Skip Navigation Links | |
Exit Print View | |
Oracle Solaris SMB and Windows Interoperability Administration Guide Oracle Solaris 11 Express 11/10 |
1. Windows Interoperability (Overview)
2. Identity Mapping Administration (Tasks)
3. Solaris SMB Server Administration (Tasks)
How to Disable the Samba Service
Configuring the Solaris SMB Server Operation Mode (Task Map)
How to Configure the Solaris SMB Server in Domain Mode
How to Configure the Solaris SMB Server in Workgroup Mode
Managing SMB Shares (Task Map)
How to Enable Cross-Protocol Locking
How to Create an SMB Share (zfs)
How to Enable Guest Access to a Solaris SMB Share
How to Enable Access-Based Enumeration for a Share
How to Modify SMB Share Properties (zfs)
How to Remove an SMB Share (zfs)
How to Create a Specific Autohome Share Rule
How to Restrict Client Host Access to an SMB Share (zfs)
Managing SMB Groups (Task Map)
How to Add a Member to an SMB Group
Enabling CATIA V4/V5 Character Translations
How to the Enable CATIA Interoperability Feature
This section describes how to manage SMB groups and privileges for the Solaris SMB server.
Note - SMB groups apply only to users that are connected through SMB.
For information about SMB groups and local users, see Local SMB Groups.
The following table points to the tasks that you can use to manage SMB groups through the Solaris SMB server.
|
You use the smbadm(1M) command to manage SMB groups on the system that runs the Solaris SMB server.
In order to provide proper identity mapping between SMB groups and Oracle Solaris groups, an SMB group must have a corresponding Oracle Solaris group. This requirement has two consequences. First, the group name must conform to the intersection of the Windows and Oracle Solaris group name rules. Thus, an SMB group name can be up to eight (8) characters long and contain only lowercase characters and numbers. Second, a Oracle Solaris group has to be created before an SMB group can be created. The Oracle Solaris group is created by using the groupadd command. See the groupadd(1M) man page.
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
You might choose a name that reflects a common set of tasks that the group can perform or the organization to which the group members belong.
# smbadm create-group [-d description] group-name
The -d option is used to specify a textual description of the SMB group.
For example, to create a group called wsales, type:
# smbadm create-group -d "Sales Force for the Western Region" wsales
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
# smbadm add-member -m member-name [[-m member-name] ...] group-name
member-name can be specified as [domain-name\]username or [domain-name/]username. The domain name is the domain in which the user can be authenticated. By default, the domain name is the name of the domain that you joined.
The backslash (\) is a shell special character and must be quoted. For instance, escape the backslash with another backslash: domain\\username. For more information about handling shell special characters, see the man page for your shell.
For example, to add user terry of the sales domain to the wsales group, type:
# smbadm add-member -m sales\\terry wsales
To add a local user to an SMB group, specify the Oracle Solaris host name rather than the domain name. For example, to add local user terry of the solarsystem host to the wsales group, type:
# smbadm add-member -m solarsystem\\terry wsales
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
# smbadm remove-member -m member-name [[-m member-name] ...] group-name
member-name can be specified as [domain-name\]username or [domain-name/]username. The domain name is the domain in which the user can be authenticated. By default, the domain name is the name of the domain that you joined.
The backslash (\) is a shell special character and must be quoted. For instance, escape the backslash with another backslash: domain\\username. For more information about handling shell special characters, see the man page for your shell.
For example, to remove user terry of the sales domain from the wsales group, type:
# smbadm remove-member -m sales\\terry wsales
To remove a local user from an SMB group, specify the Oracle Solaris host name rather than the domain name. For example, to remove local user terry of the solarsystem host from the wsales group, type:
# smbadm remove-member -m solarsystem\\terry wsales
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
# smbadm set-group -p property=value [[-p property=value] ...] group-name
You can specify one or more property-value pairs on the command line. Each property-value pair must be preceded by the -p option. Valid values for privileges are on or off. The value of the description property is an arbitrary text string.
For example, to grant the backup privilege and to modify the description of the wsales group, type:
# smbadm set-group -p backup=on \ -p description="Sales force for the Western region" wsales