1 '\" te 2 .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved. 3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. 4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. 5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] 6 .\" Copyright 2018 Nexenta Systems, Inc. All rights reserved. 7 .TH NSMBRC 4 "May 8, 2018" 8 .SH NAME 9 nsmbrc \- configuration file for Solaris CIFS client requests 10 .SH SYNOPSIS 11 .LP 12 .nf 13 \fB$HOME/.nsmbrc\fR 14 .fi 15 16 .SH DESCRIPTION 17 .sp 18 .LP 19 Global behavior of the Solaris CIFS client is defined by property values that 20 are stored in the Service Management Facility (SMF). The \fB\&.nsmbrc\fR file 21 can be used to customize the behavior of the Solaris CIFS client on a per-user 22 basis. Settings in the \fB$HOME/.nsmbrc\fR file are used unless they have 23 security implications. 24 .sp 25 .LP 26 An authorized user can use the \fBsharectl\fR command to set global values for 27 these properties in SMF. See \fBsharectl\fR(1M). 28 .sp 29 .LP 30 A regular user can change the global values when granted the "SMBFS Management" 31 rights profile in the \fB/user_attr\fR file. See \fBuser_attr\fR(4) and 32 \fBrbac\fR(5). 33 .sp 34 .LP 35 The SMBFS library first reads from SMF and then the \fB$HOME/.nsmbrc\fR file 36 when determining which policy to apply to a particular server, user, or share. 37 \fB$HOME/.nsmbrc\fR entries take precedence with the exception of the 38 \fBminauth\fR property value. For \fBminauth\fR, the strongest authentication 39 level specified is used. Sections are applied so that more specific sections 40 override less specific sections. Not all keywords are valid in all sections. 41 .sp 42 .LP 43 The configuration file is comprised of these four section types. Each section 44 can include zero or more properties and associated values. The sections also 45 have a hierarchical relationship with each other, as shown by the order of the 46 following list: 47 .RS +4 48 .TP 49 .ie t \(bu 50 .el o 51 \fBDefault section.\fR Specifies the default property values to be used by all 52 other sections unless specifically overridden. 53 .sp 54 The section name appears in the \fB\&.nsmbrc\fR file as \fB[default]\fR. 55 .RE 56 .RS +4 57 .TP 58 .ie t \(bu 59 .el o 60 \fBServer section.\fR Specifies the property values to be used by sections that 61 are related to the named server. These property values can be specifically 62 overridden by a related user section or share section. 63 .sp 64 The section name appears in the \fB\&.nsmbrc\fR file as 65 \fB[\fIserver-name\fR]\fR. \fIserver-name\fR must use uppercase characters to 66 match. 67 .RE 68 .RS +4 69 .TP 70 .ie t \(bu 71 .el o 72 \fBUser section.\fR Specifies the property values to be used by sections that 73 are related to the named server and user. These property values can be 74 specifically overridden by a related share section. 75 .sp 76 The section name appears in the \fB\&.nsmbrc\fR as 77 \fB[\fIserver-name\fR:\fIusername\fR]\fR. Both \fIserver-name\fR and 78 \fIusername\fR must use uppercase characters to match. 79 .RE 80 .RS +4 81 .TP 82 .ie t \(bu 83 .el o 84 \fBShare section.\fR Specifies the property values to be used by sections that 85 are related to the named server, user, and share. 86 .sp 87 The section name appears in the \fB\&.nsmbrc\fR as 88 \fB[\fIserver-name\fR:\fIusername\fR:\fIshare-name\fR]\fR. Both 89 \fIserver-name\fR and \fIusername\fR must use uppercase characters to match. 90 .RE 91 .sp 92 .LP 93 The end of each section is marked either by the start of a new section or by an 94 end of file (EOF). 95 .sp 96 .LP 97 The following list describes the properties and states in which sections they 98 can be set: 99 .sp 100 .ne 2 101 .na 102 \fB\fBaddr\fR\fR 103 .ad 104 .sp .6 105 .RS 4n 106 Specifies the DNS name or IP address of the CIFS server. This property can only 107 be set in a server section. If this property is specified, it must specify a 108 value as there is no default. 109 .RE 110 111 .sp 112 .ne 2 113 .na 114 \fB\fBdomain\fR\fR 115 .ad 116 .sp .6 117 .RS 4n 118 Specifies the Windows domain name to use when authenticating with a server. The 119 default value is \fBWORKGROUP\fR. This property can only be set in the default 120 and server sections. 121 .RE 122 123 .sp 124 .ne 2 125 .na 126 \fB\fBminauth\fR\fR 127 .ad 128 .sp .6 129 .RS 4n 130 Is the minimum authentication level required, which can be one of 131 \fBkerberos\fR, \fBntlmv2\fR, \fBntlm\fR, \fBlm\fR, or \fBnone\fR. If 132 \fBminauth\fR is set globally and in a user's \fB\&.nsmbrc\fR file, the 133 stronger authentication setting are used whether set by the user or globally. 134 This property can only be set in the default and server sections. The default 135 value is \fBntlm\fR. 136 .RE 137 138 .sp 139 .ne 2 140 .na 141 \fB\fBmin_protocol\fR\fR 142 .ad 143 .sp .6 144 .RS 4n 145 Is the minimum SMB protocol level that will be negotiated, 146 which must be one of: \fB1\fR, \fB2.1\fR 147 This property can only be set in the default and server sections. 148 The default value is \fB1\fR. 149 .RE 150 151 .sp 152 .ne 2 153 .na 154 \fB\fBmax_protocol\fR\fR 155 .ad 156 .sp .6 157 .RS 4n 158 Is the maximum SMB protocol level that will be negotiated, 159 which must be one of: \fB1\fR, \fB2.1\fR 160 This property can only be set in the default and server sections. 161 The default value is \fB2.1\fR. 162 .RE 163 164 .sp 165 .ne 2 166 .na 167 \fB\fBnbns\fR\fR 168 .ad 169 .sp .6 170 .RS 4n 171 Specifies the DNS name or IP address of the NetBIOS/WINS name server. This 172 property can \fBonly\fR be set by an administrator by using the \fBsharectl\fR 173 command. This property can only be set in the default section. The default 174 value is empty, \fBnbns=""\fR. 175 .RE 176 177 .sp 178 .ne 2 179 .na 180 \fB\fBnbns_broadcast\fR\fR 181 .ad 182 .sp .6 183 .RS 4n 184 Specifies whether to perform NetBIOS/WINS broadcast lookups. Broadcast lookups 185 are less secure than unicast lookups. To prevent broadcast lookups, set the 186 value to \fBno\fR. This property has no effect if the \fBnbns_enable\fR 187 property is set to \fBno\fR or \fBfalse\fR. This property can \fBonly\fR be set 188 by an administrator by using the \fBsharectl\fR command. This property can only 189 be set in the default section. Valid values are \fByes\fR, \fBtrue\fR, 190 \fBno\fR, and \fBfalse\fR. The default value is \fByes\fR. 191 .RE 192 193 .sp 194 .ne 2 195 .na 196 \fB\fBnbns_enable\fR\fR 197 .ad 198 .sp .6 199 .RS 4n 200 Specifies whether to perform NetBIOS/WINS name lookups. To force all lookups to 201 be done through the name service switch (see \fBnsswitch.conf\fR(4)), set the 202 value to \fBno\fR. This property can \fBonly\fR be set by an administrator by 203 using the \fBsharectl\fR command. This property can only be set in the default 204 section. Valid values are \fByes\fR, \fBtrue\fR, \fBno\fR, and \fBfalse\fR. The 205 default value is \fByes\fR. 206 .RE 207 208 .sp 209 .ne 2 210 .na 211 \fB\fBpassword\fR\fR 212 .ad 213 .sp .6 214 .RS 4n 215 Specifies the password to use when authenticating a server. The \fBpassword\fR 216 property value is used as long as the \fB\&.nsmbrc\fR file can \fBonly\fR be 217 read and written by the owner. This property can be set in the default, server, 218 user, and share sections. 219 .sp 220 If you assign the hashed password from the \fBsmbutil crypt\fR command to the 221 \fBpassword\fR property, be sure to escape the special characters in the 222 password. 223 .RE 224 225 .sp 226 .ne 2 227 .na 228 \fB\fBsigning\fR\fR 229 .ad 230 .sp .6 231 .RS 4n 232 Specifies whether communications are digitally signed by SMB security 233 signatures for the Solaris CIFS client. This property can only be set in the 234 default and server sections. Valid values are \fBdisabled\fR, \fBenabled\fR, 235 and \fBrequired\fR. The default value is \fBdisabled\fR. 236 .sp 237 When set to \fBdisabled\fR, the client permits the use of SMB security 238 signatures only if the server requires signing. In such an instance, the 239 Solaris CIFS client ignores local property values. 240 .sp 241 When set to \fBenabled\fR, the client permits, but does not require, the use of 242 SMB security signatures. 243 .sp 244 When set to \fBrequired\fR, the client requires the use of SMB security 245 signatures. So, if SMB security signatures are disabled on a CIFS server and a 246 client has signing required, the client cannot connect to that server. 247 .RE 248 249 .sp 250 .ne 2 251 .na 252 \fB\fBtimeout\fR\fR 253 .ad 254 .sp .6 255 .RS 4n 256 Specifies the CIFS request timeout. By default, the timeout is 15 seconds. This 257 property can only be set in the default, server, and share sections. 258 .RE 259 260 .sp 261 .ne 2 262 .na 263 \fB\fBuser\fR\fR 264 .ad 265 .sp .6 266 .RS 4n 267 Specifies the user name to use when authenticating a server. The default value 268 is the Solaris account name of the user performing the authentication. This 269 property can only be set in the default and server sections. 270 .RE 271 272 .sp 273 .ne 2 274 .na 275 \fB\fBworkgroup\fR\fR 276 .ad 277 .sp .6 278 .RS 4n 279 Is supported for compatibility purposes and is a synonym for the \fBdomain\fR 280 property. Use the \fBdomain\fR property instead. 281 .RE 282 283 .SH EXAMPLES 284 .sp 285 .LP 286 The examples in this section show how to use the \fB\&.nsmbrc\fR file and the 287 \fBsmbutil\fR command to configure the \fBex.com\fR environment. 288 .sp 289 .LP 290 The \fBex.com\fR environment is described by means of these sections and 291 settings: 292 .RS +4 293 .TP 294 .ie t \(bu 295 .el o 296 The \fBdefault\fR section describes the default domain, which is called 297 \fBMYDOMAIN\fR, and sets a default user of \fBMYUSER\fR. These default settings 298 are inherited by other sections unless property values are overridden. 299 .RE 300 .RS +4 301 .TP 302 .ie t \(bu 303 .el o 304 \fBFSERVER\fR is a server section that defines a server called 305 \fBfserv.ex.com\fR. It is part of the \fBSALES\fR domain. 306 .RE 307 .RS +4 308 .TP 309 .ie t \(bu 310 .el o 311 \fBRSERVER\fR is a server section that defines a server called 312 \fBrserv.ex.com\fR that belongs to a new domain called \fBREMGROUP\fR. 313 .RE 314 .LP 315 \fBExample 1 \fRUsing the \fB$HOME/.nsmbrc\fR Configuration File 316 .sp 317 .LP 318 The following example shows how a user can configure the \fBex.com\fR 319 environment by creating the \fB\&.nsmbrc\fR file. 320 321 .sp 322 .LP 323 All lines that begin with the \fB#\fR character are comments and are not 324 parsed. 325 326 .sp 327 .in +2 328 .nf 329 # Configuration file for ex.com 330 # Specify the Windows account name to use everywhere. 331 [default] 332 domain=MYDOMAIN 333 user=MYUSER 334 335 # The 'FSERVER' is server in our domain. 336 [FSERVER] 337 addr=fserv.ex.com 338 339 # The 'RSERVER' is a server in another domain. 340 [RSERVER] 341 domain=REMGROUP 342 addr=rserv.ex.com 343 .fi 344 .in -2 345 346 .LP 347 \fBExample 2 \fRUsing the \fBsharectl\fR Command 348 .sp 349 .LP 350 The following example shows how an authorized user can use \fBsharectl\fR 351 commands to configure global settings for the \fBex.com\fR environment in SMF. 352 353 .sp 354 .in +2 355 .nf 356 # \fBsharectl set -p section=default -p domain=MYDOMAIN \e 357 -p user=MYUSER smbfs\fR 358 # \fBsharectl set -p section=FSERVER -p addr=fserv.ex.com smbfs\fR 359 # \fBsharectl set -p section=RSERVER -p domain=REMGROUP \e 360 -p addr=rserv.ex.com smbfs\fR 361 .fi 362 .in -2 363 .sp 364 365 .LP 366 \fBExample 3 \fRUsing the \fBsharectl\fR Command to Show Current Settings 367 .sp 368 .LP 369 The following example shows how an authorized user can use the \fBsharectl 370 get\fR command to view the global settings for \fBsmbfs\fR in SMF. The values 371 shown are those set by the previous example. 372 373 .sp 374 .in +2 375 .nf 376 # \fBsharectl get smbfs\fR 377 [default] 378 domain=MYDOMAIN 379 user=MYUSER 380 [FSERVER] 381 addr=fserv.ex.com 382 [RSERVER] 383 domain=REMGROUP 384 addr=rserv.ex.com 385 .fi 386 .in -2 387 .sp 388 389 .SH FILES 390 .sp 391 .ne 2 392 .na 393 \fB\fB$HOME/.nsmbrc\fR\fR 394 .ad 395 .sp .6 396 .RS 4n 397 User-settable mount point configuration file to store the description for each 398 connection. 399 .RE 400 401 .SH ATTRIBUTES 402 .sp 403 .LP 404 See \fBattributes\fR(5) for descriptions of the following attributes: 405 .sp 406 407 .sp 408 .TS 409 box; 410 c | c 411 l | l . 412 ATTRIBUTE TYPE ATTRIBUTE VALUE 413 _ 414 Interface Stability Committed 415 .TE 416 417 .SH SEE ALSO 418 .sp 419 .LP 420 \fBsmbutil\fR(1), \fBmount_smbfs\fR(1M), \fBsharectl\fR(1M), 421 \fBnsswitch.conf\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5), \fBrbac\fR(5), 422 \fBsmbfs\fR(7FS) 423 .SH NOTES 424 .sp 425 .LP 426 By default, passwords stored in the \fB\&.nsmbrc\fR file are ignored unless 427 \fBonly\fR the file owner has read and write permission.