Accessing OpenSolaris Shares From Windows

Last year I wrote an entry on Accessing Windows Shares from OpenSolaris. This is the other way around - setting up OpenSolaris as a CIFS server so I could browse its shares from Windows.

To begin, install the CIFS server packages:

bleonard@opensolaris:~$ pfexec pkg install SUNWsmbskr
PHASE                                          ITEMS
Indexing Packages                            554/554
DOWNLOAD                                    PKGS       FILES     XFER (MB)
Completed                                    1/1         6/6     0.42/0.42

PHASE                                        ACTIONS
Install Phase                                  17/17
Reading Existing Index                           9/9
Indexing Packages                                1/1
bleonard@opensolaris:~$ pfexec pkg install SUNWsmbs
DOWNLOAD                                    PKGS       FILES     XFER (MB)
Completed                                    1/1       28/28     1.07/1.07

PHASE                                        ACTIONS
Install Phase                                  62/62
PHASE                                          ITEMS
Reading Existing Index                           9/9
Indexing Packages                                1/1

Note, there's a broken dependency between SUNWsmbs and SUNWsmbskr, which is why it's necessary to install both packages. This will be addressed with the upcoming 2009.06 release. See bug 5390 for more details.

After the packages are installed, reboot the system (there is a work-around, which you can read here. Personally I found it easier to reboot). You can follow bug 8647 to track the progress of this issue.

Notice that the CIFS server is dependent on the Native Identity Mapping Service, which is disabled by default:

bleonard@opensolaris:~$ svcs -l smb/server
fmri         svc:/network/smb/server:default
name         smbd daemon
enabled      true
state        offline
next_state   none
state_time   Thu Apr 30 16:57:28 2009
restarter    svc:/system/svc/restarter:default
dependency   require_any/error svc:/milestone/network (online)
dependency   require_all/error svc:/system/filesystem/local (online)
dependency   require_all/error svc:/system/idmap:default (disabled)

So start the CIFS server using the -r option to start all dependent services:

svcadm enable -r smb/server

If you'll be connecting to Windows machines and you use a workgroup other than the default 'WORKGROUP', set the CIFS workgroup as follows (swapping '@HOME' with the name of your workgroup):

bleonard@opensolaris:~$ smbadm join -w @HOME
Successfully joined workgroup '@HOME'

Configure the Pluggable Authentication Module (PAM) to work with CIFS. First, add the following to /etc/pam.conf:

#
# For CIFS Authentication
#
other   password required       pam_smb_passwd.so.1 nowarn

Then reset your password so it can be stored by the CIFS password encrypter (OpenSolaris will not let you set the same password, however, you can change it to something else and then back if you want to keep your original password):

bleonard@opensolaris:~$ passwd
passwd: Changing password for bleonard
Enter existing login password:
New Password:
Re-enter new Password:
passwd: password successfully changed for bleonard

Set up a share. This is most easily done with ZFS:

pfexec zfs set sharesmb=on rpool/export/home

You can verify the share with the following:

bleonard@opensolaris:~$ sharemgr show -vp
default nfs=()
zfs
    zfs/rpool/export/home smb=()
	  rpool_export_home=/export/home

Note the share name from Windows will appear as "rpool_export_home". You can use the sharemgr to change this to something more friendly, such as just "home".

pfexec sharemgr set -P smb -p name=home zfs/rpool/export/home

Connect to the share from your CIFS client. Note, due to bug 6749515, the CIFS server is not listed in the Windows workgroup computers list. This should be resolved in OpenSolaris 2009.06. For now, it's easiest to enter either the domain name or IP address of the OpenSolaris CIFS server and then enter your OpenSolaris User name and Password in the Connect to dialog:



Once connected, you can browse the OpenSolaris machine just like you would your local Windows drive:


Comments:

you might want to add how to change the name of the share to that

Posted by nacho on April 30, 2009 at 03:54 PM GMT #

You don't need the identity mapping service unless you need to map Unix uid & gids to Windows sids. Identity mapping is not required for normal use.

Posted by andrewk7 on May 01, 2009 at 07:05 AM GMT #

@nacho - good suggestion - done.

@andrewk7 - but the smb/server has a required dependency on the identity mapping service. smb/server fails to start if idmap isn't also running.

Posted by Brian Leonard on May 01, 2009 at 07:35 AM GMT #

Thanks for writing this--it's probably the best step-by-step guide I've seen. I can now get workgroup mode to work like a charm out of the box with OSOL 2009.06 on my home system, but joining a domain on my work PC still eludes me after hours and hours and hours of trying (works fine with likewise on Ubuntu though, wth!)

Also weird, is that even in workgroup mode which "works", I can only access it via \\\\<IP ADDRESS>, I can't access it by hostname (\\\\<hostname>\\<share>).

Posted by Garen on November 04, 2009 at 04:58 PM GMT #

thanks for the help getting started with this. no matter what I try though, I cannot get this to work with Windows 7 as the client. It sees the Solaris machine and prompts for a u/n and pwd, but won't accept any combination of either (like user@machine, user@domain, machine\\user). help!

Posted by Tom on March 11, 2010 at 12:15 PM GMT #

Hi, I followed this tutorial with great success. However, my clients connecting to the zfs shares via samba cannot delete directories but they can create files and their own directories.

For example. A Mac client creates a folder on the share. ls -l outputs this permissions:

d--------+ myname mygroup 2 jun 1 12:00 madebyclient

A user on the OSOL server creates a folder that looks like this:

drwxr-xr-x 2 myname mygroup 2 jun 1 12:00 madebyserver

I am almost there. Any help is appreciated.

Posted by TakUMI ADA on June 03, 2010 at 02:47 PM GMT #

cool, it works!

Posted by nas servers review on August 01, 2010 at 11:23 AM GMT #

well this page has some great info - I thought I would add in the fix for the solaris server name showing up in windows network:

sharectl set -p system_comment=yourservername

the system_comment property defines the solaris server name on windows network and it then shows up properly, at least for windows 7

Posted by Jeff on November 19, 2011 at 11:43 PM GMT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

The Observatory is a blog for users of Oracle Solaris. Tune in here for tips, tricks and more as we explore the Solaris operating system from Oracle.

Connect with Oracle Solaris:


Search

Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today