Getting Started With the Solaris CIFS Service

Caution - This is a beta release of the Solaris[tm] Common Internet File System (CIFS) service for evaluation and OpenSolaris[tm] development. Do not use this service in a production environment where service availability and data reliability are required.

This document is intended to get you running the CIFS service on your Solaris system. You should already be familiar with these Solaris utilities. For more information, see the man pages for these utilities and files:

• idmap(1M)
• sharemgr(1M) and sharectl(1M)
• svcs(1M) and svcadm(1M)
• zpool(1M) and zfs(1M)
• krb5.conf(4)
• resolv.conf(4)

Solaris CIFS services can operate in two modes: domain and workgroup. These modes are mutually exclusive. Choose one or the other based on your environment and authentication needs.

• If you have an Active Directory (AD) domain and want to give domain users access to the Solaris CIFS service, choose domain mode by joining that domain.

• If you have no AD domains or have no need to support domain users, and you want to use local Solaris users to access the CIFS service, choose workgroup mode by joining the workgroup.

After you have successfully joined a workgroup or an AD domain, you can create and access CIFS shares.

For more information about configuring the identity mapping service and the Solaris CIFS service, see the following chapters of the Solaris CIFS Administration Guide:

• Identity Mapping Administration (Tasks)
• Solaris CIFS Service Administration (Tasks)

For more information about Solaris CIFS, see the following:

• Solaris CIFS Service Troubleshooting
• What's New With Solaris CIFS

This page includes the following procedures, which must be run as superuser or as a user with the "SMB Management" RBAC profile:

• #How to Install the Solaris CIFS Service Software (Solaris Express)
• #How to Install the Solaris CIFS Service Software (OpenSolaris)
• #How to Join a Workgroup
• #How to Join an AD Domain
• #How to Create a CIFS Share

How to Install the Solaris CIFS Service Software (Solaris Express)

You can obtain the software packages for the Solaris CIFS service from the OpenSolaris Download Center.

The Solaris CIFS service packages are available beginning with the Solaris Express Developer Edition 1/08 (SXDE 1/08) and Solaris Express Community Edition build 79 (SXCE b79) releases. Use this procedure if you want to install these packages separately from the operating system.

The Solaris CIFS packages are SUNWsmbskr, SUNWsmbsr, and SUNWsmbsu.

1. Download at least the SXDE 1/08 DVD or SXCE b79 image from the OpenSolaris Download Center.

   Go to the following URL:

   http://www.opensolaris.org/os/downloads

   Note - You must be registered at www.sun.com to access the images.

2. Determine the device to be used for mounting the image file.

   # lofiadm -a sol-nv-bn-arch-dvd.iso

   Where n is the build number and arch is the architecture of the packages.

   For example:

   # lofiadm -a sol-nv-b84-sparc-dvd.iso

   /dev/lofi/1

3. Mount the downloaded HSFS image on your system.

   # mount -F hsfs device mount-point

   device is the device name of the image and mount-point is the directory on which to mount the image.

   For example:

   # mount -F hsfs /dev/lofi/1 /mnt

4. Install the Solaris CIFS service packages.

   # pkgadd -d mount-point/Solaris_11/Product SUNWsmbskr SUNWsmbsr SUNWsmbsu

   Note - Install the packages in the order shown to satisfy package dependencies.

   To uninstall the Solaris CIFS service with the pkgrm command, reverse the order of the packages shown on the pkgadd command line to satisfy package dependencies.

How to Install the Solaris CIFS Service Software (OpenSolaris)

When you have at least the OpenSolaris 2008.05 release installed, you can use the pkg command to install OpenSolaris packages automatically from the OpenSolaris package repository.

Use this procedure if you want to install these packages separately from the operating system.

Note - As of OpenSolaris Build 95, the SMF manifest file for the smb/server service is not imported by the intallation of the Solaris CIFS packages. Steps 2, 4, and 5 of this procedure work around the problem to ensure that you can successfully enable the service. An alternative workaround is to perform a post-installation reboot instead of performing Steps 2, 4, and 5.

The Solaris CIFS packages are SUNWsmbskr and SUNWsmbs.

1. Log in to the system that is running the OpenSolaris 2008.05 release and become superuser.

2. Remove the smbsrv module.

   # rem_drv smbsrv

3. Install the Solaris CIFS service packages.

   # pkg install SUNWsmbskr
   

   # pkg install SUNWsmbs

4. Load the smbsrv module.

   # add_drv smbsrv

5. Import the Solaris CIFS service SMF manifest.

   # svccfg import /var/svc/manifest/network/smb/server.xml

6. Join a workgroup or an AD domain.

   • #How to Join a Workgroup.

   • #How to Join an AD Domain.

How to Join a Workgroup

1. Start the CIFS Service.

   # svcadm enable -r smb/server

2. Join the workgroup.

   # smbadm join -w workgroup-name

   The default workgroup name is WORKGROUP. If you want to use the default, skip this step.

3. Establish passwords for CIFS workgroup users.

   CIFS does not support UNIX or NIS style passwords. The SMB PAM module is required to generate CIFS style passwords. When the SMB PAM module is installed, the passwd command generates additional encrypted versions of each password that are suitable for use with CIFS.

   1. Install the PAM module.

      Add the following line to the end of the /etc/pam.conf file to support creation of an encrypted version of the user's password for CIFS.

      other password required pam_smb_passwd.so.1 nowarn

      Note - After the PAM module is installed, the passwd command automatically generates CIFS-suitable passwords for new users. You must also run the passwd command to generate CIFS-style passwords for existing users.

      Only a privileged user can modify the pam.conf file, for example:

      # pfexec gedit /etc/pam.conf

   2. Create local user passwords.

      # passwd username

4. (Optional) Verify your Solaris CIFS service configuration.

   1. Download the cifs-chkcfg script.

   2. Run the cifs-chkcfg script.

      # cifs-chkcfg

      Note - The cifs-chkcfg script does not currently verify the Kerberos configuration.

How to Join an AD Domain

Before You Begin

This task describes how to join an AD domain and pertains to at least SXCE Build 82.

Determine your name mapping strategy and, if appropriate, create Solaris-to-Windows mapping rules. See "Creating Your Identity Mapping Strategy" in the Solaris CIFS Administration Guide.

Creating name-based mapping rules is optional and can be performed at any time. By default, identity mapping uses ephemeral mapping instead of name-based mapping.

1. Start the CIFS Service.

   # svcadm enable -r smb/server

2. Ensure that system clocks on the domain controller and the Solaris system are synchronized.

   For more information, see Step 3 of "How to Configure the Solaris CIFS Service in Domain Mode" in the Solaris CIFS Administration Guide.

3. Join the domain.

   # smbadm join -u domain-user domain-name

   You must specify a user that has appropriate access rights to perform this step.

4. Restart the CIFS Service.

   # svcadm restart smb/server

5. (Optional) Verify your Solaris CIFS service configuration.

   1. Download the cifs-chkcfg script.

   2. Run the cifs-chkcfg script.

      # cifs-chkcfg

      Note - The cifs-chkcfg script does not currently verify the Kerberos configuration.

How to Create a CIFS Share

1. Enable SMB sharing for the ZFS file system.

   • Enable SMB sharing for an existing ZFS file system.

     # zfs set sharesmb=on fsname

     For example, to enable SMB sharing for the ztank/myfs file system, type:

     # zfs set sharesmb=on ztank/myfs

     Note - The resource name for the share is automatically constructed by the zfs command when the share is created. The resource name is based on the dataset name, unless you specify a resource name. Any characters that are illegal for resource names are replaced by an underscore character (_).

     To specify a resource name for the share, specify a name for the sharesmb property, sharesmb=name=resource-name.

     For example, to specify a resource name of myfs for the ztank/myfs file system, type:

     # zfs set sharesmb=name=myfs ztank/myfs

   • Create a new ZFS file system that enables SMB sharing.

     When creating a ZFS file system to be used for SMB file sharing, set the casesensitivity option to mixed to permit a combination of case-sensitive and case-insensitive matching. Also, set the nbmand option to enforce mandatory cross-protocol share reservations and byte-range locking.

     # zfs create -o casesensitivity=mixed -o nbmand=on -o sharesmb=on fsname

     For example, to create a ZFS file system with SMB sharing and nbmand enabled for the ztank/yourfs file system, type:

     # zfs create -o casesensitivity=mixed -o nbmand=on -o sharesmb=on ztank/yourfs

     To specify a resource name for the share, specify a name for the sharesmb property, sharesmb=name=resource-name.

     For example, to specify a resource name of yourfs for the ztank/yourfs file system, type:

     # zfs create -o casesensitivity=mixed -o nbmand=on -o sharesmb=name=yourfs ztank/yourfs

2. Verify how the new file system is shared.

   # sharemgr show -vp

   Now, you can access the share by connecting to //solaris-hostname/share-name. For information about how to access CIFS shares from your client, refer to the client documentation.