Configuring the OpenSolaris CIFS Server in Workgroup Mode

[Update July 4th 2008: This article was written prior to the release of OpenSolaris 2008.05, and I used the term OpenSolaris sloppily as I really meant Solaris Express Community Edition, codenamed "Nevada". If you take a look here the different downloads available are explained.

These instructions are equally applicable to both distributions, but depending on what Solaris Express Community Edition package cluster you install you may not have the SMB server packages (I always install everything, so I cannot be more precise than that). In the case of OpenSolaris 2008.05 you will need to add the packages SUNWsmbkr & SUNWsmbs from the repository using Package Manager, or using the pkg install <pkgname> command.]

This article documents a quick and simple process showing you how configure the OpenSolaris CIFS Server in Workgroup Mode. 

I am working on a Sun Fire X4500 with Solaris Nevada build 86 installed....

root@isv-x4500b # uname -a
SunOS isv-x4500b 5.11 snv_86 i86pc i386 i86pc

I already have a ZFS storage pool called "tank" created, so here goes:

1. Enable the CIFS server

root@isv-x4500b # svcadm enable -r smb/server
svcadm: svc:/milestone/network depends on svc:/network/physical, which has multiple instances

This diagnostic message, and it can be ignored.

2. Create the ZFS file system

root@isv-x4500b # zfs create -o casesensitivity=mixed tank/cifs0

3. Share the new file system via SMB and check that status of the operation

root@isv-x4500b # zfs set sharesmb=on tank/cifs0
root@isv-x4500b # sharemgr show -vp
default nfs=()
zfs
    zfs/tank/cifs0 smb=()
          tank_cifs0=/tank/cifs0

4. Change the name of the Share

I don't like the default name of the share, tank_cifs0, so I will change that to cifs0

root@isv-x4500b # zfs set sharesmb=name=cifs0 tank/cifs0
root@isv-x4500b # sharemgr show -vp
default nfs=()
zfs
    zfs/tank/cifs0 smb=()
          cifs0=/tank/cifs0

5. Set the name of the Workgroup.

By default the workgroup name is "workgroup" but I want to change that to "solcifs".

root@isv-x4500b # smbadm join -w solcifs
Successfully joined workgroup 'solcifs'

6. Install the SMB PAM module

Add the below line to the end of /etc/pam.conf:

other   password required       pam_smb_passwd.so.1     nowarn

In this whole process, this is the only time I have to edit a file, and this is a one off.

7. Set/Change the Passwords for any Solaris User That Will be Used to Authenticate when Connecting to a  CIFS share

I will user root, but I could use any Solaris user the server knows about.

root@isv-x4500b # passwd root
New Password:
Re-enter new Password:
passwd: password successfully changed for root

With the SMB PAM module installed, this generates passwords that can be used by Windows as well as Solaris. This is a required step.

8. From Windows, Map the Share

From windows, the share is accessed via its UNC path: \\\\isv-x4500b\\cifs0. OpenSolaris CIFS does not support access to shares by unauthenticated users: it does not have an equivalent of SAMBA's "guest mode". In this example, I have authenticated myself as root.

Map Share

The mapped share looks like this...

Mapped Share

Files created from Windows will be owned on the Solaris server by the user you authenticated with. If that user does not have the correct UNIX permissions for the shared directory then some file operations will fail. That is easily fixed using chmod .

I can also browse the OpenSolaris CIFS server from Windows...

Browse Shares

For More Information

OpenSolaris Project: CIFS Server Home Page

Open Solaris CIFS Documentation including the Solaris CIFS Administrators Guide & Troubleshooting Information

Also, consider joining the Open Solaris Storage Discuss Forum

Comments:

I wish I was an isv with a x4500 :D

Posted by Andy on June 05, 2008 at 07:38 PM BST #

This guide makes a variety of assumptions that are simply not true. For example, no matter which version of solaris you use, you cannot simply enable the CIFS server, you must INSTALL it first.

Posted by taltamir on June 30, 2008 at 07:54 PM BST #

Hi Taltamir. You make a fair point about having to install the packages. I have posted an amendment at the top of the article. Rgds, Tim

Posted by Tim Thomas on July 04, 2008 at 03:42 AM BST #

One more thing .. the article says "SUNWsmbkr". It should be "SUNWsmbskr". Also - it was not obvious that you needed to reboot after installing these packages. Once I did that, all of this worked as planned.

Posted by juan on August 04, 2008 at 07:38 AM BST #

Tim, I've been struggleing with CIFS/SMB for 4-days straight. Following your tutorial, I did it in 10 minutes. Thankyou!

Posted by Envision28 on August 25, 2008 at 06:18 AM BST #

Why ever use the user root? Hopefully this is a protected, very small network/vpn'd network of your windows machine and solaris machine, otherwise sending the root password plain text to the cifsd isn't so smart.

Otherwise great article, thanks.

Posted by michael dupree on September 10, 2008 at 09:55 PM BST #

Excellent post !! I managed to make a share folder in less than 10 minutes... once I've found that I should install the package ! :-))

Thx a lot !

Cedric

Posted by Cédric Heymann on September 14, 2008 at 03:18 PM BST #

This comment is probably an after the fact correction... I'm too new to know if the SMB PAM module mentioned was actually an installable package at some point, but in version 11 it is included in
SUNWsmbs. So its done when you install that package.

I spent a good while looking for a SMB PAM module to install, until a kind poster on opensol.zfs told me.

I still am not able to map a windows machine to the zfs/cifs share... not sure what I've done wrong but it all looks good on the solaris side.... and did redo passwd for cifs users following addition of the line in pam.conf

Posted by Harry Putnam on February 19, 2009 at 09:05 AM GMT #

You probably have an ACL issue.
I turn them all off.

/usr/bin/chmod A=everyone@:full_set:fd:allow /tank/public

/tank/public being an example share.

check ACLs with:

/usr/bin/ls -av

Posted by Colin Johnson on March 01, 2009 at 01:53 AM GMT #

Rsponding to Colin Johnsons post of March 01 where he suggested by problems with cifs may be due
to ACLs. But checking them with the suggested command:
/usr/bin/ls -av /some/share
I see my user appears to have read/write and all privileges. But I'm not really sure what I'm looking at:
1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/write_xattr/execute/write_attributes/write_acl
/write_owner:allow

Posted by Harry Putnam on March 23, 2009 at 07:43 AM GMT #

I have been fighting with this and have been over your blog many times. I too missed the install part but unfortunately it didn't fix the problems for me. Though installing the server did remove the errors I was getting it did not make the share browsable from windows machines. Also, I would like to allow anyone on the network access to the share without being challenged for a password. Is there a way to do this?

Posted by Dru Devore on May 05, 2009 at 02:12 PM BST #

Hi Dru. I have long since changed roles at Sun since I wrote this blog entry and am in a Sales Job now, not an Engineering job, so don't have access to equipment to resolve issues. I can tell you that there is no "guest mode" for Solaris CIFS ala SAMBA, thought it is often requested. My only suggestion would be that you go to opensolaris.org and join the cifs-discuss forum there to ask your questions. Rgds, Tim

Posted by Tim Thomas on May 06, 2009 at 03:42 AM BST #

Good guide, got me up and running in minutes.

However CIFS is not for me, I'll need to get samba up and running. Guest login is used by my media streamer.

Posted by Martyn Ayshford on June 20, 2009 at 02:11 PM BST #

Post a Comment:
Comments are closed for this entry.
About

Tim Thomas

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today