Print this page
NEX-14666 Need to provide SMB 2.1 Client
NEX-17187 panic in smbfs_acl_store
NEX-17231 smbfs create xattr files finds wrong file
NEX-17224 smbfs lookup EINVAL should be ENOENT
NEX-17260 SMB1 client fails to list directory after NEX-14666
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Joyce McIntosh <joyce.mcintosh@nexenta.com>
and: (cleanup)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man4/nsmbrc.4.man.txt
+++ new/usr/src/man/man4/nsmbrc.4.man.txt
1 1 NSMBRC(4) File Formats and Configurations NSMBRC(4)
2 2
3 3
4 4
5 5 NAME
6 6 nsmbrc - configuration file for Solaris CIFS client requests
7 7
8 8 SYNOPSIS
9 9 $HOME/.nsmbrc
10 10
11 11
12 12 DESCRIPTION
13 13 Global behavior of the Solaris CIFS client is defined by property
14 14 values that are stored in the Service Management Facility (SMF). The
15 15 .nsmbrc file can be used to customize the behavior of the Solaris CIFS
16 16 client on a per-user basis. Settings in the $HOME/.nsmbrc file are used
17 17 unless they have security implications.
18 18
19 19
20 20 An authorized user can use the sharectl command to set global values
21 21 for these properties in SMF. See sharectl(1M).
22 22
23 23
24 24 A regular user can change the global values when granted the "SMBFS
25 25 Management" rights profile in the /user_attr file. See user_attr(4) and
26 26 rbac(5).
27 27
28 28
29 29 The SMBFS library first reads from SMF and then the $HOME/.nsmbrc file
30 30 when determining which policy to apply to a particular server, user, or
31 31 share. $HOME/.nsmbrc entries take precedence with the exception of the
32 32 minauth property value. For minauth, the strongest authentication level
33 33 specified is used. Sections are applied so that more specific sections
34 34 override less specific sections. Not all keywords are valid in all
35 35 sections.
36 36
37 37
38 38 The configuration file is comprised of these four section types. Each
39 39 section can include zero or more properties and associated values. The
40 40 sections also have a hierarchical relationship with each other, as
41 41 shown by the order of the following list:
42 42
43 43 o Default section. Specifies the default property values to be
44 44 used by all other sections unless specifically overridden.
45 45
46 46 The section name appears in the .nsmbrc file as [default].
47 47
48 48 o Server section. Specifies the property values to be used by
49 49 sections that are related to the named server. These
50 50 property values can be specifically overridden by a related
51 51 user section or share section.
52 52
53 53 The section name appears in the .nsmbrc file as [server-
54 54 name]. server-name must use uppercase characters to match.
55 55
56 56 o User section. Specifies the property values to be used by
57 57 sections that are related to the named server and user.
58 58 These property values can be specifically overridden by a
59 59 related share section.
60 60
61 61 The section name appears in the .nsmbrc as [server-
62 62 name:username]. Both server-name and username must use
63 63 uppercase characters to match.
64 64
65 65 o Share section. Specifies the property values to be used by
66 66 sections that are related to the named server, user, and
67 67 share.
68 68
69 69 The section name appears in the .nsmbrc as [server-
70 70 name:username:share-name]. Both server-name and username
71 71 must use uppercase characters to match.
72 72
73 73
74 74 The end of each section is marked either by the start of a new section
75 75 or by an end of file (EOF).
76 76
77 77
78 78 The following list describes the properties and states in which
79 79 sections they can be set:
80 80
81 81 addr
82 82
83 83 Specifies the DNS name or IP address of the CIFS server. This
84 84 property can only be set in a server section. If this property is
85 85 specified, it must specify a value as there is no default.
86 86
87 87
88 88 domain
89 89
90 90 Specifies the Windows domain name to use when authenticating with a
91 91 server. The default value is WORKGROUP. This property can only be
92 92 set in the default and server sections.
93 93
94 94
|
↓ open down ↓ |
94 lines elided |
↑ open up ↑ |
95 95 minauth
96 96
97 97 Is the minimum authentication level required, which can be one of
98 98 kerberos, ntlmv2, ntlm, lm, or none. If minauth is set globally and
99 99 in a user's .nsmbrc file, the stronger authentication setting are
100 100 used whether set by the user or globally. This property can only
101 101 be set in the default and server sections. The default value is
102 102 ntlm.
103 103
104 104
105 + min_protocol
106 +
107 + Is the minimum SMB protocol level that will be negotiated, which
108 + must be one of: 1, 2.1 This property can only be set in the default
109 + and server sections. The default value is 1.
110 +
111 +
112 + max_protocol
113 +
114 + Is the maximum SMB protocol level that will be negotiated, which
115 + must be one of: 1, 2.1 This property can only be set in the default
116 + and server sections. The default value is 2.1.
117 +
118 +
105 119 nbns
106 120
107 121 Specifies the DNS name or IP address of the NetBIOS/WINS name
108 122 server. This property can only be set by an administrator by using
109 123 the sharectl command. This property can only be set in the default
110 124 section. The default value is empty, nbns="".
111 125
112 126
113 127 nbns_broadcast
114 128
115 129 Specifies whether to perform NetBIOS/WINS broadcast lookups.
116 130 Broadcast lookups are less secure than unicast lookups. To prevent
117 131 broadcast lookups, set the value to no. This property has no effect
118 132 if the nbns_enable property is set to no or false. This property
119 133 can only be set by an administrator by using the sharectl command.
120 134 This property can only be set in the default section. Valid values
121 135 are yes, true, no, and false. The default value is yes.
122 136
123 137
124 138 nbns_enable
125 139
126 140 Specifies whether to perform NetBIOS/WINS name lookups. To force
127 141 all lookups to be done through the name service switch (see
128 142 nsswitch.conf(4)), set the value to no. This property can only be
129 143 set by an administrator by using the sharectl command. This
130 144 property can only be set in the default section. Valid values are
131 145 yes, true, no, and false. The default value is yes.
132 146
133 147
134 148 password
135 149
136 150 Specifies the password to use when authenticating a server. The
137 151 password property value is used as long as the .nsmbrc file can
138 152 only be read and written by the owner. This property can be set in
139 153 the default, server, user, and share sections.
140 154
141 155 If you assign the hashed password from the smbutil crypt command to
142 156 the password property, be sure to escape the special characters in
143 157 the password.
144 158
145 159
146 160 signing
147 161
148 162 Specifies whether communications are digitally signed by SMB
149 163 security signatures for the Solaris CIFS client. This property can
150 164 only be set in the default and server sections. Valid values are
151 165 disabled, enabled, and required. The default value is disabled.
152 166
153 167 When set to disabled, the client permits the use of SMB security
154 168 signatures only if the server requires signing. In such an
155 169 instance, the Solaris CIFS client ignores local property values.
156 170
157 171 When set to enabled, the client permits, but does not require, the
158 172 use of SMB security signatures.
159 173
160 174 When set to required, the client requires the use of SMB security
161 175 signatures. So, if SMB security signatures are disabled on a CIFS
162 176 server and a client has signing required, the client cannot connect
163 177 to that server.
164 178
165 179
166 180 timeout
167 181
168 182 Specifies the CIFS request timeout. By default, the timeout is 15
169 183 seconds. This property can only be set in the default, server, and
170 184 share sections.
171 185
172 186
173 187 user
174 188
175 189 Specifies the user name to use when authenticating a server. The
176 190 default value is the Solaris account name of the user performing
177 191 the authentication. This property can only be set in the default
178 192 and server sections.
179 193
180 194
181 195 workgroup
182 196
183 197 Is supported for compatibility purposes and is a synonym for the
184 198 domain property. Use the domain property instead.
185 199
186 200
187 201 EXAMPLES
188 202 The examples in this section show how to use the .nsmbrc file and the
189 203 smbutil command to configure the ex.com environment.
190 204
191 205
192 206 The ex.com environment is described by means of these sections and
193 207 settings:
194 208
195 209 o The default section describes the default domain, which is
196 210 called MYDOMAIN, and sets a default user of MYUSER. These
197 211 default settings are inherited by other sections unless
198 212 property values are overridden.
199 213
200 214 o FSERVER is a server section that defines a server called
201 215 fserv.ex.com. It is part of the SALES domain.
202 216
203 217 o RSERVER is a server section that defines a server called
204 218 rserv.ex.com that belongs to a new domain called REMGROUP.
205 219
206 220 Example 1 Using the $HOME/.nsmbrc Configuration File
207 221
208 222
209 223 The following example shows how a user can configure the ex.com
210 224 environment by creating the .nsmbrc file.
211 225
212 226
213 227
214 228 All lines that begin with the # character are comments and are not
215 229 parsed.
216 230
217 231
218 232 # Configuration file for ex.com
219 233 # Specify the Windows account name to use everywhere.
220 234 [default]
221 235 domain=MYDOMAIN
222 236 user=MYUSER
223 237
224 238 # The 'FSERVER' is server in our domain.
225 239 [FSERVER]
226 240 addr=fserv.ex.com
227 241
228 242 # The 'RSERVER' is a server in another domain.
229 243 [RSERVER]
230 244 domain=REMGROUP
231 245 addr=rserv.ex.com
232 246
233 247
234 248 Example 2 Using the sharectl Command
235 249
236 250
237 251 The following example shows how an authorized user can use sharectl
238 252 commands to configure global settings for the ex.com environment in
239 253 SMF.
240 254
241 255
242 256 # sharectl set -p section=default -p domain=MYDOMAIN \
243 257 -p user=MYUSER smbfs
244 258 # sharectl set -p section=FSERVER -p addr=fserv.ex.com smbfs
245 259 # sharectl set -p section=RSERVER -p domain=REMGROUP \
246 260 -p addr=rserv.ex.com smbfs
247 261
248 262
249 263
250 264 Example 3 Using the sharectl Command to Show Current Settings
251 265
252 266
253 267 The following example shows how an authorized user can use the sharectl
254 268 get command to view the global settings for smbfs in SMF. The values
255 269 shown are those set by the previous example.
256 270
257 271
258 272 # sharectl get smbfs
259 273 [default]
260 274 domain=MYDOMAIN
261 275 user=MYUSER
262 276 [FSERVER]
263 277 addr=fserv.ex.com
264 278 [RSERVER]
265 279 domain=REMGROUP
266 280 addr=rserv.ex.com
267 281
268 282
269 283
270 284 FILES
271 285 $HOME/.nsmbrc
272 286
273 287 User-settable mount point configuration file to store the
274 288 description for each connection.
275 289
276 290
277 291 ATTRIBUTES
278 292 See attributes(5) for descriptions of the following attributes:
279 293
280 294
281 295
282 296
283 297 +--------------------+-----------------+
284 298 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
285 299 +--------------------+-----------------+
286 300 |Interface Stability | Committed |
287 301 +--------------------+-----------------+
288 302
|
↓ open down ↓ |
174 lines elided |
↑ open up ↑ |
289 303 SEE ALSO
290 304 smbutil(1), mount_smbfs(1M), sharectl(1M), nsswitch.conf(4),
291 305 user_attr(4), attributes(5), rbac(5), smbfs(7FS)
292 306
293 307 NOTES
294 308 By default, passwords stored in the .nsmbrc file are ignored unless
295 309 only the file owner has read and write permission.
296 310
297 311
298 312
299 - December 8, 2008 NSMBRC(4)
313 + May 8, 2018 NSMBRC(4)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX