Skip Navigation Links | |
Exit Print View | |
Oracle Solaris SMB and Windows Interoperability Administration Guide Oracle Solaris 11 Express 11/10 |
1. Windows Interoperability (Overview)
2. Identity Mapping Administration (Tasks)
3. Solaris SMB Server Administration (Tasks)
4. Solaris SMB Client Administration (Tasks)
Managing SMB Mounts in Your Local Environment (Task Map)
How to Find Available SMB Shares on a Known File Server
How to Mount an SMB Share on a Directory You Own
How to View the List of Mounted SMB Shares
How to Unmount an SMB Share From a Directory You Own
How to Store an SMB Persistent Password
How to Configure the PAM Module to Store an SMB Persistent Password
Managing SMB Mounts in the Global Environment (Task Map)
How to Mount a Multiuser SMB Share
How to Customize the Global Solaris SMB Environment
How to View the Global Solaris SMB Environment Property Settings
How to Add an Automounter Entry for an SMB Share
The following table points to the tasks that a regular user can perform to manage SMB mounts.
|
If you are not familiar with the SMB file servers available in your domain, contact your system administrator. You might be able to use Network Neighborhood on Windows systems or the GNOME file browser to browse for available SMB shares.
$ smbutil view [-A | -U user] //[domain;][user[:password]@]server
//[domain;][user[:password]@]server is a resource name. user is the user name with which you connect to the SMB server, server. You can optionally specify the domain name and the password of the user that you specified on the command line.
The -A option enables you to view shares anonymously, and you are not prompted for a password. The -U user option indicates the user with which to authenticate on the specified server.
If you specified the -A option to view shares anonymously, you are not prompted for a password.
If you did not specify a user, enter the password associated with your user name.
The smbutil view output shows the name of the share, its type, and an optional text description of the share.
Most shares have a type of disk because the shares are files and directories. The other share types are as follows:
IPC – Represents an interprocess communication (IPC) device, such as a pipe or a mailslot
printer – Represents a printer queue
device – Represents a communications device
For example, the following command shows how to view the shares on the solarsystem server:
$ smbutil view //cal@solarsystem Password: Share Type Comment ------------------------------- netlogon disk Network Logon Service ipc$ IPC IPC Service (Samba Server) tmp disk Temporary file space public disk Public Stuff ethereal disk root disk Home Directories 6 shares listed from 6 available
Note - The Solaris SMB client does not support device shares.
The following command enables you to anonymously view the shares on the solarsystem server:
$ smbutil view -A //solarsystem
Note - If you own the directory on which you want to mount a share, you can perform the mount operation yourself. If you do not own the directory, you must perform the mount operation as the owner of the directory or as superuser.
$ svcs network/smb/client STATE STIME FMRI online 19:24:36 svc:/network/smb/client:default
This service is enabled by default, so the usual state for the service is online. To enable the service, type the following command:
$ svcadm enable -r network/smb/client
$ smbutil view //server
$ mkdir mount-point
For example, to create a mount point called /tmp/mnt, type:
$ mkdir /tmp/mnt
$ mount -F smbfs //[domain;][user[:password]@]server/share mount-point
For example, to mount the /tmp share from the solarsystem server on the /tmp/mnt mount point, type:
$ mount -F smbfs //solarsystem/tmp /tmp/mnt
This procedure shows how to list all of the SMB shares that are mounted on your system. The resulting list includes your mounts, other users' mounts, and multiuser mounts created by the system administrator.
Use one of the following commands to list the mounted SMB shares:
$ mount -v | grep 'type smbfs' //root@solarsystem/tmp on /mnt type smbfs read/write/setuid/devices/dev=5080000 on Tue Feb 12 11:40:18 2008 //root@solarsystem/files on /files type smbfs read/write/setuid/devices/dev=4800000 on Mon Feb 11 22:17:56 2008
Note that the mount command includes information about the mount options specified at mount time.
$ df -k -F smbfs //root@solarsystem/tmp 1871312 70864 1800448 4% /mnt //root@solarsystem/files 8067749 8017 7979055 1% /files
To successfully unmount a share, you must own the mount point on which the share is mounted.
Use one of the following commands to find shares that are mounted from an SMB server:
$ mount -v | grep 'type smbfs' //root@solarsystem/tmp on /mnt type smbfs read/write/setuid/devices/dev=5080000 on Tue Feb 12 11:40:18 2008 //root@solarsystem/files on /files type smbfs read/write/setuid/devices/dev=4800000 on Mon Feb 11 22:17:56 2008
$ df -k -F smbfs //root@solarsystem/tmp 1871312 70864 1800448 4% /mnt //root@solarsystem/files 8067749 8017 7979055 1% /files
For example:
$ umount /mnt
Interactions with an SMB file server require authentication. For instance, when you view the shares available on a server or you try to mount a share on your system, the transaction is authenticated.
Note - A persistent password is not needed when Kerberos is configured on the client and server and you have a Kerberos ticket-granting ticket (TGT). In such configurations, you can view and mount shares without specifying a password.
You can supply the password each time that you make a connection to the server, or you can store a persistent password to be automatically used for these transactions.
Note - You can store a persistent password for each user on the SMB server that you use to access shares.
The password you store persists until any of the following occur:
The SMB client is rebooted.
The smbutil logout command is run for the user.
The smbutil logoutall command is run by superuser.
$ smbutil login user Password:
The following command stores the persistent password for terry@solarsystem. Each time Terry performs a transaction with solarsystem, the persistent password is used to perform the authentication.
$ smbutil login terry@solarsystem Password:
When installed, the pam_smbfs_login.so.1 module enables you to store a persistent password the same as if you had run the smbutil login command for PAM_USER in the user's or system's default domain.
This optional functionality is meant to be used only in environments that do not run AD or Kerberos, but which synchronize passwords between Oracle Solaris clients and their SMB servers.
For more information, see the pam_smbfs_login(5) man page.
Add the following line to the /etc/pam.conf file after the other login entries:
login auth optional pam_smbfs_login.so.1
This action adds a persistent password entry as if you had run the smbutil login command.
Note - The PAM module implements a privilege to permit it to run as superuser to store your password.
$ smbutil login -c user
Example 4-1 Configuring the PAM Module to Store a Persistent Password
The following example shows how the domain is chosen. The system default is WORKGROUP. The WORKGROUP domain is overridden by any default from SMF, and finally by any default from the user's .nsmbrc file.
This example shows a default domain in SMF and for user terry:
# sharectl set -p section=default -p domain=AAA smbfs # sharectl get smbfs [default] domain=AAA
A root login uses the domain from SMF:
# smbutil login -c terry Keychain entry exists for AAA/terry.
A login as terry uses the domain from the ~terry/.nsmbrc file:
$ ls /.nsmbrc /.nsmbrc: No such file or directory $ cat ~/.nsmbrc [default] domain=MYDOMAIN $ ls -l ~/.nsmbrc -rw-r--r-- 1 terry staff 26 Feb 13 10:15 /home/terry/.nsmbrc $ smbutil login terry Keychain entry exists for MYDOMAIN/terry.
If Terry puts a password in ~terry/.nsmbrc, he must remove read permission. Also, because Terry's home directory is on an NFS server, the PAM module running as root cannot access Terry's file, so Terry would see the following and use the SMF domain instead:
$ chmod 400 .nsmbrc $ logout solarsystem console login: terry Password: Can't open /home/terry/.nsmbrc: Permission denied $ su Password: # smbutil login -c terry Keychain entry exists for AAA/terry.
Use this procedure to delete persistent passwords that are stored by the smbutil login command.
If you want to delete all persistent passwords, see How to Delete All SMB Persistent Passwords.
$ smbutil logout user@server
For example, the following command removes the persistent password for terry@solarsystem:
$ smbutil logout terry@solarsystem
After the password is deleted, Terry is prompted for his password each time that he performs a transaction with solarsystem.
$ smbutil logout server
For example, when user dana runs the following command, he removes his persistent password for solarsystem:
$ smbutil logout solarsystem
After the password is deleted, Dana is prompted for his password each time that he performs a transaction with solarsystem.
You can customize your Solaris SMB environment by creating a .nsmbrc configuration file in your home directory. For more information about the .nsmbrc file format, see the nsmbrc(4) man page.
This example shows how user terry can configure the example.com environment by placing this .nsmbrc configuration file in his home directory.
The default section describes the default domain, which is called SALES, and sets a default user of MYUSER. These default settings are inherited by other sections unless property values are overridden.
FSERVER is a server section that defines a server called fserv.example.com. It is part of the SALES domain.
RSERVER is a server section that defines a server called rserv.example.com that belongs to a new domain called REMGROUP.
# Configuration file for example.com # Specify the Windows account name to use everywhere. [default] domain=SALES user=MYUSER # The 'FSERVER' is server in our domain. [FSERVER] addr=fserv.example.com # The 'RSERVER' is a server in another domain. [RSERVER] domain=REMGROUP addr=rserv.example.com