Print this page
NEX-14666 Need to provide SMB 2.1 Client
NEX-17187 panic in smbfs_acl_store
NEX-17231 smbfs create xattr files finds wrong file
NEX-17224 smbfs lookup EINVAL should be ENOENT
NEX-17260 SMB1 client fails to list directory after NEX-14666
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Joyce McIntosh <joyce.mcintosh@nexenta.com>
and: (cleanup)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man4/nsmbrc.4
+++ new/usr/src/man/man4/nsmbrc.4
1 1 '\" te
2 2 .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved.
3 3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
4 4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
5 5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 -.TH NSMBRC 4 "Dec 8, 2008"
6 +.\" Copyright 2018 Nexenta Systems, Inc. All rights reserved.
7 +.TH NSMBRC 4 "May 8, 2018"
7 8 .SH NAME
8 9 nsmbrc \- configuration file for Solaris CIFS client requests
9 10 .SH SYNOPSIS
10 11 .LP
11 12 .nf
12 13 \fB$HOME/.nsmbrc\fR
13 14 .fi
14 15
15 16 .SH DESCRIPTION
16 17 .sp
17 18 .LP
18 19 Global behavior of the Solaris CIFS client is defined by property values that
19 20 are stored in the Service Management Facility (SMF). The \fB\&.nsmbrc\fR file
20 21 can be used to customize the behavior of the Solaris CIFS client on a per-user
21 22 basis. Settings in the \fB$HOME/.nsmbrc\fR file are used unless they have
22 23 security implications.
23 24 .sp
24 25 .LP
25 26 An authorized user can use the \fBsharectl\fR command to set global values for
26 27 these properties in SMF. See \fBsharectl\fR(1M).
27 28 .sp
28 29 .LP
29 30 A regular user can change the global values when granted the "SMBFS Management"
30 31 rights profile in the \fB/user_attr\fR file. See \fBuser_attr\fR(4) and
31 32 \fBrbac\fR(5).
32 33 .sp
33 34 .LP
34 35 The SMBFS library first reads from SMF and then the \fB$HOME/.nsmbrc\fR file
35 36 when determining which policy to apply to a particular server, user, or share.
36 37 \fB$HOME/.nsmbrc\fR entries take precedence with the exception of the
37 38 \fBminauth\fR property value. For \fBminauth\fR, the strongest authentication
38 39 level specified is used. Sections are applied so that more specific sections
39 40 override less specific sections. Not all keywords are valid in all sections.
40 41 .sp
41 42 .LP
42 43 The configuration file is comprised of these four section types. Each section
43 44 can include zero or more properties and associated values. The sections also
44 45 have a hierarchical relationship with each other, as shown by the order of the
45 46 following list:
46 47 .RS +4
47 48 .TP
48 49 .ie t \(bu
49 50 .el o
50 51 \fBDefault section.\fR Specifies the default property values to be used by all
51 52 other sections unless specifically overridden.
52 53 .sp
53 54 The section name appears in the \fB\&.nsmbrc\fR file as \fB[default]\fR.
54 55 .RE
55 56 .RS +4
56 57 .TP
57 58 .ie t \(bu
58 59 .el o
59 60 \fBServer section.\fR Specifies the property values to be used by sections that
60 61 are related to the named server. These property values can be specifically
61 62 overridden by a related user section or share section.
62 63 .sp
63 64 The section name appears in the \fB\&.nsmbrc\fR file as
64 65 \fB[\fIserver-name\fR]\fR. \fIserver-name\fR must use uppercase characters to
65 66 match.
66 67 .RE
67 68 .RS +4
68 69 .TP
69 70 .ie t \(bu
70 71 .el o
71 72 \fBUser section.\fR Specifies the property values to be used by sections that
72 73 are related to the named server and user. These property values can be
73 74 specifically overridden by a related share section.
74 75 .sp
75 76 The section name appears in the \fB\&.nsmbrc\fR as
76 77 \fB[\fIserver-name\fR:\fIusername\fR]\fR. Both \fIserver-name\fR and
77 78 \fIusername\fR must use uppercase characters to match.
78 79 .RE
79 80 .RS +4
80 81 .TP
81 82 .ie t \(bu
82 83 .el o
83 84 \fBShare section.\fR Specifies the property values to be used by sections that
84 85 are related to the named server, user, and share.
85 86 .sp
86 87 The section name appears in the \fB\&.nsmbrc\fR as
87 88 \fB[\fIserver-name\fR:\fIusername\fR:\fIshare-name\fR]\fR. Both
88 89 \fIserver-name\fR and \fIusername\fR must use uppercase characters to match.
89 90 .RE
90 91 .sp
91 92 .LP
92 93 The end of each section is marked either by the start of a new section or by an
93 94 end of file (EOF).
94 95 .sp
95 96 .LP
96 97 The following list describes the properties and states in which sections they
97 98 can be set:
98 99 .sp
99 100 .ne 2
100 101 .na
101 102 \fB\fBaddr\fR\fR
102 103 .ad
103 104 .sp .6
104 105 .RS 4n
105 106 Specifies the DNS name or IP address of the CIFS server. This property can only
106 107 be set in a server section. If this property is specified, it must specify a
107 108 value as there is no default.
108 109 .RE
109 110
110 111 .sp
111 112 .ne 2
112 113 .na
113 114 \fB\fBdomain\fR\fR
114 115 .ad
115 116 .sp .6
116 117 .RS 4n
117 118 Specifies the Windows domain name to use when authenticating with a server. The
118 119 default value is \fBWORKGROUP\fR. This property can only be set in the default
119 120 and server sections.
120 121 .RE
121 122
122 123 .sp
123 124 .ne 2
124 125 .na
125 126 \fB\fBminauth\fR\fR
126 127 .ad
|
↓ open down ↓ |
110 lines elided |
↑ open up ↑ |
127 128 .sp .6
128 129 .RS 4n
129 130 Is the minimum authentication level required, which can be one of
130 131 \fBkerberos\fR, \fBntlmv2\fR, \fBntlm\fR, \fBlm\fR, or \fBnone\fR. If
131 132 \fBminauth\fR is set globally and in a user's \fB\&.nsmbrc\fR file, the
132 133 stronger authentication setting are used whether set by the user or globally.
133 134 This property can only be set in the default and server sections. The default
134 135 value is \fBntlm\fR.
135 136 .RE
136 137
138 +.sp
139 +.ne 2
140 +.na
141 +\fB\fBmin_protocol\fR\fR
142 +.ad
143 +.sp .6
144 +.RS 4n
145 +Is the minimum SMB protocol level that will be negotiated,
146 +which must be one of: \fB1\fR, \fB2.1\fR
147 +This property can only be set in the default and server sections.
148 +The default value is \fB1\fR.
149 +.RE
150 +
151 +.sp
152 +.ne 2
153 +.na
154 +\fB\fBmax_protocol\fR\fR
155 +.ad
156 +.sp .6
157 +.RS 4n
158 +Is the maximum SMB protocol level that will be negotiated,
159 +which must be one of: \fB1\fR, \fB2.1\fR
160 +This property can only be set in the default and server sections.
161 +The default value is \fB2.1\fR.
162 +.RE
163 +
137 164 .sp
138 165 .ne 2
139 166 .na
140 167 \fB\fBnbns\fR\fR
141 168 .ad
142 169 .sp .6
143 170 .RS 4n
144 171 Specifies the DNS name or IP address of the NetBIOS/WINS name server. This
145 172 property can \fBonly\fR be set by an administrator by using the \fBsharectl\fR
146 173 command. This property can only be set in the default section. The default
147 174 value is empty, \fBnbns=""\fR.
148 175 .RE
149 176
150 177 .sp
151 178 .ne 2
152 179 .na
153 180 \fB\fBnbns_broadcast\fR\fR
154 181 .ad
155 182 .sp .6
156 183 .RS 4n
157 184 Specifies whether to perform NetBIOS/WINS broadcast lookups. Broadcast lookups
158 185 are less secure than unicast lookups. To prevent broadcast lookups, set the
159 186 value to \fBno\fR. This property has no effect if the \fBnbns_enable\fR
160 187 property is set to \fBno\fR or \fBfalse\fR. This property can \fBonly\fR be set
161 188 by an administrator by using the \fBsharectl\fR command. This property can only
162 189 be set in the default section. Valid values are \fByes\fR, \fBtrue\fR,
163 190 \fBno\fR, and \fBfalse\fR. The default value is \fByes\fR.
164 191 .RE
165 192
166 193 .sp
167 194 .ne 2
168 195 .na
169 196 \fB\fBnbns_enable\fR\fR
170 197 .ad
171 198 .sp .6
172 199 .RS 4n
173 200 Specifies whether to perform NetBIOS/WINS name lookups. To force all lookups to
174 201 be done through the name service switch (see \fBnsswitch.conf\fR(4)), set the
175 202 value to \fBno\fR. This property can \fBonly\fR be set by an administrator by
176 203 using the \fBsharectl\fR command. This property can only be set in the default
177 204 section. Valid values are \fByes\fR, \fBtrue\fR, \fBno\fR, and \fBfalse\fR. The
178 205 default value is \fByes\fR.
179 206 .RE
180 207
181 208 .sp
182 209 .ne 2
183 210 .na
184 211 \fB\fBpassword\fR\fR
185 212 .ad
186 213 .sp .6
187 214 .RS 4n
188 215 Specifies the password to use when authenticating a server. The \fBpassword\fR
189 216 property value is used as long as the \fB\&.nsmbrc\fR file can \fBonly\fR be
190 217 read and written by the owner. This property can be set in the default, server,
191 218 user, and share sections.
192 219 .sp
193 220 If you assign the hashed password from the \fBsmbutil crypt\fR command to the
194 221 \fBpassword\fR property, be sure to escape the special characters in the
195 222 password.
196 223 .RE
197 224
198 225 .sp
199 226 .ne 2
200 227 .na
201 228 \fB\fBsigning\fR\fR
202 229 .ad
203 230 .sp .6
204 231 .RS 4n
205 232 Specifies whether communications are digitally signed by SMB security
206 233 signatures for the Solaris CIFS client. This property can only be set in the
207 234 default and server sections. Valid values are \fBdisabled\fR, \fBenabled\fR,
208 235 and \fBrequired\fR. The default value is \fBdisabled\fR.
209 236 .sp
210 237 When set to \fBdisabled\fR, the client permits the use of SMB security
211 238 signatures only if the server requires signing. In such an instance, the
212 239 Solaris CIFS client ignores local property values.
213 240 .sp
214 241 When set to \fBenabled\fR, the client permits, but does not require, the use of
215 242 SMB security signatures.
216 243 .sp
217 244 When set to \fBrequired\fR, the client requires the use of SMB security
218 245 signatures. So, if SMB security signatures are disabled on a CIFS server and a
219 246 client has signing required, the client cannot connect to that server.
220 247 .RE
221 248
222 249 .sp
223 250 .ne 2
224 251 .na
225 252 \fB\fBtimeout\fR\fR
226 253 .ad
227 254 .sp .6
228 255 .RS 4n
229 256 Specifies the CIFS request timeout. By default, the timeout is 15 seconds. This
230 257 property can only be set in the default, server, and share sections.
231 258 .RE
232 259
233 260 .sp
234 261 .ne 2
235 262 .na
236 263 \fB\fBuser\fR\fR
237 264 .ad
238 265 .sp .6
239 266 .RS 4n
240 267 Specifies the user name to use when authenticating a server. The default value
241 268 is the Solaris account name of the user performing the authentication. This
242 269 property can only be set in the default and server sections.
243 270 .RE
244 271
245 272 .sp
246 273 .ne 2
247 274 .na
248 275 \fB\fBworkgroup\fR\fR
249 276 .ad
250 277 .sp .6
251 278 .RS 4n
252 279 Is supported for compatibility purposes and is a synonym for the \fBdomain\fR
253 280 property. Use the \fBdomain\fR property instead.
254 281 .RE
255 282
256 283 .SH EXAMPLES
257 284 .sp
258 285 .LP
259 286 The examples in this section show how to use the \fB\&.nsmbrc\fR file and the
260 287 \fBsmbutil\fR command to configure the \fBex.com\fR environment.
261 288 .sp
262 289 .LP
263 290 The \fBex.com\fR environment is described by means of these sections and
264 291 settings:
265 292 .RS +4
266 293 .TP
267 294 .ie t \(bu
268 295 .el o
269 296 The \fBdefault\fR section describes the default domain, which is called
270 297 \fBMYDOMAIN\fR, and sets a default user of \fBMYUSER\fR. These default settings
271 298 are inherited by other sections unless property values are overridden.
272 299 .RE
273 300 .RS +4
274 301 .TP
275 302 .ie t \(bu
276 303 .el o
277 304 \fBFSERVER\fR is a server section that defines a server called
278 305 \fBfserv.ex.com\fR. It is part of the \fBSALES\fR domain.
279 306 .RE
280 307 .RS +4
281 308 .TP
282 309 .ie t \(bu
283 310 .el o
284 311 \fBRSERVER\fR is a server section that defines a server called
285 312 \fBrserv.ex.com\fR that belongs to a new domain called \fBREMGROUP\fR.
286 313 .RE
287 314 .LP
288 315 \fBExample 1 \fRUsing the \fB$HOME/.nsmbrc\fR Configuration File
289 316 .sp
290 317 .LP
291 318 The following example shows how a user can configure the \fBex.com\fR
292 319 environment by creating the \fB\&.nsmbrc\fR file.
293 320
294 321 .sp
295 322 .LP
296 323 All lines that begin with the \fB#\fR character are comments and are not
297 324 parsed.
298 325
299 326 .sp
300 327 .in +2
301 328 .nf
302 329 # Configuration file for ex.com
303 330 # Specify the Windows account name to use everywhere.
304 331 [default]
305 332 domain=MYDOMAIN
306 333 user=MYUSER
307 334
308 335 # The 'FSERVER' is server in our domain.
309 336 [FSERVER]
310 337 addr=fserv.ex.com
311 338
312 339 # The 'RSERVER' is a server in another domain.
313 340 [RSERVER]
314 341 domain=REMGROUP
315 342 addr=rserv.ex.com
316 343 .fi
317 344 .in -2
318 345
319 346 .LP
320 347 \fBExample 2 \fRUsing the \fBsharectl\fR Command
321 348 .sp
322 349 .LP
323 350 The following example shows how an authorized user can use \fBsharectl\fR
324 351 commands to configure global settings for the \fBex.com\fR environment in SMF.
325 352
326 353 .sp
327 354 .in +2
328 355 .nf
329 356 # \fBsharectl set -p section=default -p domain=MYDOMAIN \e
330 357 -p user=MYUSER smbfs\fR
331 358 # \fBsharectl set -p section=FSERVER -p addr=fserv.ex.com smbfs\fR
332 359 # \fBsharectl set -p section=RSERVER -p domain=REMGROUP \e
333 360 -p addr=rserv.ex.com smbfs\fR
334 361 .fi
335 362 .in -2
336 363 .sp
337 364
338 365 .LP
339 366 \fBExample 3 \fRUsing the \fBsharectl\fR Command to Show Current Settings
340 367 .sp
341 368 .LP
342 369 The following example shows how an authorized user can use the \fBsharectl
343 370 get\fR command to view the global settings for \fBsmbfs\fR in SMF. The values
344 371 shown are those set by the previous example.
345 372
346 373 .sp
347 374 .in +2
348 375 .nf
349 376 # \fBsharectl get smbfs\fR
350 377 [default]
351 378 domain=MYDOMAIN
352 379 user=MYUSER
353 380 [FSERVER]
354 381 addr=fserv.ex.com
355 382 [RSERVER]
356 383 domain=REMGROUP
357 384 addr=rserv.ex.com
358 385 .fi
359 386 .in -2
360 387 .sp
361 388
362 389 .SH FILES
363 390 .sp
364 391 .ne 2
365 392 .na
366 393 \fB\fB$HOME/.nsmbrc\fR\fR
367 394 .ad
368 395 .sp .6
369 396 .RS 4n
370 397 User-settable mount point configuration file to store the description for each
371 398 connection.
372 399 .RE
373 400
374 401 .SH ATTRIBUTES
375 402 .sp
376 403 .LP
377 404 See \fBattributes\fR(5) for descriptions of the following attributes:
378 405 .sp
379 406
380 407 .sp
381 408 .TS
382 409 box;
383 410 c | c
384 411 l | l .
385 412 ATTRIBUTE TYPE ATTRIBUTE VALUE
386 413 _
387 414 Interface Stability Committed
388 415 .TE
389 416
390 417 .SH SEE ALSO
391 418 .sp
392 419 .LP
393 420 \fBsmbutil\fR(1), \fBmount_smbfs\fR(1M), \fBsharectl\fR(1M),
394 421 \fBnsswitch.conf\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5), \fBrbac\fR(5),
395 422 \fBsmbfs\fR(7FS)
396 423 .SH NOTES
397 424 .sp
398 425 .LP
399 426 By default, passwords stored in the \fB\&.nsmbrc\fR file are ignored unless
400 427 \fBonly\fR the file owner has read and write permission.
|
↓ open down ↓ |
254 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX