X
  • February 20, 2012

CIFS Sharing on Solaris 11

Things have changed since Solaris 10 (and Solaris 11 Express too!) on how to properly set up a CIFS server on your Solaris 11 machine so that Windows clients can access files. There's some documentation on the changes here, but let me share the full instructions from beginning to end.
hostname: adrenaline
username: paulie
poolname: pool
mountpnt: /pool
share: mysharename
  • Install SMB server package
  • [paulie@adrenaline ~]$ sudo pkg install service/file-system/smb
  • Create the name of the share
  • [paulie@adrenaline ~]$ sudo zfs set share=name=mysharename,path=/pool,prot=smb pool
  • Turn on sharing using zfs
  • [paulie@adrenaline ~]$ sudo zfs set sharesmb=on pool
  • Turn on your smb server
  • [paulie@adrenaline ~]$ sudo svcadm enable -r smb/server
  • Check that the share is active
  • [paulie@adrenaline ~]$ sudo smbadm show-shares adrenaline
    Enter password:
    c$ Default Share
    IPC$ Remote IPC
    mysharename
    3 shares (total=3, read=3)
  • Enable an existing UNIX user for CIFS sharing
    (you may have to reset the password again eg.`passwd paulie` )
  • [paulie@adrenaline ~]$ sudo smbadm enable-user paulie
  • Edit pam to allow for smb authentication (add line to end of file)

  • Solaris 11 GA only:
    [paulie@adrenaline ~]$ vi /etc/pam.conf
    other password required pam_smb_passwd.so.1 nowarn

    Solaris 11 U1 or later:
    [paulie@adrenaline ~]$ vi /etc/pam.d/other
    password required pam_smb_passwd.so.1 nowarn
  • Try to mount the share on your Windows machine
  • \\adrenaline\mysharename

Join the discussion

Comments ( 19 )
  • guest Monday, February 20, 2012

    Perfect example of why Solaris needs a single system GUI management tool! You probably spent quite a bit of time figuring that out and hand editing pam.conf files should never be required.


  • kurtkurtosis Monday, February 20, 2012

    Paulie, Your post made my day!!!

    I am new to new to UNIX/Linux and had been experimenting with SE 11 & ZFS shares which seemed suprisingly easy to me to access as well as my WHS 2011 share or QNAP shares right out of the box. Moving to S11 has been nothing by hell for me. I couldn't figure out how to enable the smb server which works right of the bat after installing from the live SE 11 CD. My SE11 ZFS pool/share notes seemed to be almost worthless. I did find some references/solutions on package install that resulted in enabling the smb server. However, I could not understand it and I thought that this was definitely the wrong way.

    See may post below

    https://forums.oracle.com/forums/thread.jspa?threadID=2348497&tstart=0

    Iam finally getting somewhere after all this agony... THX again


  • guest Thursday, March 8, 2012

    So what happens when your Unix user accounts are served up from LDAP and nsswitch.conf and the ldap client service is running? I currently understand that Solaris cannot even validate users for CIFS access from Sun's own Java Directory server and only supports Active Directory. This means I have to extract LDAP Unix accounts from LDAP and insert them into /etc/passwd !!!!!!!!!


  • Martin Riethmüller Wednesday, April 4, 2012

    nice, but the CIFS Sharing is still nearly unuseable beacause of a catastrophic bug in the samba-impementation when processing wildcards in a directory containing files with unicode characters:

    When a directory has this contents on a cifs-share:

    Z:\TEST>dir

    Datenträger in Laufwerk Z: ist rpool

    Volumeseriennummer: 4E97-4F03

    Verzeichnis von Z:\TEST

    04.04.2012 12:39 <DIR> .

    04.04.2012 12:22 <DIR> ..

    06.10.2011 11:15 0 FILENAME3_ÄÄÄÄÄÄÄ.txt

    06.10.2011 11:15 <DIR> FOLDER1

    08.11.2011 11:50 <DIR> is.a.folder.txt

    08.11.2011 12:15 0 FILENAME4_üöäÜÖħ.txta

    06.10.2011 11:14 0 FILENAME1_TEXT.txt

    06.10.2011 11:15 <DIR> FOLDER2

    08.11.2011 11:50 0 not_a_folder

    06.10.2011 11:15 0 FILENAME2_§§§§§§§§.txt

    5 Datei(en), 0 Bytes

    5 Verzeichnis(se), 60.948.753.408 Bytes frei

    and you want to get the files containing _ you will see this catastrophic wrong behaviour:

    Z:\TEST>dir *_*.*

    Datenträger in Laufwerk Z: ist rpool

    Volumeseriennummer: 4E97-4F03

    Verzeichnis von Z:\TEST

    06.10.2011 11:14 0 FILENAME1_TEXT.txt

    1 Datei(en), 0 Bytes

    0 Verzeichnis(se), 60.948.753.408 Bytes frei

    The same on the C:-Disk gives the correct result:

    C:\TEMP\TEST>dir *_*.*

    Datenträger in Laufwerk C: ist System

    Volumeseriennummer: 48E6-5F1D

    Verzeichnis von C:\TEMP\TEST

    06.10.2011 11:14 0 FILENAME1_TEXT.txt

    06.10.2011 11:15 0 FILENAME2_§§§§§§§§.txt

    06.10.2011 11:15 0 FILENAME3_ÄÄÄÄÄÄÄ.txt

    08.11.2011 12:15 0 FILENAME4_üöäÜÖħ.txta

    08.11.2011 11:50 0 not_a_folder

    5 Datei(en), 0 Bytes

    0 Verzeichnis(se), 35.015.794.688 Bytes frei

    The bug is not only reproduceable in the DOS-dir-command but also in all Windows-API-Functions to read directories (FindFirstFile,FindFirstFileEx,...).


  • James Friday, April 27, 2012

    Only half the battle - try getting Solaris 11 to join AD and authenticate users. The documentation is useless, I found a forum post that had the correct info but then of course it stopped working half the time.


  • guest Friday, May 11, 2012

    Hey Yo PAULIE,

    Nice job, and worked like a charm; however, you must also comment out this line or you will not be able to change your passwd, if the user already exisited. #other password required pam_smb.so.1 nowarn

    Thanks again, Paulie


  • guest Wednesday, November 21, 2012

    The second line keeps saying cannot open 'pool': filesystem does not exist


  • guest Saturday, December 1, 2012

    I just installed Solaris 11.1 and found out that instead of modifying /etc/pam.conf one needs to add

    password required pam_smb_passwd.so.1 nowarn

    to

    /etc/pam.d/other


  • guest Wednesday, December 19, 2012

    Hello Paulie,

    We want to use a ZFS Appliance to store Oracle datapump exports usings CIFS shares. However because the databases are running on the "SYSTEM" account in windows and datapump is running in the background.

    We can use UNC paths however they should be passwordless.

    Any idea how to setup CIFS on a ZFS Appliance to use UNC path's password less ?

    Regards,

    Laurens


  • gacgde Friday, January 11, 2013

    Hi Paulie,

    thanks for this great post.

    Tried it with success!

    Do you know how to configure CIFS/SMB/ZFS so that a symbolic link on the Solaris FS could be followed on windows side?

    Thanks.


  • guest Wednesday, January 30, 2013

    I tried and liked a few suggested commands (smbadm show-shares). For now though not solving my problem of seeing my zfs pool from my local networked windows boxes.

    Example from share

    root@laracle3nk:~# share

    IPC$

    smb

    -

    Remote IPC

    c$

    /var/smb/cvol

    smb

    -

    Default Share

    roku_home

    /roku/home

    smb

    guestok=true



    roku_home2

    /roku/home2

    smb

    guestok=true


  • Devon Tuesday, April 9, 2013

    I have installed Solaris 11.1 fine on one machine; but after installing Solaris 11.0 on another machine, the connection locks up with

    file_server_01 smbd: daemon.notice: \\win_domain_controller\PIPE\lsarpc: Device busy.

    As a result, all zfs smb shares are off-line; the smbd server service does not restart when attempting to restart the service. The only temporary fix is to restart the file-server (not preferred). Any thoughts?

    Devon


  • guest Thursday, July 18, 2013

    It's the 11th time I come to this page.

    Thanks a lot for sharing


  • guest Thursday, July 25, 2013

    You may have to enable idmap to get the smb/client online:

    svcadm enable idmap

    svcadm enable smb/client


  • Michael Tuesday, September 24, 2013

    Worked on my machine; thanks! Had to change the password of the smb user to access the share


  • guest Wednesday, November 13, 2013

    This step may (probably will) be necessary in order to generate SMB/CIFS passwords for existing local users

    (From Page 67 of Managing SMB File Sharing and Windows Interaperability in Oracle Solaris 11.1). Your procedure omits this step. Other than that, the procedure you specified should work, at least in a workgroup environment.

    Note: If you want a name other than "WORKGROUP", then "smbadm join -w <workgroup-name>" is your friend. I tend to use capitals in workgroup names. Windows seems to like that better--probably left over from days of Windows NT 3.x....

    5 Specify the password for existing local users.

    The SMB server cannot use the Oracle Solaris encrypted version of the local user's password for

    authentication. Therefore, you must generate an encrypted version of the local user's password

    for the SMB server to use. When the SMB PAM module is installed, the passwd command

    generates such an encrypted version of the password.

    # passwd username


  • Sugan Sunday, November 17, 2013

    Hi

    Following on the post by James on April 26, 2012, has anyone managed to get Solaris 11 to authenticate to Windows AD or know of a decent website that will show us how to do this?

    I understand that the PAM module for AD in Solaris 11 is not for login authentication but I can find a way around that.

    thanks!

    Sugan


  • guest Monday, December 2, 2013

    In my case the package manager claimed service/file-system/smb was already installed but that was not quite accurate. The smb/server service did not exist.

    I ran the install command anyway and it performed some new actions and then the smb/server service was there. Doesn't exactly give me a good feeling about the package management system.

    Thanks for the tip about pam_smb_passwd.so.1. Do I need to reboot for the PAM module to be used?


  • guest Friday, April 11, 2014

    Hi Paulie,

    Your instructions did not work for me on Solaris 11.1.

    I can see the share but cannot connect when prompted for a user/passwd.

    i joined a workgroup also (a step not included here)and i am still not connecting.

    any suggestions on the missing step?


Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha
Oracle

Integrated Cloud Applications & Platform Services