X

News, tips, partners, and perspectives for the Oracle Solaris operating system

Accessing OpenSolaris Shares From Windows

Guest Author

Last year I wrote an entry on Accessing Windows Shares
from OpenSolaris. This is the other way around - setting up OpenSolaris
as a CIFS server so I could browse its shares from Windows.

To begin, install the CIFS server packages:

bleonard@opensolaris:~$ pfexec pkg install SUNWsmbskr
PHASE ITEMS
Indexing Packages 554/554
DOWNLOAD PKGS FILES XFER (MB)
Completed 1/1 6/6 0.42/0.42
PHASE ACTIONS
Install Phase 17/17
Reading Existing Index 9/9
Indexing Packages 1/1
bleonard@opensolaris:~$ pfexec pkg install SUNWsmbs
DOWNLOAD PKGS FILES XFER (MB)
Completed 1/1 28/28 1.07/1.07
PHASE ACTIONS
Install Phase 62/62
PHASE ITEMS
Reading Existing Index 9/9
Indexing Packages 1/1

Note, there's a broken dependency between SUNWsmbs and
SUNWsmbskr, which is why it's necessary to install both packages. This
will be addressed with the upcoming 2009.06 release. See bug 5390 for more details.

After the packages are installed, reboot the system (there is a work-around, which you can read here. Personally I found it easier to reboot). You can follow bug 8647 to track the progress of this issue.

Notice that the CIFS server is dependent on the Native Identity Mapping Service, which is disabled by default:

bleonard@opensolaris:~$ svcs -l smb/server
fmri svc:/network/smb/server:default
name smbd daemon
enabled true
state offline
next_state none
state_time Thu Apr 30 16:57:28 2009
restarter svc:/system/svc/restarter:default
dependency require_any/error svc:/milestone/network (online)
dependency require_all/error svc:/system/filesystem/local (online)
dependency require_all/error svc:/system/idmap:default (disabled)

So start the CIFS server using the -r option to start all dependent services:

svcadm enable -r smb/server

If you'll be connecting to Windows machines and you use a workgroup
other than the default 'WORKGROUP', set the CIFS workgroup as follows
(swapping '@HOME' with the name of your workgroup):

bleonard@opensolaris:~$ smbadm join -w @HOME
Successfully joined workgroup '@HOME'

Configure the Pluggable Authentication Module (PAM) to work with CIFS. First, add the following to /etc/pam.conf:

#
# For CIFS Authentication
#
other password required pam_smb_passwd.so.1 nowarn

Then reset your password so it can be stored by the CIFS password
encrypter (OpenSolaris will not let you set the same password, however,
you can change it to something else and then back if you want to keep
your original password):

bleonard@opensolaris:~$ passwd
passwd: Changing password for bleonard
Enter existing login password:
New Password:
Re-enter new Password:
passwd: password successfully changed for bleonard

Set up a share. This is most easily done with ZFS:

pfexec zfs set sharesmb=on rpool/export/home

You can verify the share with the following:

bleonard@opensolaris:~$ sharemgr show -vp
default nfs=()
zfs
zfs/rpool/export/home smb=()

rpool_export_home=/export/home

Note the share name from Windows will appear as "rpool_export_home". You can use the sharemgr to change this to something more friendly, such as just "home".

pfexec sharemgr set -P smb -p name=home zfs/rpool/export/home

Connect to the share from your CIFS client. Note, due to bug 6749515, the CIFS server is not listed in the Windows workgroup computers list. This
should be resolved in OpenSolaris 2009.06. For now, it's easiest to
enter either the domain name or IP address of the OpenSolaris CIFS
server and then enter your OpenSolaris User name and Password in the
Connect to dialog:



Once connected, you can browse the OpenSolaris machine just like you would your local Windows drive:


Join the discussion

Comments ( 8 )
  • nacho Thursday, April 30, 2009

    you might want to add how to change the name of the share to that


  • andrewk7 Friday, May 1, 2009

    You don't need the identity mapping service unless you need to map Unix uid & gids to Windows sids. Identity mapping is not required for normal use.


  • Brian Leonard Friday, May 1, 2009

    @nacho - good suggestion - done.

    @andrewk7 - but the smb/server has a required dependency on the identity mapping service. smb/server fails to start if idmap isn't also running.


  • Garen Wednesday, November 4, 2009

    Thanks for writing this--it's probably the best step-by-step guide I've seen. I can now get workgroup mode to work like a charm out of the box with OSOL 2009.06 on my home system, but joining a domain on my work PC still eludes me after hours and hours and hours of trying (works fine with likewise on Ubuntu though, wth!)

    Also weird, is that even in workgroup mode which "works", I can only access it via \\\\<IP ADDRESS>, I can't access it by hostname (\\\\<hostname>\\<share>).


  • Tom Thursday, March 11, 2010

    thanks for the help getting started with this. no matter what I try though, I cannot get this to work with Windows 7 as the client. It sees the Solaris machine and prompts for a u/n and pwd, but won't accept any combination of either (like user@machine, user@domain, machine\\user). help!


  • TakUMI ADA Thursday, June 3, 2010

    Hi, I followed this tutorial with great success. However, my clients connecting to the zfs shares via samba cannot delete directories but they can create files and their own directories.

    For example. A Mac client creates a folder on the share. ls -l outputs this permissions:

    d--------+ myname mygroup 2 jun 1 12:00 madebyclient

    A user on the OSOL server creates a folder that looks like this:

    drwxr-xr-x 2 myname mygroup 2 jun 1 12:00 madebyserver

    I am almost there. Any help is appreciated.


  • nas servers review Sunday, August 1, 2010

    cool, it works!


  • Jeff Saturday, November 19, 2011

    well this page has some great info - I thought I would add in the fix for the solaris server name showing up in windows network:

    sharectl set -p system_comment=yourservername

    the system_comment property defines the solaris server name on windows network and it then shows up properly, at least for windows 7


Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.