Go to main content

man pages section 5: File Formats

Exit Print View

Updated: Wednesday, July 27, 2022



smb - SMB server and client configuration properties


The behavior of the Oracle Solaris SMB server and client is defined by property values that are stored in the Service Management Facility, smf(7).

An authorized user can use the sharectl(8) command to set global values for these properties in SMF.

The following list describes the properties:


Specifies the Active Directory site. Sites provide a mechanism to partition or delegate administration and policy management, which are typically used in large or complex domains.

The value should not be set if you do not have a local Active Directory site. By default, no value is set.


Specifies the full path for the SMB autohome map file, smbautohome. The Oracle Solaris SMB server can automatically share home directories when a SMB client connects. The default path is /etc.


Specifies the LAN Manager (LM) authentication level for the Oracle Solaris SMB client. The LM compatibility level controls the type of user authentication to use in workgroup mode or local user in domain mode. The default value is 4.

The following describes the behavior at each level:

    Oracle Solaris SMB Client

| 2 | Uses NTLM authentication     |
|   |                              |
| 3 | Uses NTLMv2 authentication   |
|   |                              |
| 4 | Uses NTLMv2 authentication   |
| 5 | Uses NTLMv2 authentication   |
|   |                              |


Specifies the highest protocol version the Oracle Solaris SMB client uses to negotiate with external SMB servers. The valid values are 1 and 1.0. The default value is 1.

The protocol version is specified as a {major}[.{minor}] number. If the minor number is not specified, then the highest supported minor version will be used.


When SMB client signing is required, the Oracle Solaris SMB client signs all packets, and is not able to connect to servers configured with signing not enabled and not required. When SMB client signing is not required (false), the Oracle Solaris SMB client only signs packets if required by the server. Valid values are true and false. The default value is false.


A value that controls whether the Oracle Solaris SMB server disconnects the share or proceed if the map command fails. The disposition property only has meaning when the map property has been set. Otherwise it has no effect.

disposition = [ continue | terminate ]

Proceed with share connection if the map command fails. This is the default in the event that disposition is not specified.


Disconnect the share if the map command fails.


Enables or disables dynamic DNS updates. A value of true enables dynamic updates, while a value of false disables dynamic updates. By default, the value is false.

For Active Directory DNS servers, when the system is joined to the AD domain, secure updates (defined in RFC 3007) are used.


A comma-separated list of IP interfaces whose addresses should be excluded from DDNS publication. The list is empty by default. The entries in the list represent the IP interfaces identified by their interface names, for example, net0. Note that the interface does not need to have been configured to be present in the list. Any properly-formed interface name is acceptable. Thus, for any IP interfaces configured in the system, if it is present in the ddns_exclude list, it will be excluded from dynamically publishing to the DNS server and any existing resource records in the DNS server will be removed for this interface.


Specifies a primary DNS suffix for this system. Some domain member systems have a primary DNS suffix that does not match the DNS name of the Active Directory domain (of which they are members). This creates a disjoint namespace. By default, no value is set.


Specifies the behavior on receiving a connection on virtual circuit (VC) zero. The SMB protocol default is to enforce VC zero behavior. When a client connects using VC zero the server disconnects all previous connections from that client. The default behavior can cause sessions to be disconnected when the DNS contains aliases for the server and shares are mapped using different names. To avoid disconnection, the default behavior can be changed by setting enforce_vczero to false. The default value is true.


Controls whether to enforce new syntax for netgroups, where netgroups in share access list entries must be marked with a leading '%' to distinguish them from hostnames. Enabling this setting requires the admin to make this change to all share access lists manually, and can eliminate unnecessary DNS lookups. The default is false.


Enables IPv6 Internet protocol support within the Oracle Solaris SMB Service. Valid values are true and false. The default value is true.


Specifies the number of seconds before an idle SMB connection is dropped by the Oracle Solaris SMB server. If set to 0, idle connections are not dropped. Valid values are 0 to 86400 (24 hours). The default value is 900 seconds.


The value is a command to be executed on the Oracle Solaris SMB server when a SMB client connects to the share. The command can take the following arguments, which is substituted when the command is executed as described below:


Windows username.


Name of the domain or workgroup of %U.


The server hostname.


The client hostname, or "" if not available.


The server NetBIOS name.


The client NetBIOS name, or "" if not available. This option is only valid for NetBIOS connections (port 139).


The IP address of the client machine.


The local IP address to which the client is connected.


The name of the share.


The root directory of the share.


The UID of the UNIX user.


Specifies the maximum number of concurrent open connections on the SMB server. The value is an upper limit and it has no effect when the number of concurrent connections is below the limit. The only reason to change this value is to enforce a lower or higher limit on the number of concurrent connections. The default value is 65536.


Specifies the maximum number of worker threads that are launched to process incoming SMB requests. The SMB max_mpx value, which indicates to a SMB client the maximum number of outstanding SMB requests that it can have pending on the Oracle Solaris SMB server, is derived from the max_workers value. To ensure compatibility with older versions of Windows the lower 8-bits of max_mpx must not be zero. If the lower byte of max_workers is zero, 64 is added to the value. Thus the minimum value is 64 and the default value, which appears in sharectl(8) as 1024, is 2048.


Enables or disables SMB3 multichannel support. When set to true, the Oracle Solaris SMB server will accept multichannel sessions.


Specifies that the interfaces in interface-list are not used for SMB multichannel traffic. Interfaces are specified as a comma-separated list of physical interfaces. An empty string may be used to indicate that no interfaces should be excluded from multichannel use. All private interfaces and those marked as DEPRECATED are automatically excluded.


Enables oplocks on the server. The valid values are true or false. It serves as a default option when the share property share.smb.oplocks is not explicitly set. Otherwise, the share property will take precedence in determining whether oplocks should be enabled for the share.


Disables anonymous access to IPC$ on the Oracle Solaris SMB server, which requires that the SMB client be authenticated to get access to MSRPC services through IPC$. A value of true disables anonymous access to IPC$, while a value of false enables anonymous access. The default value is true.


Configures SMB encryption at the global level. This is an SMB service-wide property. It is a boolean type property, with false being the default value. When set to true, the SMB server requires the client to encrypt data on all new sessions. This enforcement can be bypassed if the server allows unencrypted access. For more information, see the description about the server_reject_unencrypt property.


Specifies the LAN Manager (LM) authentication level for the Oracle Solaris SMB server. The LM compatibility level controls the type of user authentication to use for the clients to connect to the Workgroup mode. For Domain users connecting to the Oracle Solaris SMB server, the AD Domain Controller will establish and enforce the required authentication type. The default value is 5.

The following describes the behavior at each level:

       Oracle Solaris SMB Server
| 2 | Accepts LM, NTLM and NTLMv2 |
|   | authentication              |
| 3 | Accepts LM, NTLM and NTLMv2 |
|   | authentication              |
| 4 | Accepts NTLM and NTLMv2     |
|   | authentication              |
| 5 | Accepts NTLMv2              |
|   | authentication              |


Specifies the highest protocol version the Oracle Solaris SMB server uses to negotiate with a SMB client. The valid values are 1, 1.0, 2, 2.0, 2.1, 3, 3.0, and 3.1. The default value is 3.

The protocol version is specified as a {major}[.{minor}] number. If the minor number is not specified, then the highest supported minor version will be used. The highest supported versions are 1.0, 2.1, and 3.1.


Specifies the minimum protocol version the Oracle Solaris SMB server uses to negotiate with a SMB client. The valid values are 1, 1.0, 2, 2.0, 2.1, 3, 3.0 and 3.1. The default value is 1.

The protocol version is specified as a {major}[.{minor}] number. If the minor number is not specified, then the lowest supported minor version will be used.


Allows or rejects unencrypted access when either global level or share level encryption is turned on. This is an SMB service-wide property. It is a boolean type property, with true being the default value. By default, all unencrypted accesses will be rejected when encryption is turned on. When set to false, the unencrypted access will be allowed. This property is intended for a transition phase whenever the deployment scenario requires to support down-level clients which do not support encryption. Other than that, it is highly recommended not to change from its default value, unless the administrator is clear about the implications.


Enables SMB server signing. When server signing is enabled but not required, packets signing is at the discretion of the client. When Oracle Solaris SMB server signing is not enabled and not required, packets are signed if, and only if, the client requires signing. When server_signing_required=true, server_signing_enabled is treated as true. Valid values are true and false. The default value is false.

The server_signing_enabled property is not applicable to SMB 2.0 protocol. For SMB 2.0 protocol, signing is controlled with the server_signing_required property.


When SMB server signing is required, all packets must be signed or they are rejected. Clients that do not support signing are unable to connect to the Oracle Solaris SMB server. Valid values are true and false. The default value is false.


Sets the access-based enumeration (ABE) policy for displaying shares. If the value of this property is set to none, a client can see only the shares that it is allowed to access. Access to shares is determined by the values of the share properties rw, ro, none, and on the ACL that is set on the share.

If the value is set to full, all shares are visible to all clients.

Valid values are full and none. The default value is full.


Specifies an optional description for the system, which is a text string. This property value might appear in various places, such as Network Neighborhood or Network Places on Windows clients. By default, no value is set.


The value is a command to be executed on the Oracle Solaris SMB server when a SMB client disconnects the share. The command can take the same substitutions listed on the map property.


Enables or disables all NetBIOS services. A value of true enables NetBIOS name (UDP port 137), datagram (UDP port 138), session (TCP port 139) services and the capability of locating domain controller via NetBIOS-based discovery. A value of false disables all of them. The default value is true.


See the attributes(7) man page for descriptions of the following attributes:

Interface Stability

See Also

attributes(7), smf(7), sharectl(8), smbadm(8), smbd(8), smbstat(8)

RFC 3007