration (Tasks)

4.  Solaris SMB Client Administration (Tasks)



The Solaris SMB Server

The Oracle Solaris operating system (Oracle Solaris OS) has reached a new level of Windows interoperability with the introduction of an integrated SMB server. A Oracle Solaris server can now be an active participant in a Windows active directory domain and provide ubiquitous, cross-protocol file sharing through SMB and NFS to clients in their native dialect.

The Solaris SMB server allows a native Oracle Solaris system to serve files, by means of SMB shares, to SMB enabled clients, such as Windows and Mac OS systems. A Windows client (or other SMB client) can interoperate with the Solaris SMB server as it would with a Windows server.

A Solaris SMB server can operate in either workgroup mode or in domain mode. In workgroup mode, the Solaris SMB server is responsible for authenticating users locally when access is requested to shared resources. This authentication process is referred to as local login. In domain mode, the Solaris SMB server uses pass-through authentication, in which user authentication is delegated to a domain controller.

When a user is successfully authenticated, the Solaris SMB server generates an access token using the security identifiers (SIDs) that represent the user's identity and the groups of which the user is a member. When the user requests access to files or resources from the server, the access token is used to determine access to files by cross-checking the token with the access control list (ACL) or permissions on files and resources. Oracle Solaris OS credentials have been enhanced to fully support Windows-style SIDs. In addition, file systems, such as the ZFS file system, support Windows-style ACLs and access checking.

The Oracle Solaris OS is unique in that it can manage user identities simultaneously by using both traditional UIDs (and GIDs) and SIDs. When a user is authenticated through the SMB server, the user's SMB identity is mapped to the appropriate UNIX or Network Information Service (NIS) identity by using the idmap identity mapping service. If an existing UNIX or NIS identity exists, that identity is used. Otherwise, a temporary identity is generated using ephemeral UIDs and GIDs, as required. Ephemeral IDs are valid only within each Oracle Solaris OS instance and only until the system is rebooted. These IDs are never stored on disk or transmitted over the network. When an ACL is stored on disk through the SMB server, the SIDs are used to generate the access control entries. Oracle Solaris utilities, such as ls and chmod, support ACL management.

For more information about how the Oracle Solaris OS manages user identities, see Chapter 2, Identity Mapping Administration (Tasks).

The following diagram shows how a Oracle Solaris file server can operate simultaneously with both NIS and Windows domains. The Windows domain controller provides SMB authentication and naming services for SMB clients and servers, while the NIS servers provide naming services for NFS clients and servers.

Figure 1-1 Solaris SMB Environment

Diagram showing the components and interactions in a Solaris SMB environment.

The Oracle Solaris services described in this book include the following components:

Solaris SMB Server

Note - Samba and SMB servers cannot be used simultaneously on a single Oracle Solaris system. The Samba server must be disabled in order to run the Solaris SMB server. For more information, see How to Disable the Samba Service.

For a high-level overview of configuring the Solaris SMB server, see Configuring the Solaris SMB Server - Process Overview. For information about configuring the server, see Chapter 3, Solaris SMB Server Administration (Tasks). For more information about the Solaris SMB server, see the smbadm(1M), smbd(1M), smbstat(1M), smb(4), smbautohome(4), and pam_smb_passwd(5) man pages.

The SMB features offered by the Oracle Solaris service depend on the file system being shared. To fully support the Solaris SMB server, a file system should support the following features:

For information about the supported features of the UFS and ZFS file systems, see the ufs(7FS) man page and the Oracle Solaris ZFS Administration Guide, respectively.

For information about how to access SMB shares from your client, refer to the client documentation.

Solaris SMB Client

The SMB protocol is the native file-sharing protocol used by Windows and Mac OS systems. The Solaris SMB client is a Oracle Solaris virtual file system that provides access to files and directories from the SMB server.

By using the Solaris SMB client, a user can mount remote SMB shares (directories) on his Oracle Solaris system to get read-write access to previously inaccessible files. The Solaris SMB client does not include the ability to print by means of SMB or the ability to access SMB resources other than files and directories. The Solaris SMB client enables an unprivileged user to mount and unmount shares on directories he owns.

For more information about how to use the Solaris SMB client to access shares, see Chapter 4, Solaris SMB Client Administration (Tasks), and the smbutil(1), mount_smbfs(1M), nsmbrc(4), pam_smbfs_login(5), and smbfs(7FS) man pages.

Identity Mapping Service

The Oracle Solaris OS includes an identity mapping service that enables you to map identities between Oracle Solaris systems and Windows systems.

This identity mapping service supports the following types of mappings between Windows security identities (SIDs) and Oracle Solaris user IDs and group IDs (UIDs and GIDs):

The idmap command can be used to create and manage the name-based mappings and to monitor the mappings in effect.

For more information about mapping user and group identities, see Mapping User and Group Identities. For information about how to determine your identity mapping strategy, see Creating Your Identity Mapping Strategy. For instructions on how to use the idmap command, see Managing Directory-Based Name Mapping for Users and Groups (Task Map), Managing Rule-Based Identity Mapping for Users and Groups (Task Map), and the idmap(1M) man page.

Managing Solaris SMB Configuration Properties

The Solaris SMB server and the Solaris SMB client use the sharectl command to manage configuration properties. For descriptions of the Solaris SMB server properties, see the sharectl(1M) and smb(4) man pages. For descriptions of the Solaris SMB client properties, see the nsmbrc(4) man page.

The Solaris SMB properties and their values are stored in the Service Management Facility (SMF). For more information about SMF, see Chapter 11, Managing Services (Overview), in System Administration Guide: Basic Administration.

The sharectl command is used throughout the configuration process to set and view properties. This command and examples of its use are described in Chapter 3, Solaris SMB Server Administration (Tasks). The sharectl command is also used by the Solaris SMB client to configure the global environment. For more information, see Chapter 4, Solaris SMB Client Administration (Tasks).