1 SMB(4) File Formats and Configurations SMB(4) 2 3 4 5 NAME 6 smb - configuration properties for Solaris CIFS server 7 8 DESCRIPTION 9 Behavior of the Solaris CIFS server is defined by property values that 10 are stored in the Service Management Facility, smf(5). 11 12 13 An authorized user can use the sharectl(1M) command to set global 14 values for these properties in SMF. 15 16 17 The following list describes the properties: 18 19 ads_site 20 21 Specifies the site configured in DNS to look up Active Directory 22 information. Sites provide a mechanism to partition or delegate 23 administration and policy management, which are typically used in 24 large or complex domains. 25 26 The value should not be set if you do not have a local Active 27 Directory site. By default, no value is set. 28 29 30 autohome_map 31 32 Specifies the full path for the SMD autohome map file, smbautohome. 33 The default path is /etc. 34 35 36 bypass_traverse_checking 37 38 When set, allows the SMB server to bypass ACL "traverse" checks. 39 The default value is true, for Windows compatibility. If this 40 parameter is false, ACL checks require that "traverse" (directory 41 execute) is granted on every directory above the directory the SMB 42 client tries to access. Windows shares are normally setup with the 43 higher level directories not specifically granting such access. 44 45 46 disposition 47 48 A value that controls whether to disconnect the share or proceed if 49 the map command fails. The disposition property only has meaning 50 when the map property has been set. Otherwise it will have no 51 effect. 52 53 disposition = [ continue | terminate ] 54 55 56 57 continue 58 59 Proceed with share connection if the map command fails. This is 60 the default in the event that disposition is not specified. 61 62 63 terminate 64 65 Disconnect the share if the map command fails. 66 67 68 69 ddns_enable 70 71 Enables or disables dynamic DNS updates. A value of true enables 72 dynamic updates, while a value of false disables dynamic updates. 73 By default, the value is false. 74 75 76 encrypt 77 78 Controls SMB3 Encryption. For requests on a particular share, the 79 server's behavior is controlled by the stricter of this option and 80 the per-share "encrypt" option. 81 82 When set to disabled, the server will not ask clients to encrypt 83 requests. When set to enabled, the server will ask clients to 84 encrypt requests, but will not require that they do so. Any message 85 that can be encrypted will be encrypted. When set to required, the 86 server will deny access to or disconnect any client that does not 87 support encryption or fails to encrypt requests that they should. 88 89 In other words, the enabled behavior is that any message that CAN 90 be encrypted SHOULD be encrypted, while the required behavior is 91 that any message that CAN be encrypted MUST be encrypted. 92 93 94 ipv6_enable 95 96 Enables IPv6 Internet protocol support within the CIFS Service. 97 Valid values are true and false. The default value is false. 98 99 100 keep_alive 101 102 Specifies the number of seconds before an idle SMB connection is 103 dropped by the Solaris CIFS server. If set to 0, idle connections 104 are not dropped. Valid values are 0 and from 20 seconds and above. 105 The default value is 0. 106 107 108 lmauth_level 109 110 Specifies the LAN Manager (LM) authentication level. The LM 111 compatibility level controls the type of user authentication to use 112 in workgroup mode or domain mode. The default value is 4. 113 114 The following describes the behavior at each level. 115 116 2 117 In Windows workgroup mode, the Solaris CIFS server 118 accepts LM, NTLM, LMv2, and NTLMv2 requests. In domain 119 mode, the SMB redirector on the Solaris CIFS server 120 sends NTLM requests. 121 122 123 3 124 In Windows workgroup mode, the Solaris CIFS server 125 accepts LM, NTLM, LMv2, and NTLMv2 requests. In domain 126 mode, the SMB redirector on the Solaris CIFS server 127 sends LMv2 and NTLMv2 requests. 128 129 130 4 131 In Windows workgroup mode, the Solaris CIFS server 132 accepts NTLM, LMv2, and NTLMv2 requests. In domain 133 mode, the SMB redirector on the Solaris CIFS server 134 sends LMv2 and NTLMv2 requests. 135 136 137 5 138 In Windows workgroup mode, the Solaris CIFS server 139 accepts LMv2 and NTLMv2 requests. In domain mode, the 140 SMB redirector on the Solaris CIFS server sends LMv2 141 and NTLMv2 requests. 142 143 144 145 map 146 147 The value is a command to be executed when connecting to the share. 148 The command can take the following arguments, which will be 149 substituted when the command is exec'd as described below: 150 151 %U 152 153 Windows username. 154 155 156 %D 157 158 Name of the domain or workgroup of %U. 159 160 161 %h 162 163 The server hostname. 164 165 166 %M 167 168 The client hostname, or "" if not available. 169 170 171 %L 172 173 The server NetBIOS name. 174 175 176 %m 177 178 The client NetBIOS name, or "" if not available. This option is 179 only valid for NetBIOS connections (port 139). 180 181 182 %I 183 184 The IP address of the client machine. 185 186 187 %i 188 189 The local IP address to which the client is connected. 190 191 192 %S 193 194 The name of the share. 195 196 197 %P 198 199 The root directory of the share. 200 201 202 %u 203 204 The UID of the Unix user. 205 206 207 208 max_protocol 209 210 Specifies the maximum SMB protocol level that the SMB service 211 should allow clients to negotiate. The default value is 2.1. 212 Valid settings include: 1, 2.1, 3.0 213 214 215 min_protocol 216 217 Specifies the minimum SMB protocol level that the SMB service 218 should allow clients to negotiate. The default value is 1. Valid 219 settings include: 1, 2.1, 3.0 220 221 222 max_workers 223 224 Specifies the maximum number of worker threads that will be 225 launched to process incoming CIFS requests. The SMB max_mpx value, 226 which indicates to a client the maximum number of outstanding SMB 227 requests that it may have pending on the server, is derived from 228 the max_workers value. To ensure compatibility with older versions 229 of Windows the lower 8-bits of max_mpx must not be zero. If the 230 lower byte of max_workers is zero, 64 is added to the value. Thus 231 the minimum value is 64 and the default value, which appears in 232 sharectl(1M) as 1024, is 1088. 233 234 235 netbios_enable 236 237 Controls whether NetBIOS services are active, including the NetBIOS 238 listener (port 139), NetBIOS datagram service (port 138) and the 239 NetBIOS name service (port 137). The default value is false. 240 241 242 netbios_scope 243 244 Specifies the NetBIOS scope identifier, which identifies logical 245 NetBIOS networks that are on the same physical network. When you 246 specify a NetBIOS scope identifier, the server filters the number 247 of machines that are listed in the browser display to make it 248 easier to find other hosts. The value is a text string that 249 represents a domain name. By default, no value is set. 250 251 252 oplock_enable 253 254 Controls whether "oplocks" may be granted by the SMB server. The 255 term "oplock" is short for "opportunistic lock", which is the 256 legacy name for cache delegations in SMB. By default, oplocks are 257 enabled. Note that if oplocks are disabled, file I/O perfrormance 258 may be severely reduced. 259 260 261 pdc 262 263 Specifies the host name of the preferred domain controller. This 264 property is sometimes used when there are multiple domain 265 controllers to indicate which one is preferred. If the specified 266 domain controller responds, it is chosen even if the other domain 267 controllers are also available. By default, no value is set. 268 269 270 print_enable 271 272 Controls whether the SMB printing service is active. The default 273 value is false. 274 275 276 restrict_anonymous 277 278 Disables anonymous access to IPC$, which requires that the client 279 be authenticated to get access to MSRPC services through IPC$. A 280 value of true disables anonymous access to IPC$, while a value of 281 false enables anonymous access. 282 283 284 signing_enabled 285 286 Enables SMB signing. When signing is enabled but not required it is 287 possible for clients to connect regardless of whether or not the 288 client supports SMB signing. If a packet has been signed, the 289 signature will be verified. If a packet has not been signed it will 290 be accepted without signature verification. Valid values are true 291 and false. The default value is false. 292 293 294 signing_required 295 296 When SMB signing is required, all packets must be signed or they 297 will be rejected, and clients that do not support signing will be 298 unable to connect to the server. The signing_required setting is 299 only taken into account when signing_enabled is true. Valid values 300 are true and false. The default value is false. 301 302 303 304 system_comment 305 306 Specifies an optional description for the system, which is a text 307 string. This property value might appear in various places, such as 308 Network Neighborhood or Network Places on Windows clients. By 309 default, no value is set. 310 311 312 traverse_mounts 313 314 The traverse_mounts setting determines how the SMB server presents 315 sub-mounts underneath an SMB share. When traverse_mounts is true 316 (the default), sub-mounts are presented to SMB clients like any 317 other subdirectory. When traverse_mounts is false, sub-mounts are 318 not shown to SMB clients. 319 320 321 unmap 322 323 The value is a command to be executed when disconnecting the share. 324 The command can take the same substitutions listed on the map 325 property. 326 327 328 wins_exclude 329 330 Specifies a comma-separated list of network interfaces that should 331 not be registered with WINS. NetBIOS host announcements are made on 332 excluded interfaces. 333 334 335 wins_server_1 336 337 Specifies the IP address of the primary WINS server. By default, no 338 value is set. 339 340 341 wins_server_2 342 343 Specifies the IP address of the secondary WINS server. By default, 344 no value is set. 345 346 347 ATTRIBUTES 348 See the attributes(5) man page for descriptions of the following 349 attributes: 350 351 352 353 354 +--------------------+-----------------+ 355 | ATTRIBUTE TYPE | ATTRIBUTE VALUE | 356 +--------------------+-----------------+ 357 |Interface Stability | Uncommitted | 358 +--------------------+-----------------+ 359 360 SEE ALSO 361 sharectl(1M), smbadm(1M), smbd(1M), smbstat(1M), attributes(5), smf(5) 362 363 364 365 April 23, 2015 SMB(4)