Print this page
NEX-15581 SMB keep-alive feature is just noise
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-15581 SMB keep-alive feature is just noise
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-9497 SMB should bypass ACL traverse checking
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-10019 SMB server min_protocol setting
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5273 SMB 3 Encryption
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-3549 smb(4) man page is out of date.
Reviewed by: Yuri Pankov <Yuri.Pankov@nexenta.com>
NEX-3611 CLONE NEX-3550 Replace smb2_enable with max_protocol
Reviewed by: Yuri Pankov <Yuri.Pankov@nexenta.com>
@@ -1,12 +1,24 @@
'\" te
.\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
-.\" Copyright 2011, Nexenta Systems, Inc. All Rights Reserved.
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
-.\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
-.\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH SMB 4 "Sep 25, 2009"
+.\" Copyright 2017, Nexenta Systems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the
+.\" Common Development and Distribution License (the "License").
+.\" You may not use this file except in compliance with the License.
+.\"
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+.\" or http://www.opensolaris.org/os/licensing.
+.\" See the License for the specific language governing permissions
+.\" and limitations under the License.
+.\"
+.\" When distributing Covered Code, include this CDDL HEADER in each
+.\" file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+.\" If applicable, add the following below this CDDL HEADER, with the
+.\" fields enclosed by brackets "[]" replaced with your own identifying
+.\" information: Portions Copyright [yyyy] [name of copyright owner]
+.\"
+.TH SMB 4 "Apr 23, 2015"
.SH NAME
smb \- configuration properties for Solaris CIFS server
.SH DESCRIPTION
.LP
Behavior of the Solaris CIFS server is defined by property values that are
@@ -45,10 +57,26 @@
.RE
.sp
.ne 2
.na
+\fB\fBbypass_traverse_checking\fR\fR
+.ad
+.sp .6
+.RS 4n
+When set, allows the SMB server to bypass ACL "traverse" checks.
+The default value is \fBtrue\fR, for Windows compatibility.
+If this parameter is \fBfalse\fR, ACL checks require that
+"traverse" (directory execute) is granted on every directory
+above the directory the SMB client tries to access.
+Windows shares are normally setup with the higher level
+directories not specifically granting such access.
+.RE
+
+.sp
+.ne 2
+.na
\fB\fBdisposition\fR\fR
.ad
.sp .6
.RS 4n
A value that controls whether to disconnect the share or proceed if the map
@@ -98,14 +126,38 @@
.RE
.sp
.ne 2
.na
-\fB\fBipv6_enabled\fR\fR
+\fB\fBencrypt\fR\fR
.ad
.sp .6
.RS 4n
+Controls SMB3 Encryption. For requests on a particular share, the server's
+behavior is controlled by the stricter of this option and the per-share
+"encrypt" option.
+.sp
+When set to \fBdisabled\fR, the server will not ask clients to encrypt requests.
+When set to \fBenabled\fR, the server will ask clients to encrypt requests,
+but will not require that they do so. Any message that can be encrypted
+will be encrypted.
+When set to \fBrequired\fR, the server will deny access to or disconnect
+any client that does not support encryption or fails to encrypt requests
+that they should.
+.sp
+In other words, the \fBenabled\fR behavior is that any message that CAN
+be encrypted SHOULD be encrypted, while the \fBrequired\fR behavior is that any
+message that CAN be encrypted MUST be encrypted.
+.RE
+
+.sp
+.ne 2
+.na
+\fB\fBipv6_enable\fR\fR
+.ad
+.sp .6
+.RS 4n
Enables IPv6 Internet protocol support within the CIFS Service. Valid values
are \fBtrue\fR and \fBfalse\fR. The default value is \fBfalse\fR.
.RE
.sp
@@ -115,11 +167,11 @@
.ad
.sp .6
.RS 4n
Specifies the number of seconds before an idle SMB connection is dropped by the
Solaris CIFS server. If set to 0, idle connections are not dropped. Valid
-values are 0 and from 20 seconds and above. The default value is 5400 seconds.
+values are 0 and from 20 seconds and above. The default value is 0.
.RE
.sp
.ne 2
.na
@@ -127,11 +179,11 @@
.ad
.sp .6
.RS 4n
Specifies the LAN Manager (LM) authentication level. The LM compatibility level
controls the type of user authentication to use in workgroup mode or domain
-mode. The default value is 3.
+mode. The default value is 4.
.sp
The following describes the behavior at each level.
.sp
.ne 2
.na
@@ -314,10 +366,22 @@
.RE
.sp
.ne 2
.na
+\fB\fBmin_protocol\fR\fR
+.ad
+.sp .6
+.RS 4n
+Specifies the minimum SMB protocol level that the SMB service
+should allow clients to negotiate. The default value is \fB1\fR.
+Valid settings include: \fB1\fR, \fB2.1\fR, \fB3.0\fR
+.RE
+
+.sp
+.ne 2
+.na
\fB\fBmax_workers\fR\fR
.ad
.sp .6
.RS 4n
Specifies the maximum number of worker threads that will be launched to process
@@ -331,10 +395,22 @@
.RE
.sp
.ne 2
.na
+\fB\fBnetbios_enable\fR\fR
+.ad
+.sp .6
+.RS 4n
+Controls whether NetBIOS services are active, including the NetBIOS
+listener (port 139), NetBIOS datagram service (port 138) and the
+NetBIOS name service (port 137). The default value is \fBfalse\fR.
+.RE
+
+.sp
+.ne 2
+.na
\fB\fBnetbios_scope\fR\fR
.ad
.sp .6
.RS 4n
Specifies the NetBIOS scope identifier, which identifies logical NetBIOS
@@ -345,23 +421,49 @@
.RE
.sp
.ne 2
.na
+\fB\fBoplock_enable\fR\fR
+.ad
+.sp .6
+.RS 4n
+Controls whether "oplocks" may be granted by the SMB server.
+The term "oplock" is short for "opportunistic lock", which is
+the legacy name for cache delegations in SMB.
+By default, oplocks are enabled.
+Note that if oplocks are disabled, file I/O perfrormance may be
+severely reduced.
+.RE
+
+.sp
+.ne 2
+.na
\fB\fBpdc\fR\fR
.ad
.sp .6
.RS 4n
-Specifies the preferred IP address for the domain controller. This property is
+Specifies the host name of the preferred domain controller. This property is
sometimes used when there are multiple domain controllers to indicate which one
is preferred. If the specified domain controller responds, it is chosen even if
the other domain controllers are also available. By default, no value is set.
.RE
.sp
.ne 2
.na
+\fB\fBprint_enable\fR\fR
+.ad
+.sp .6
+.RS 4n
+Controls whether the SMB printing service is active.
+The default value is \fBfalse\fR.
+.RE
+
+.sp
+.ne 2
+.na
\fB\fBrestrict_anonymous\fR\fR
.ad
.sp .6
.RS 4n
Disables anonymous access to IPC$, which requires that the client be
@@ -396,10 +498,12 @@
the server. The \fBsigning_required\fR setting is only taken into account when
\fBsigning_enabled\fR is \fBtrue\fR. Valid values are \fBtrue\fR and
\fBfalse\fR. The default value is \fBfalse\fR.
.RE
+.\" There is also: smb2_enable, but the next commit removes it.
+
.sp
.ne 2
.na
\fB\fBsystem_comment\fR\fR
.ad