Managing SMB Configuration Properties
The SMB server and the SMB client use the sharectl
command to manage configuration properties. For descriptions of the SMB client and server properties, see the sharectl
(8) and smb
(5) man pages.
The sharectl
command is used throughout the configuration process to set and view properties. This command and examples of its use are described in Setting Up an Oracle Solaris SMB Server to Manage and Share Files and Using SMB File Sharing on Client Systems.
Note:
When thesmb/server_auth_level
value is 4
, the Oracle Solaris SMB server accepts both NTLM and NTLMv2 authentication mechanisms for local user authentication. When clients initiate NTLM authentication, the Oracle Solaris SMB server is required to use DES encryption algorithm for hashing the incoming password hashes. DES is known to be less secure than HMAC-MD5, which is used in generating NTLMv2 challenge responses.
Note:
The default value forsmb/server_auth_level
has changed from 4
to 5
. This change is made to limit the use of the less secure DES encryption mechanism for local user authentication. With the new default value, Oracle Solaris SMB server accepts only NTLMv2 authentication mechanisms for local user authentication. With this change, there is no impact to Windows clients running Windows Vista and later versions assuming the LMCompatibilityLevel
registry setting is not down-level. However, Windows clients running a Windows OS version prior to Vista will require the LMCompatibilityLevel
registry setting to be raised to 3
or higher in order to be successfully authenticated by the Oracle Solaris SMB server.
For Domain users connecting to the Oracle Solaris SMB server, the AD domain controller will establish and enforce the required authentication level.