1 '\" te 2 .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved. 3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. 4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. 5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] 6 .TH NSMBRC 4 "Dec 8, 2008" 7 .SH NAME 8 nsmbrc \- configuration file for Solaris CIFS client requests 9 .SH SYNOPSIS 10 .LP 11 .nf 12 \fB$HOME/.nsmbrc\fR 13 .fi 14 15 .SH DESCRIPTION 16 .sp 17 .LP 18 Global behavior of the Solaris CIFS client is defined by property values that 19 are stored in the Service Management Facility (SMF). The \fB\&.nsmbrc\fR file 20 can be used to customize the behavior of the Solaris CIFS client on a per-user 21 basis. Settings in the \fB$HOME/.nsmbrc\fR file are used unless they have 22 security implications. 23 .sp 24 .LP 25 An authorized user can use the \fBsharectl\fR command to set global values for 26 these properties in SMF. See \fBsharectl\fR(1M). 27 .sp 28 .LP 29 A regular user can change the global values when granted the "SMBFS Management" 30 rights profile in the \fB/user_attr\fR file. See \fBuser_attr\fR(4) and 31 \fBrbac\fR(5). 32 .sp 33 .LP 34 The SMBFS library first reads from SMF and then the \fB$HOME/.nsmbrc\fR file 35 when determining which policy to apply to a particular server, user, or share. 36 \fB$HOME/.nsmbrc\fR entries take precedence with the exception of the 37 \fBminauth\fR property value. For \fBminauth\fR, the strongest authentication 38 level specified is used. Sections are applied so that more specific sections 39 override less specific sections. Not all keywords are valid in all sections. 40 .sp 41 .LP 42 The configuration file is comprised of these four section types. Each section 43 can include zero or more properties and associated values. The sections also 44 have a hierarchical relationship with each other, as shown by the order of the 45 following list: 46 .RS +4 47 .TP 48 .ie t \(bu 49 .el o 50 \fBDefault section.\fR Specifies the default property values to be used by all 51 other sections unless specifically overridden. 52 .sp 53 The section name appears in the \fB\&.nsmbrc\fR file as \fB[default]\fR. 54 .RE 55 .RS +4 56 .TP 57 .ie t \(bu 58 .el o 59 \fBServer section.\fR Specifies the property values to be used by sections that 60 are related to the named server. These property values can be specifically 61 overridden by a related user section or share section. 62 .sp 63 The section name appears in the \fB\&.nsmbrc\fR file as 64 \fB[\fIserver-name\fR]\fR. \fIserver-name\fR must use uppercase characters to 65 match. 66 .RE 67 .RS +4 68 .TP 69 .ie t \(bu 70 .el o 71 \fBUser section.\fR Specifies the property values to be used by sections that 72 are related to the named server and user. These property values can be 73 specifically overridden by a related share section. 74 .sp 75 The section name appears in the \fB\&.nsmbrc\fR as 76 \fB[\fIserver-name\fR:\fIusername\fR]\fR. Both \fIserver-name\fR and 77 \fIusername\fR must use uppercase characters to match. 78 .RE 79 .RS +4 80 .TP 81 .ie t \(bu 82 .el o 83 \fBShare section.\fR Specifies the property values to be used by sections that 84 are related to the named server, user, and share. 85 .sp 86 The section name appears in the \fB\&.nsmbrc\fR as 87 \fB[\fIserver-name\fR:\fIusername\fR:\fIshare-name\fR]\fR. Both 88 \fIserver-name\fR and \fIusername\fR must use uppercase characters to match. 89 .RE 90 .sp 91 .LP 92 The end of each section is marked either by the start of a new section or by an 93 end of file (EOF). 94 .sp 95 .LP 96 The following list describes the properties and states in which sections they 97 can be set: 98 .sp 99 .ne 2 100 .na 101 \fB\fBaddr\fR\fR 102 .ad 103 .sp .6 104 .RS 4n 105 Specifies the DNS name or IP address of the CIFS server. This property can only 106 be set in a server section. If this property is specified, it must specify a 107 value as there is no default. 108 .RE 109 110 .sp 111 .ne 2 112 .na 113 \fB\fBdomain\fR\fR 114 .ad 115 .sp .6 116 .RS 4n 117 Specifies the Windows domain name to use when authenticating with a server. The 118 default value is \fBWORKGROUP\fR. This property can only be set in the default 119 and server sections. 120 .RE 121 122 .sp 123 .ne 2 124 .na 125 \fB\fBminauth\fR\fR 126 .ad 127 .sp .6 128 .RS 4n 129 Is the minimum authentication level required, which can be one of 130 \fBkerberos\fR, \fBntlmv2\fR, \fBntlm\fR, \fBlm\fR, or \fBnone\fR. If 131 \fBminauth\fR is set globally and in a user's \fB\&.nsmbrc\fR file, the 132 stronger authentication setting are used whether set by the user or globally. 133 This property can only be set in the default and server sections. The default 134 value is \fBntlm\fR. 135 .RE 136 137 .sp 138 .ne 2 139 .na 140 \fB\fBnbns\fR\fR 141 .ad 142 .sp .6 143 .RS 4n 144 Specifies the DNS name or IP address of the NetBIOS/WINS name server. This 145 property can \fBonly\fR be set by an administrator by using the \fBsharectl\fR 146 command. This property can only be set in the default section. The default 147 value is empty, \fBnbns=""\fR. 148 .RE 149 150 .sp 151 .ne 2 152 .na 153 \fB\fBnbns_broadcast\fR\fR 154 .ad 155 .sp .6 156 .RS 4n 157 Specifies whether to perform NetBIOS/WINS broadcast lookups. Broadcast lookups 158 are less secure than unicast lookups. To prevent broadcast lookups, set the 159 value to \fBno\fR. This property has no effect if the \fBnbns_enable\fR 160 property is set to \fBno\fR or \fBfalse\fR. This property can \fBonly\fR be set 161 by an administrator by using the \fBsharectl\fR command. This property can only 162 be set in the default section. Valid values are \fByes\fR, \fBtrue\fR, 163 \fBno\fR, and \fBfalse\fR. The default value is \fByes\fR. 164 .RE 165 166 .sp 167 .ne 2 168 .na 169 \fB\fBnbns_enable\fR\fR 170 .ad 171 .sp .6 172 .RS 4n 173 Specifies whether to perform NetBIOS/WINS name lookups. To force all lookups to 174 be done through the name service switch (see \fBnsswitch.conf\fR(4)), set the 175 value to \fBno\fR. This property can \fBonly\fR be set by an administrator by 176 using the \fBsharectl\fR command. This property can only be set in the default 177 section. Valid values are \fByes\fR, \fBtrue\fR, \fBno\fR, and \fBfalse\fR. The 178 default value is \fByes\fR. 179 .RE 180 181 .sp 182 .ne 2 183 .na 184 \fB\fBpassword\fR\fR 185 .ad 186 .sp .6 187 .RS 4n 188 Specifies the password to use when authenticating a server. The \fBpassword\fR 189 property value is used as long as the \fB\&.nsmbrc\fR file can \fBonly\fR be 190 read and written by the owner. This property can be set in the default, server, 191 user, and share sections. 192 .sp 193 If you assign the hashed password from the \fBsmbutil crypt\fR command to the 194 \fBpassword\fR property, be sure to escape the special characters in the 195 password. 196 .RE 197 198 .sp 199 .ne 2 200 .na 201 \fB\fBsigning\fR\fR 202 .ad 203 .sp .6 204 .RS 4n 205 Specifies whether communications are digitally signed by SMB security 206 signatures for the Solaris CIFS client. This property can only be set in the 207 default and server sections. Valid values are \fBdisabled\fR, \fBenabled\fR, 208 and \fBrequired\fR. The default value is \fBdisabled\fR. 209 .sp 210 When set to \fBdisabled\fR, the client permits the use of SMB security 211 signatures only if the server requires signing. In such an instance, the 212 Solaris CIFS client ignores local property values. 213 .sp 214 When set to \fBenabled\fR, the client permits, but does not require, the use of 215 SMB security signatures. 216 .sp 217 When set to \fBrequired\fR, the client requires the use of SMB security 218 signatures. So, if SMB security signatures are disabled on a CIFS server and a 219 client has signing required, the client cannot connect to that server. 220 .RE 221 222 .sp 223 .ne 2 224 .na 225 \fB\fBtimeout\fR\fR 226 .ad 227 .sp .6 228 .RS 4n 229 Specifies the CIFS request timeout. By default, the timeout is 15 seconds. This 230 property can only be set in the default, server, and share sections. 231 .RE 232 233 .sp 234 .ne 2 235 .na 236 \fB\fBuser\fR\fR 237 .ad 238 .sp .6 239 .RS 4n 240 Specifies the user name to use when authenticating a server. The default value 241 is the Solaris account name of the user performing the authentication. This 242 property can only be set in the default and server sections. 243 .RE 244 245 .sp 246 .ne 2 247 .na 248 \fB\fBworkgroup\fR\fR 249 .ad 250 .sp .6 251 .RS 4n 252 Is supported for compatibility purposes and is a synonym for the \fBdomain\fR 253 property. Use the \fBdomain\fR property instead. 254 .RE 255 256 .SH EXAMPLES 257 .sp 258 .LP 259 The examples in this section show how to use the \fB\&.nsmbrc\fR file and the 260 \fBsmbutil\fR command to configure the \fBex.com\fR environment. 261 .sp 262 .LP 263 The \fBex.com\fR environment is described by means of these sections and 264 settings: 265 .RS +4 266 .TP 267 .ie t \(bu 268 .el o 269 The \fBdefault\fR section describes the default domain, which is called 270 \fBMYDOMAIN\fR, and sets a default user of \fBMYUSER\fR. These default settings 271 are inherited by other sections unless property values are overridden. 272 .RE 273 .RS +4 274 .TP 275 .ie t \(bu 276 .el o 277 \fBFSERVER\fR is a server section that defines a server called 278 \fBfserv.ex.com\fR. It is part of the \fBSALES\fR domain. 279 .RE 280 .RS +4 281 .TP 282 .ie t \(bu 283 .el o 284 \fBRSERVER\fR is a server section that defines a server called 285 \fBrserv.ex.com\fR that belongs to a new domain called \fBREMGROUP\fR. 286 .RE 287 .LP 288 \fBExample 1 \fRUsing the \fB$HOME/.nsmbrc\fR Configuration File 289 .sp 290 .LP 291 The following example shows how a user can configure the \fBex.com\fR 292 environment by creating the \fB\&.nsmbrc\fR file. 293 294 .sp 295 .LP 296 All lines that begin with the \fB#\fR character are comments and are not 297 parsed. 298 299 .sp 300 .in +2 301 .nf 302 # Configuration file for ex.com 303 # Specify the Windows account name to use everywhere. 304 [default] 305 domain=MYDOMAIN 306 user=MYUSER 307 308 # The 'FSERVER' is server in our domain. 309 [FSERVER] 310 addr=fserv.ex.com 311 312 # The 'RSERVER' is a server in another domain. 313 [RSERVER] 314 domain=REMGROUP 315 addr=rserv.ex.com 316 .fi 317 .in -2 318 319 .LP 320 \fBExample 2 \fRUsing the \fBsharectl\fR Command 321 .sp 322 .LP 323 The following example shows how an authorized user can use \fBsharectl\fR 324 commands to configure global settings for the \fBex.com\fR environment in SMF. 325 326 .sp 327 .in +2 328 .nf 329 # \fBsharectl set -p section=default -p domain=MYDOMAIN \e 330 -p user=MYUSER smbfs\fR 331 # \fBsharectl set -p section=FSERVER -p addr=fserv.ex.com smbfs\fR 332 # \fBsharectl set -p section=RSERVER -p domain=REMGROUP \e 333 -p addr=rserv.ex.com smbfs\fR 334 .fi 335 .in -2 336 .sp 337 338 .LP 339 \fBExample 3 \fRUsing the \fBsharectl\fR Command to Show Current Settings 340 .sp 341 .LP 342 The following example shows how an authorized user can use the \fBsharectl 343 get\fR command to view the global settings for \fBsmbfs\fR in SMF. The values 344 shown are those set by the previous example. 345 346 .sp 347 .in +2 348 .nf 349 # \fBsharectl get smbfs\fR 350 [default] 351 domain=MYDOMAIN 352 user=MYUSER 353 [FSERVER] 354 addr=fserv.ex.com 355 [RSERVER] 356 domain=REMGROUP 357 addr=rserv.ex.com 358 .fi 359 .in -2 360 .sp 361 362 .SH FILES 363 .sp 364 .ne 2 365 .na 366 \fB\fB$HOME/.nsmbrc\fR\fR 367 .ad 368 .sp .6 369 .RS 4n 370 User-settable mount point configuration file to store the description for each 371 connection. 372 .RE 373 374 .SH ATTRIBUTES 375 .sp 376 .LP 377 See \fBattributes\fR(5) for descriptions of the following attributes: 378 .sp 379 380 .sp 381 .TS 382 box; 383 c | c 384 l | l . 385 ATTRIBUTE TYPE ATTRIBUTE VALUE 386 _ 387 Interface Stability Committed 388 .TE 389 390 .SH SEE ALSO 391 .sp 392 .LP 393 \fBsmbutil\fR(1), \fBmount_smbfs\fR(1M), \fBsharectl\fR(1M), 394 \fBnsswitch.conf\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5), \fBrbac\fR(5), 395 \fBsmbfs\fR(7FS) 396 .SH NOTES 397 .sp 398 .LP 399 By default, passwords stored in the \fB\&.nsmbrc\fR file are ignored unless 400 \fBonly\fR the file owner has read and write permission.