1 NSMBRC(4) File Formats and Configurations NSMBRC(4) 2 3 4 5 NAME 6 nsmbrc - configuration file for Solaris CIFS client requests 7 8 SYNOPSIS 9 $HOME/.nsmbrc 10 11 12 DESCRIPTION 13 Global behavior of the Solaris CIFS client is defined by property 14 values that are stored in the Service Management Facility (SMF). The 15 .nsmbrc file can be used to customize the behavior of the Solaris CIFS 16 client on a per-user basis. Settings in the $HOME/.nsmbrc file are used 17 unless they have security implications. 18 19 20 An authorized user can use the sharectl command to set global values 21 for these properties in SMF. See sharectl(1M). 22 23 24 A regular user can change the global values when granted the "SMBFS 25 Management" rights profile in the /user_attr file. See user_attr(4) and 26 rbac(5). 27 28 29 The SMBFS library first reads from SMF and then the $HOME/.nsmbrc file 30 when determining which policy to apply to a particular server, user, or 31 share. $HOME/.nsmbrc entries take precedence with the exception of the 32 minauth property value. For minauth, the strongest authentication level 33 specified is used. Sections are applied so that more specific sections 34 override less specific sections. Not all keywords are valid in all 35 sections. 36 37 38 The configuration file is comprised of these four section types. Each 39 section can include zero or more properties and associated values. The 40 sections also have a hierarchical relationship with each other, as 41 shown by the order of the following list: 42 43 o Default section. Specifies the default property values to be 44 used by all other sections unless specifically overridden. 45 46 The section name appears in the .nsmbrc file as [default]. 47 48 o Server section. Specifies the property values to be used by 49 sections that are related to the named server. These 50 property values can be specifically overridden by a related 51 user section or share section. 52 53 The section name appears in the .nsmbrc file as [server- 54 name]. server-name must use uppercase characters to match. 55 56 o User section. Specifies the property values to be used by 57 sections that are related to the named server and user. 58 These property values can be specifically overridden by a 59 related share section. 60 61 The section name appears in the .nsmbrc as [server- 62 name:username]. Both server-name and username must use 63 uppercase characters to match. 64 65 o Share section. Specifies the property values to be used by 66 sections that are related to the named server, user, and 67 share. 68 69 The section name appears in the .nsmbrc as [server- 70 name:username:share-name]. Both server-name and username 71 must use uppercase characters to match. 72 73 74 The end of each section is marked either by the start of a new section 75 or by an end of file (EOF). 76 77 78 The following list describes the properties and states in which 79 sections they can be set: 80 81 addr 82 83 Specifies the DNS name or IP address of the CIFS server. This 84 property can only be set in a server section. If this property is 85 specified, it must specify a value as there is no default. 86 87 88 domain 89 90 Specifies the Windows domain name to use when authenticating with a 91 server. The default value is WORKGROUP. This property can only be 92 set in the default and server sections. 93 94 95 minauth 96 97 Is the minimum authentication level required, which can be one of 98 kerberos, ntlmv2, ntlm, lm, or none. If minauth is set globally and 99 in a user's .nsmbrc file, the stronger authentication setting are 100 used whether set by the user or globally. This property can only 101 be set in the default and server sections. The default value is 102 ntlm. 103 104 105 min_protocol 106 107 Is the minimum SMB protocol level that will be negotiated, which 108 must be one of: 1, 2.1 This property can only be set in the default 109 and server sections. The default value is 1. 110 111 112 max_protocol 113 114 Is the maximum SMB protocol level that will be negotiated, which 115 must be one of: 1, 2.1 This property can only be set in the default 116 and server sections. The default value is 2.1. 117 118 119 nbns 120 121 Specifies the DNS name or IP address of the NetBIOS/WINS name 122 server. This property can only be set by an administrator by using 123 the sharectl command. This property can only be set in the default 124 section. The default value is empty, nbns="". 125 126 127 nbns_broadcast 128 129 Specifies whether to perform NetBIOS/WINS broadcast lookups. 130 Broadcast lookups are less secure than unicast lookups. To prevent 131 broadcast lookups, set the value to no. This property has no effect 132 if the nbns_enable property is set to no or false. This property 133 can only be set by an administrator by using the sharectl command. 134 This property can only be set in the default section. Valid values 135 are yes, true, no, and false. The default value is yes. 136 137 138 nbns_enable 139 140 Specifies whether to perform NetBIOS/WINS name lookups. To force 141 all lookups to be done through the name service switch (see 142 nsswitch.conf(4)), set the value to no. This property can only be 143 set by an administrator by using the sharectl command. This 144 property can only be set in the default section. Valid values are 145 yes, true, no, and false. The default value is yes. 146 147 148 password 149 150 Specifies the password to use when authenticating a server. The 151 password property value is used as long as the .nsmbrc file can 152 only be read and written by the owner. This property can be set in 153 the default, server, user, and share sections. 154 155 If you assign the hashed password from the smbutil crypt command to 156 the password property, be sure to escape the special characters in 157 the password. 158 159 160 signing 161 162 Specifies whether communications are digitally signed by SMB 163 security signatures for the Solaris CIFS client. This property can 164 only be set in the default and server sections. Valid values are 165 disabled, enabled, and required. The default value is disabled. 166 167 When set to disabled, the client permits the use of SMB security 168 signatures only if the server requires signing. In such an 169 instance, the Solaris CIFS client ignores local property values. 170 171 When set to enabled, the client permits, but does not require, the 172 use of SMB security signatures. 173 174 When set to required, the client requires the use of SMB security 175 signatures. So, if SMB security signatures are disabled on a CIFS 176 server and a client has signing required, the client cannot connect 177 to that server. 178 179 180 timeout 181 182 Specifies the CIFS request timeout. By default, the timeout is 15 183 seconds. This property can only be set in the default, server, and 184 share sections. 185 186 187 user 188 189 Specifies the user name to use when authenticating a server. The 190 default value is the Solaris account name of the user performing 191 the authentication. This property can only be set in the default 192 and server sections. 193 194 195 workgroup 196 197 Is supported for compatibility purposes and is a synonym for the 198 domain property. Use the domain property instead. 199 200 201 EXAMPLES 202 The examples in this section show how to use the .nsmbrc file and the 203 smbutil command to configure the ex.com environment. 204 205 206 The ex.com environment is described by means of these sections and 207 settings: 208 209 o The default section describes the default domain, which is 210 called MYDOMAIN, and sets a default user of MYUSER. These 211 default settings are inherited by other sections unless 212 property values are overridden. 213 214 o FSERVER is a server section that defines a server called 215 fserv.ex.com. It is part of the SALES domain. 216 217 o RSERVER is a server section that defines a server called 218 rserv.ex.com that belongs to a new domain called REMGROUP. 219 220 Example 1 Using the $HOME/.nsmbrc Configuration File 221 222 223 The following example shows how a user can configure the ex.com 224 environment by creating the .nsmbrc file. 225 226 227 228 All lines that begin with the # character are comments and are not 229 parsed. 230 231 232 # Configuration file for ex.com 233 # Specify the Windows account name to use everywhere. 234 [default] 235 domain=MYDOMAIN 236 user=MYUSER 237 238 # The 'FSERVER' is server in our domain. 239 [FSERVER] 240 addr=fserv.ex.com 241 242 # The 'RSERVER' is a server in another domain. 243 [RSERVER] 244 domain=REMGROUP 245 addr=rserv.ex.com 246 247 248 Example 2 Using the sharectl Command 249 250 251 The following example shows how an authorized user can use sharectl 252 commands to configure global settings for the ex.com environment in 253 SMF. 254 255 256 # sharectl set -p section=default -p domain=MYDOMAIN \ 257 -p user=MYUSER smbfs 258 # sharectl set -p section=FSERVER -p addr=fserv.ex.com smbfs 259 # sharectl set -p section=RSERVER -p domain=REMGROUP \ 260 -p addr=rserv.ex.com smbfs 261 262 263 264 Example 3 Using the sharectl Command to Show Current Settings 265 266 267 The following example shows how an authorized user can use the sharectl 268 get command to view the global settings for smbfs in SMF. The values 269 shown are those set by the previous example. 270 271 272 # sharectl get smbfs 273 [default] 274 domain=MYDOMAIN 275 user=MYUSER 276 [FSERVER] 277 addr=fserv.ex.com 278 [RSERVER] 279 domain=REMGROUP 280 addr=rserv.ex.com 281 282 283 284 FILES 285 $HOME/.nsmbrc 286 287 User-settable mount point configuration file to store the 288 description for each connection. 289 290 291 ATTRIBUTES 292 See attributes(5) for descriptions of the following attributes: 293 294 295 296 297 +--------------------+-----------------+ 298 | ATTRIBUTE TYPE | ATTRIBUTE VALUE | 299 +--------------------+-----------------+ 300 |Interface Stability | Committed | 301 +--------------------+-----------------+ 302 303 SEE ALSO 304 smbutil(1), mount_smbfs(1M), sharectl(1M), nsswitch.conf(4), 305 user_attr(4), attributes(5), rbac(5), smbfs(7FS) 306 307 NOTES 308 By default, passwords stored in the .nsmbrc file are ignored unless 309 only the file owner has read and write permission. 310 311 312 313 May 8, 2018 NSMBRC(4)