CIFS Sharing on Solaris 11

Things have changed since Solaris 10 (and Solaris 11 Express too!) on how to properly set up a CIFS server on your Solaris 11 machine so that Windows clients can access files. There's some documentation on the changes here, but let me share the full instructions from beginning to end.
hostname: adrenaline
username: paulie
poolname: pool
mountpnt: /pool
share: mysharename
  • Install SMB server package
  • [paulie@adrenaline ~]$ sudo pkg install service/file-system/smb
  • Create the name of the share
  • [paulie@adrenaline ~]$ sudo zfs set share=name=mysharename,path=/pool,prot=smb pool
  • Turn on sharing using zfs
  • [paulie@adrenaline ~]$ sudo zfs set sharesmb=on pool
  • Turn on your smb server
  • [paulie@adrenaline ~]$ sudo svcadm enable -r smb/server
  • Check that the share is active
  • [paulie@adrenaline ~]$ sudo smbadm show-shares adrenaline
    Enter password: 
    c$                  Default Share
    IPC$                Remote IPC
    3 shares (total=3, read=3)
  • Enable an existing UNIX user for CIFS sharing (you may have to reset the password again eg.`passwd paulie` )
  • [paulie@adrenaline ~]$ sudo smbadm enable-user paulie
  • Edit pam to allow for smb authentication (add line to end of file)
  • Solaris 11 GA only:
    [paulie@adrenaline ~]$ vi /etc/pam.conf
    other   password required nowarn
    Solaris 11 U1 or later:
    [paulie@adrenaline ~]$ vi /etc/pam.d/other
    password required nowarn
  • Try to mount the share on your Windows machine
  • \\adrenaline\mysharename

Perfect example of why Solaris needs a single system GUI management tool! You probably spent quite a bit of time figuring that out and hand editing pam.conf files should never be required.

Posted by guest on February 20, 2012 at 12:27 PM MST #

Paulie, Your post made my day!!!

I am new to new to UNIX/Linux and had been experimenting with SE 11 & ZFS shares which seemed suprisingly easy to me to access as well as my WHS 2011 share or QNAP shares right out of the box. Moving to S11 has been nothing by hell for me. I couldn't figure out how to enable the smb server which works right of the bat after installing from the live SE 11 CD. My SE11 ZFS pool/share notes seemed to be almost worthless. I did find some references/solutions on package install that resulted in enabling the smb server. However, I could not understand it and I thought that this was definitely the wrong way.

See may post below
Iam finally getting somewhere after all this agony... THX again

Posted by kurtkurtosis on February 20, 2012 at 03:01 PM MST #

So what happens when your Unix user accounts are served up from LDAP and nsswitch.conf and the ldap client service is running? I currently understand that Solaris cannot even validate users for CIFS access from Sun's own Java Directory server and only supports Active Directory. This means I have to extract LDAP Unix accounts from LDAP and insert them into /etc/passwd !!!!!!!!!

Posted by guest on March 08, 2012 at 02:23 PM MST #

nice, but the CIFS Sharing is still nearly unuseable beacause of a catastrophic bug in the samba-impementation when processing wildcards in a directory containing files with unicode characters:

When a directory has this contents on a cifs-share:

Datenträger in Laufwerk Z: ist rpool
Volumeseriennummer: 4E97-4F03

Verzeichnis von Z:\TEST

04.04.2012 12:39 <DIR> .
04.04.2012 12:22 <DIR> ..
06.10.2011 11:15 0 FILENAME3_ÄÄÄÄÄÄÄ.txt
06.10.2011 11:15 <DIR> FOLDER1
08.11.2011 11:50 <DIR> is.a.folder.txt
08.11.2011 12:15 0 FILENAME4_üöäÜÖħ.txta
06.10.2011 11:14 0 FILENAME1_TEXT.txt
06.10.2011 11:15 <DIR> FOLDER2
08.11.2011 11:50 0 not_a_folder
06.10.2011 11:15 0 FILENAME2_§§§§§§§§.txt
5 Datei(en), 0 Bytes
5 Verzeichnis(se), 60.948.753.408 Bytes frei

and you want to get the files containing _ you will see this catastrophic wrong behaviour:

Z:\TEST>dir *_*.*
Datenträger in Laufwerk Z: ist rpool
Volumeseriennummer: 4E97-4F03

Verzeichnis von Z:\TEST

06.10.2011 11:14 0 FILENAME1_TEXT.txt
1 Datei(en), 0 Bytes
0 Verzeichnis(se), 60.948.753.408 Bytes frei

The same on the C:-Disk gives the correct result:

C:\TEMP\TEST>dir *_*.*
Datenträger in Laufwerk C: ist System
Volumeseriennummer: 48E6-5F1D

Verzeichnis von C:\TEMP\TEST

06.10.2011 11:14 0 FILENAME1_TEXT.txt
06.10.2011 11:15 0 FILENAME2_§§§§§§§§.txt
06.10.2011 11:15 0 FILENAME3_ÄÄÄÄÄÄÄ.txt
08.11.2011 12:15 0 FILENAME4_üöäÜÖħ.txta
08.11.2011 11:50 0 not_a_folder
5 Datei(en), 0 Bytes
0 Verzeichnis(se), 35.015.794.688 Bytes frei

The bug is not only reproduceable in the DOS-dir-command but also in all Windows-API-Functions to read directories (FindFirstFile,FindFirstFileEx,...).

Posted by Martin Riethmüller on April 03, 2012 at 11:59 PM MDT #

Only half the battle - try getting Solaris 11 to join AD and authenticate users. The documentation is useless, I found a forum post that had the correct info but then of course it stopped working half the time.

Posted by James on April 26, 2012 at 06:42 PM MDT #


Nice job, and worked like a charm; however, you must also comment out this line or you will not be able to change your passwd, if the user already exisited. #other password required nowarn

Thanks again, Paulie

Posted by guest on May 11, 2012 at 01:27 AM MDT #

The second line keeps saying cannot open 'pool': filesystem does not exist

Posted by guest on November 20, 2012 at 10:56 PM MST #

I just installed Solaris 11.1 and found out that instead of modifying /etc/pam.conf one needs to add

password required nowarn



Posted by guest on December 01, 2012 at 11:41 AM MST #

Hello Paulie,

We want to use a ZFS Appliance to store Oracle datapump exports usings CIFS shares. However because the databases are running on the "SYSTEM" account in windows and datapump is running in the background.
We can use UNC paths however they should be passwordless.

Any idea how to setup CIFS on a ZFS Appliance to use UNC path's password less ?



Posted by guest on December 19, 2012 at 04:49 AM MST #

Hi Paulie,
thanks for this great post.
Tried it with success!
Do you know how to configure CIFS/SMB/ZFS so that a symbolic link on the Solaris FS could be followed on windows side?


Posted by gacgde on January 11, 2013 at 12:24 PM MST #

I tried and liked a few suggested commands (smbadm show-shares). For now though not solving my problem of seeing my zfs pool from my local networked windows boxes.

Example from share
root@laracle3nk:~# share
IPC$ smb - Remote IPC
c$ /var/smb/cvol smb - Default Share
roku_home /roku/home smb guestok=true
roku_home2 /roku/home2 smb guestok=true

Posted by guest on January 30, 2013 at 06:05 AM MST #

I have installed Solaris 11.1 fine on one machine; but after installing Solaris 11.0 on another machine, the connection locks up with
file_server_01 smbd: daemon.notice: \\win_domain_controller\PIPE\lsarpc: Device busy.

As a result, all zfs smb shares are off-line; the smbd server service does not restart when attempting to restart the service. The only temporary fix is to restart the file-server (not preferred). Any thoughts?


Posted by Devon on April 09, 2013 at 08:11 AM MDT #

It's the 11th time I come to this page.

Thanks a lot for sharing

Posted by guest on July 18, 2013 at 01:54 PM MDT #

You may have to enable idmap to get the smb/client online:
svcadm enable idmap
svcadm enable smb/client

Posted by guest on July 25, 2013 at 11:26 AM MDT #

Worked on my machine; thanks! Had to change the password of the smb user to access the share

Posted by Michael on September 24, 2013 at 09:59 AM MDT #

This step may (probably will) be necessary in order to generate SMB/CIFS passwords for existing local users
(From Page 67 of Managing SMB File Sharing and Windows Interaperability in Oracle Solaris 11.1). Your procedure omits this step. Other than that, the procedure you specified should work, at least in a workgroup environment.

Note: If you want a name other than "WORKGROUP", then "smbadm join -w <workgroup-name>" is your friend. I tend to use capitals in workgroup names. Windows seems to like that better--probably left over from days of Windows NT 3.x....

5 Specify the password for existing local users.
The SMB server cannot use the Oracle Solaris encrypted version of the local user's password for
authentication. Therefore, you must generate an encrypted version of the local user's password
for the SMB server to use. When the SMB PAM module is installed, the passwd command
generates such an encrypted version of the password.
# passwd username

Posted by guest on November 12, 2013 at 08:51 PM MST #


Following on the post by James on April 26, 2012, has anyone managed to get Solaris 11 to authenticate to Windows AD or know of a decent website that will show us how to do this?

I understand that the PAM module for AD in Solaris 11 is not for login authentication but I can find a way around that.


Posted by Sugan on November 17, 2013 at 12:36 PM MST #

In my case the package manager claimed service/file-system/smb was already installed but that was not quite accurate. The smb/server service did not exist.

I ran the install command anyway and it performed some new actions and then the smb/server service was there. Doesn't exactly give me a good feeling about the package management system.

Thanks for the tip about Do I need to reboot for the PAM module to be used?

Posted by guest on December 02, 2013 at 02:56 PM MST #

Hi Paulie,
Your instructions did not work for me on Solaris 11.1.
I can see the share but cannot connect when prompted for a user/passwd.
i joined a workgroup also (a step not included here)and i am still not connecting.
any suggestions on the missing step?

Posted by guest on April 11, 2014 at 03:50 PM MDT #

Post a Comment:
  • HTML Syntax: NOT allowed

Hiya, my name is Paul Johnson and I'm a software engineer working on the Oracle ZFS Storage Appliance .


« December 2016