JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris SMB and Windows Interoperability Administration Guide     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

Preface

1.  Windows Interoperability (Overview)

2.  Identity Mapping Administration (Tasks)

3.  Solaris SMB Server Administration (Tasks)

Disabling the Samba Service

How to Disable the Samba Service

Configuring the Solaris SMB Server Operation Mode (Task Map)

How to Configure the Solaris SMB Server in Domain Mode

How to Configure the Solaris SMB Server in Workgroup Mode

Managing SMB Shares (Task Map)

How to Enable Cross-Protocol Locking

How to Create an SMB Share (zfs)

How to Enable Guest Access to a Solaris SMB Share

How to Enable Access-Based Enumeration for a Share

How to Modify SMB Share Properties (zfs)

How to Remove an SMB Share (zfs)

How to Create a Specific Autohome Share Rule

How to Restrict Client Host Access to an SMB Share (zfs)

Managing SMB Groups (Task Map)

How to Create an SMB Group

How to Add a Member to an SMB Group

How to Remove a Member From an SMB Group

How to Modify SMB Group Properties

Configuring the WINS Service

How to Configure WINS

Enabling CATIA V4/V5 Character Translations

How to the Enable CATIA Interoperability Feature

4.  Solaris SMB Client Administration (Tasks)

Glossary

Index

Managing SMB Groups (Task Map)

This section describes how to manage SMB groups and privileges for the Solaris SMB server.


Note - SMB groups apply only to users that are connected through SMB.


For information about SMB groups and local users, see Local SMB Groups.

The following table points to the tasks that you can use to manage SMB groups through the Solaris SMB server.

Task
Description
For Instructions
Create an SMB group.
Create an SMB group to manage users.
Add a member to an SMB group.
Add a member to an SMB group by using the smbadm command.
Remove a member from an SMB group.
Remove a member from an SMB group by using the smbadm command.
Modify SMB group properties.

An SMB group can grant the following privileges:

  • backup. Permit group members to back up file system objects.
  • restore. Permit group members to restore file system objects.

  • take-ownership. Permit group members to take ownership of file system objects.

You can specify a description of the SMB group if you modify the value of the description property.

You use the smbadm(1M) command to manage SMB groups on the system that runs the Solaris SMB server.

How to Create an SMB Group

In order to provide proper identity mapping between SMB groups and Oracle Solaris groups, an SMB group must have a corresponding Oracle Solaris group. This requirement has two consequences. First, the group name must conform to the intersection of the Windows and Oracle Solaris group name rules. Thus, an SMB group name can be up to eight (8) characters long and contain only lowercase characters and numbers. Second, a Oracle Solaris group has to be created before an SMB group can be created. The Oracle Solaris group is created by using the groupadd command. See the groupadd(1M) man page.

  1. Become an administrator, obtain the solaris.smf.value.shares and solaris.smf.manage.shares RBAC authorizations, or use the SMB Management RBAC profile.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. Choose the name of the group to create.

    You might choose a name that reflects a common set of tasks that the group can perform or the organization to which the group members belong.

  3. Create the SMB group.
    # smbadm create-group [-d description] group-name

    The -d option is used to specify a textual description of the SMB group.

    For example, to create a group called wsales, type:

    # smbadm create-group -d "Sales Force for the Western Region" wsales

How to Add a Member to an SMB Group

  1. Become an administrator, obtain the solaris.smf.value.shares and solaris.smf.manage.shares RBAC authorizations, or use the SMB Management RBAC profile.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. Add a user to the SMB group.
    # smbadm add-member -m member-name [[-m member-name] ...] group-name

    member-name can be specified as [domain-name\]username or [domain-name/]username. The domain name is the domain in which the user can be authenticated. By default, the domain name is the name of the domain that you joined.

    The backslash (\) is a shell special character and must be quoted. For instance, escape the backslash with another backslash: domain\\username. For more information about handling shell special characters, see the man page for your shell.

    For example, to add user terry of the sales domain to the wsales group, type:

    # smbadm add-member -m sales\\terry wsales

    To add a local user to an SMB group, specify the Oracle Solaris host name rather than the domain name. For example, to add local user terry of the solarsystem host to the wsales group, type:

    # smbadm add-member -m solarsystem\\terry wsales

How to Remove a Member From an SMB Group

  1. Become an administrator, obtain the solaris.smf.value.shares and solaris.smf.manage.shares RBAC authorizations, or use the SMB Management RBAC profile.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. Remove a user from the SMB group.
    # smbadm remove-member -m member-name [[-m member-name] ...] group-name

    member-name can be specified as [domain-name\]username or [domain-name/]username. The domain name is the domain in which the user can be authenticated. By default, the domain name is the name of the domain that you joined.

    The backslash (\) is a shell special character and must be quoted. For instance, escape the backslash with another backslash: domain\\username. For more information about handling shell special characters, see the man page for your shell.

    For example, to remove user terry of the sales domain from the wsales group, type:

    # smbadm remove-member -m sales\\terry wsales

    To remove a local user from an SMB group, specify the Oracle Solaris host name rather than the domain name. For example, to remove local user terry of the solarsystem host from the wsales group, type:

    # smbadm remove-member -m solarsystem\\terry wsales

How to Modify SMB Group Properties

  1. Become an administrator, obtain the solaris.smf.value.shares and solaris.smf.manage.shares RBAC authorizations, or use the SMB Management RBAC profile.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. Modify one or more SMB group properties.
    # smbadm set-group -p property=value [[-p property=value] ...] group-name

    You can specify one or more property-value pairs on the command line. Each property-value pair must be preceded by the -p option. Valid values for privileges are on or off. The value of the description property is an arbitrary text string.

    For example, to grant the backup privilege and to modify the description of the wsales group, type:

    # smbadm set-group -p backup=on \ -p description="Sales force for the Western region" wsales