Print this page
NEX-15581 SMB keep-alive feature is just noise
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-15581 SMB keep-alive feature is just noise
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-9497 SMB should bypass ACL traverse checking
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-10019 SMB server min_protocol setting
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5273 SMB 3 Encryption
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-3549 smb(4) man page is out of date.
Reviewed by: Yuri Pankov <Yuri.Pankov@nexenta.com>
NEX-3611 CLONE NEX-3550 Replace smb2_enable with max_protocol
Reviewed by: Yuri Pankov <Yuri.Pankov@nexenta.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man4/smb.4
+++ new/usr/src/man/man4/smb.4
1 1 '\" te
2 2 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
3 -.\" Copyright 2011, Nexenta Systems, Inc. All Rights Reserved.
4 -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
5 -.\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
6 -.\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 -.TH SMB 4 "Sep 25, 2009"
3 +.\" Copyright 2017, Nexenta Systems, Inc. All Rights Reserved.
4 +.\" The contents of this file are subject to the terms of the
5 +.\" Common Development and Distribution License (the "License").
6 +.\" You may not use this file except in compliance with the License.
7 +.\"
8 +.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 +.\" or http://www.opensolaris.org/os/licensing.
10 +.\" See the License for the specific language governing permissions
11 +.\" and limitations under the License.
12 +.\"
13 +.\" When distributing Covered Code, include this CDDL HEADER in each
14 +.\" file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 +.\" If applicable, add the following below this CDDL HEADER, with the
16 +.\" fields enclosed by brackets "[]" replaced with your own identifying
17 +.\" information: Portions Copyright [yyyy] [name of copyright owner]
18 +.\"
19 +.TH SMB 4 "Apr 23, 2015"
8 20 .SH NAME
9 21 smb \- configuration properties for Solaris CIFS server
10 22 .SH DESCRIPTION
11 23 .LP
12 24 Behavior of the Solaris CIFS server is defined by property values that are
13 25 stored in the Service Management Facility, \fBsmf\fR(5).
14 26 .sp
15 27 .LP
16 28 An authorized user can use the \fBsharectl\fR(1M) command to set global values
17 29 for these properties in SMF.
18 30 .sp
19 31 .LP
20 32 The following list describes the properties:
21 33 .sp
22 34 .ne 2
23 35 .na
24 36 \fB\fBads_site\fR\fR
25 37 .ad
26 38 .sp .6
27 39 .RS 4n
28 40 Specifies the site configured in DNS to look up Active Directory information.
29 41 Sites provide a mechanism to partition or delegate administration and policy
30 42 management, which are typically used in large or complex domains.
31 43 .sp
32 44 The value should not be set if you do not have a local Active Directory site.
33 45 By default, no value is set.
34 46 .RE
35 47
36 48 .sp
37 49 .ne 2
38 50 .na
39 51 \fB\fBautohome_map\fR\fR
|
↓ open down ↓ |
22 lines elided |
↑ open up ↑ |
40 52 .ad
41 53 .sp .6
42 54 .RS 4n
43 55 Specifies the full path for the SMD autohome map file, \fBsmbautohome\fR. The
44 56 default path is \fB/etc\fR.
45 57 .RE
46 58
47 59 .sp
48 60 .ne 2
49 61 .na
62 +\fB\fBbypass_traverse_checking\fR\fR
63 +.ad
64 +.sp .6
65 +.RS 4n
66 +When set, allows the SMB server to bypass ACL "traverse" checks.
67 +The default value is \fBtrue\fR, for Windows compatibility.
68 +If this parameter is \fBfalse\fR, ACL checks require that
69 +"traverse" (directory execute) is granted on every directory
70 +above the directory the SMB client tries to access.
71 +Windows shares are normally setup with the higher level
72 +directories not specifically granting such access.
73 +.RE
74 +
75 +.sp
76 +.ne 2
77 +.na
50 78 \fB\fBdisposition\fR\fR
51 79 .ad
52 80 .sp .6
53 81 .RS 4n
54 82 A value that controls whether to disconnect the share or proceed if the map
55 83 command fails. The disposition property only has meaning when the map property
56 84 has been set. Otherwise it will have no effect.
57 85 .sp
58 86 .in +2
59 87 .nf
60 88 disposition = [ continue | terminate ]
61 89 .fi
62 90 .in -2
63 91 .sp
64 92
65 93 .sp
66 94 .ne 2
67 95 .na
68 96 \fB\fBcontinue\fR\fR
69 97 .ad
70 98 .sp .6
71 99 .RS 4n
72 100 Proceed with share connection if the map command fails. This is the default in
73 101 the event that disposition is not specified.
74 102 .RE
75 103
76 104 .sp
77 105 .ne 2
78 106 .na
79 107 \fB\fBterminate\fR\fR
80 108 .ad
81 109 .sp .6
82 110 .RS 4n
83 111 Disconnect the share if the map command fails.
84 112 .RE
85 113
86 114 .RE
87 115
88 116 .sp
89 117 .ne 2
90 118 .na
91 119 \fB\fBddns_enable\fR\fR
92 120 .ad
|
↓ open down ↓ |
33 lines elided |
↑ open up ↑ |
93 121 .sp .6
94 122 .RS 4n
95 123 Enables or disables dynamic DNS updates. A value of \fBtrue\fR enables dynamic
96 124 updates, while a value of \fBfalse\fR disables dynamic updates. By default, the
97 125 value is \fBfalse\fR.
98 126 .RE
99 127
100 128 .sp
101 129 .ne 2
102 130 .na
103 -\fB\fBipv6_enabled\fR\fR
131 +\fB\fBencrypt\fR\fR
104 132 .ad
105 133 .sp .6
106 134 .RS 4n
135 +Controls SMB3 Encryption. For requests on a particular share, the server's
136 +behavior is controlled by the stricter of this option and the per-share
137 +"encrypt" option.
138 +.sp
139 +When set to \fBdisabled\fR, the server will not ask clients to encrypt requests.
140 +When set to \fBenabled\fR, the server will ask clients to encrypt requests,
141 +but will not require that they do so. Any message that can be encrypted
142 +will be encrypted.
143 +When set to \fBrequired\fR, the server will deny access to or disconnect
144 +any client that does not support encryption or fails to encrypt requests
145 +that they should.
146 +.sp
147 +In other words, the \fBenabled\fR behavior is that any message that CAN
148 +be encrypted SHOULD be encrypted, while the \fBrequired\fR behavior is that any
149 +message that CAN be encrypted MUST be encrypted.
150 +.RE
151 +
152 +.sp
153 +.ne 2
154 +.na
155 +\fB\fBipv6_enable\fR\fR
156 +.ad
157 +.sp .6
158 +.RS 4n
107 159 Enables IPv6 Internet protocol support within the CIFS Service. Valid values
108 160 are \fBtrue\fR and \fBfalse\fR. The default value is \fBfalse\fR.
109 161 .RE
110 162
111 163 .sp
112 164 .ne 2
113 165 .na
114 166 \fB\fBkeep_alive\fR\fR
115 167 .ad
116 168 .sp .6
117 169 .RS 4n
118 170 Specifies the number of seconds before an idle SMB connection is dropped by the
119 171 Solaris CIFS server. If set to 0, idle connections are not dropped. Valid
120 -values are 0 and from 20 seconds and above. The default value is 5400 seconds.
172 +values are 0 and from 20 seconds and above. The default value is 0.
121 173 .RE
122 174
123 175 .sp
124 176 .ne 2
125 177 .na
126 178 \fB\fBlmauth_level\fR\fR
127 179 .ad
128 180 .sp .6
129 181 .RS 4n
130 182 Specifies the LAN Manager (LM) authentication level. The LM compatibility level
131 183 controls the type of user authentication to use in workgroup mode or domain
132 -mode. The default value is 3.
184 +mode. The default value is 4.
133 185 .sp
134 186 The following describes the behavior at each level.
135 187 .sp
136 188 .ne 2
137 189 .na
138 190 \fB2\fR
139 191 .ad
140 192 .RS 13n
141 193 In Windows workgroup mode, the Solaris CIFS server accepts LM, NTLM, LMv2, and
142 194 NTLMv2 requests. In domain mode, the SMB redirector on the Solaris CIFS server
143 195 sends NTLM requests.
144 196 .RE
145 197
146 198 .sp
147 199 .ne 2
148 200 .na
149 201 \fB3\fR
150 202 .ad
151 203 .RS 13n
152 204 In Windows workgroup mode, the Solaris CIFS server accepts LM, NTLM, LMv2, and
153 205 NTLMv2 requests. In domain mode, the SMB redirector on the Solaris CIFS server
154 206 sends LMv2 and NTLMv2 requests.
155 207 .RE
156 208
157 209 .sp
158 210 .ne 2
159 211 .na
160 212 \fB4\fR
161 213 .ad
162 214 .RS 13n
163 215 In Windows workgroup mode, the Solaris CIFS server accepts NTLM, LMv2, and
164 216 NTLMv2 requests. In domain mode, the SMB redirector on the Solaris CIFS server
165 217 sends LMv2 and NTLMv2 requests.
166 218 .RE
167 219
168 220 .sp
169 221 .ne 2
170 222 .na
171 223 \fB5\fR
172 224 .ad
173 225 .RS 13n
174 226 In Windows workgroup mode, the Solaris CIFS server accepts LMv2 and NTLMv2
175 227 requests. In domain mode, the SMB redirector on the Solaris CIFS server sends
176 228 LMv2 and NTLMv2 requests.
177 229 .RE
178 230
179 231 .RE
180 232
181 233 .sp
182 234 .ne 2
183 235 .na
184 236 \fB\fBmap\fR\fR
185 237 .ad
186 238 .sp .6
187 239 .RS 4n
188 240 The value is a command to be executed when connecting to the share. The command
189 241 can take the following arguments, which will be substituted when the command is
190 242 exec'd as described below:
191 243 .sp
192 244 .ne 2
193 245 .na
194 246 \fB\fB%U\fR\fR
195 247 .ad
196 248 .sp .6
197 249 .RS 4n
198 250 Windows username.
199 251 .RE
200 252
201 253 .sp
202 254 .ne 2
203 255 .na
204 256 \fB\fB%D\fR\fR
205 257 .ad
206 258 .sp .6
207 259 .RS 4n
208 260 Name of the domain or workgroup of \fB%U\fR.
209 261 .RE
210 262
211 263 .sp
212 264 .ne 2
213 265 .na
214 266 \fB\fB%h\fR\fR
215 267 .ad
216 268 .sp .6
217 269 .RS 4n
218 270 The server hostname.
219 271 .RE
220 272
221 273 .sp
222 274 .ne 2
223 275 .na
224 276 \fB\fB%M\fR\fR
225 277 .ad
226 278 .sp .6
227 279 .RS 4n
228 280 The client hostname, or \fB""\fR if not available.
229 281 .RE
230 282
231 283 .sp
232 284 .ne 2
233 285 .na
234 286 \fB\fB%L\fR\fR
235 287 .ad
236 288 .sp .6
237 289 .RS 4n
238 290 The server NetBIOS name.
239 291 .RE
240 292
241 293 .sp
242 294 .ne 2
243 295 .na
244 296 \fB\fB%m\fR\fR
245 297 .ad
246 298 .sp .6
247 299 .RS 4n
248 300 The client NetBIOS name, or \fB""\fR if not available. This option is only
249 301 valid for NetBIOS connections (port 139).
250 302 .RE
251 303
252 304 .sp
253 305 .ne 2
254 306 .na
255 307 \fB\fB%I\fR\fR
256 308 .ad
257 309 .sp .6
258 310 .RS 4n
259 311 The IP address of the client machine.
260 312 .RE
261 313
262 314 .sp
263 315 .ne 2
264 316 .na
265 317 \fB\fB%i\fR\fR
266 318 .ad
267 319 .sp .6
268 320 .RS 4n
269 321 The local IP address to which the client is connected.
270 322 .RE
271 323
272 324 .sp
273 325 .ne 2
274 326 .na
275 327 \fB\fB%S\fR\fR
276 328 .ad
277 329 .sp .6
278 330 .RS 4n
279 331 The name of the share.
280 332 .RE
281 333
282 334 .sp
283 335 .ne 2
284 336 .na
285 337 \fB\fB%P\fR\fR
286 338 .ad
287 339 .sp .6
288 340 .RS 4n
289 341 The root directory of the share.
290 342 .RE
291 343
292 344 .sp
293 345 .ne 2
294 346 .na
295 347 \fB\fB%u\fR\fR
296 348 .ad
297 349 .sp .6
298 350 .RS 4n
299 351 The UID of the Unix user.
300 352 .RE
301 353
302 354 .RE
303 355
304 356 .sp
305 357 .ne 2
306 358 .na
307 359 \fB\fBmax_protocol\fR\fR
308 360 .ad
|
↓ open down ↓ |
166 lines elided |
↑ open up ↑ |
309 361 .sp .6
310 362 .RS 4n
311 363 Specifies the maximum SMB protocol level that the SMB service
312 364 should allow clients to negotiate. The default value is \fB2.1\fR.
313 365 Valid settings include: \fB1\fR, \fB2.1\fR, \fB3.0\fR
314 366 .RE
315 367
316 368 .sp
317 369 .ne 2
318 370 .na
371 +\fB\fBmin_protocol\fR\fR
372 +.ad
373 +.sp .6
374 +.RS 4n
375 +Specifies the minimum SMB protocol level that the SMB service
376 +should allow clients to negotiate. The default value is \fB1\fR.
377 +Valid settings include: \fB1\fR, \fB2.1\fR, \fB3.0\fR
378 +.RE
379 +
380 +.sp
381 +.ne 2
382 +.na
319 383 \fB\fBmax_workers\fR\fR
320 384 .ad
321 385 .sp .6
322 386 .RS 4n
323 387 Specifies the maximum number of worker threads that will be launched to process
324 388 incoming CIFS requests. The SMB \fBmax_mpx\fR value, which indicates to a
325 389 client the maximum number of outstanding SMB requests that it may have pending
326 390 on the server, is derived from the \fBmax_workers\fR value. To ensure
327 391 compatibility with older versions of Windows the lower 8-bits of \fBmax_mpx\fR
328 392 must not be zero. If the lower byte of \fBmax_workers\fR is zero, \fB64\fR is
329 393 added to the value. Thus the minimum value is \fB64\fR and the default value,
330 394 which appears in \fBsharectl\fR(1M) as \fB1024\fR, is \fB1088\fR.
331 395 .RE
332 396
333 397 .sp
334 398 .ne 2
335 399 .na
400 +\fB\fBnetbios_enable\fR\fR
401 +.ad
402 +.sp .6
403 +.RS 4n
404 +Controls whether NetBIOS services are active, including the NetBIOS
405 +listener (port 139), NetBIOS datagram service (port 138) and the
406 +NetBIOS name service (port 137). The default value is \fBfalse\fR.
407 +.RE
408 +
409 +.sp
410 +.ne 2
411 +.na
336 412 \fB\fBnetbios_scope\fR\fR
337 413 .ad
338 414 .sp .6
339 415 .RS 4n
340 416 Specifies the NetBIOS scope identifier, which identifies logical NetBIOS
341 417 networks that are on the same physical network. When you specify a NetBIOS
342 418 scope identifier, the server filters the number of machines that are listed in
343 419 the browser display to make it easier to find other hosts. The value is a text
344 420 string that represents a domain name. By default, no value is set.
345 421 .RE
346 422
347 423 .sp
348 424 .ne 2
349 425 .na
426 +\fB\fBoplock_enable\fR\fR
427 +.ad
428 +.sp .6
429 +.RS 4n
430 +Controls whether "oplocks" may be granted by the SMB server.
431 +The term "oplock" is short for "opportunistic lock", which is
432 +the legacy name for cache delegations in SMB.
433 +By default, oplocks are enabled.
434 +Note that if oplocks are disabled, file I/O perfrormance may be
435 +severely reduced.
436 +.RE
437 +
438 +.sp
439 +.ne 2
440 +.na
350 441 \fB\fBpdc\fR\fR
351 442 .ad
352 443 .sp .6
353 444 .RS 4n
354 -Specifies the preferred IP address for the domain controller. This property is
445 +Specifies the host name of the preferred domain controller. This property is
355 446 sometimes used when there are multiple domain controllers to indicate which one
356 447 is preferred. If the specified domain controller responds, it is chosen even if
357 448 the other domain controllers are also available. By default, no value is set.
358 449 .RE
359 450
360 451 .sp
361 452 .ne 2
362 453 .na
454 +\fB\fBprint_enable\fR\fR
455 +.ad
456 +.sp .6
457 +.RS 4n
458 +Controls whether the SMB printing service is active.
459 +The default value is \fBfalse\fR.
460 +.RE
461 +
462 +.sp
463 +.ne 2
464 +.na
363 465 \fB\fBrestrict_anonymous\fR\fR
364 466 .ad
365 467 .sp .6
366 468 .RS 4n
367 469 Disables anonymous access to IPC$, which requires that the client be
368 470 authenticated to get access to MSRPC services through IPC$. A value of
369 471 \fBtrue\fR disables anonymous access to IPC$, while a value of \fBfalse\fR
370 472 enables anonymous access.
371 473 .RE
372 474
373 475 .sp
374 476 .ne 2
375 477 .na
376 478 \fB\fBsigning_enabled\fR\fR
377 479 .ad
378 480 .sp .6
379 481 .RS 4n
380 482 Enables SMB signing. When signing is enabled but not required it is possible
381 483 for clients to connect regardless of whether or not the client supports SMB
382 484 signing. If a packet has been signed, the signature will be verified. If a
383 485 packet has not been signed it will be accepted without signature verification.
384 486 Valid values are \fBtrue\fR and \fBfalse\fR. The default value is \fBfalse\fR.
385 487 .RE
386 488
387 489 .sp
388 490 .ne 2
389 491 .na
390 492 \fB\fBsigning_required\fR\fR
|
↓ open down ↓ |
18 lines elided |
↑ open up ↑ |
391 493 .ad
392 494 .sp .6
393 495 .RS 4n
394 496 When SMB signing is required, all packets must be signed or they will be
395 497 rejected, and clients that do not support signing will be unable to connect to
396 498 the server. The \fBsigning_required\fR setting is only taken into account when
397 499 \fBsigning_enabled\fR is \fBtrue\fR. Valid values are \fBtrue\fR and
398 500 \fBfalse\fR. The default value is \fBfalse\fR.
399 501 .RE
400 502
503 +.\" There is also: smb2_enable, but the next commit removes it.
504 +
401 505 .sp
402 506 .ne 2
403 507 .na
404 508 \fB\fBsystem_comment\fR\fR
405 509 .ad
406 510 .sp .6
407 511 .RS 4n
408 512 Specifies an optional description for the system, which is a text string. This
409 513 property value might appear in various places, such as Network Neighborhood or
410 514 Network Places on Windows clients. By default, no value is set.
411 515 .RE
412 516
413 517 .sp
414 518 .ne 2
415 519 .na
416 520 \fB\fBtraverse_mounts\fR\fR
417 521 .ad
418 522 .sp .6
419 523 .RS 4n
420 524 The \fBtraverse_mounts\fR setting determines how the SMB server
421 525 presents sub-mounts underneath an SMB share. When \fBtraverse_mounts\fR
422 526 is \fBtrue\fR (the default), sub-mounts are presented to SMB clients
423 527 like any other subdirectory. When \fBtraverse_mounts\fR is \fBfalse\fR,
424 528 sub-mounts are not shown to SMB clients.
425 529 .RE
426 530
427 531 .sp
428 532 .ne 2
429 533 .na
430 534 \fB\fBunmap\fR\fR
431 535 .ad
432 536 .sp .6
433 537 .RS 4n
434 538 The value is a command to be executed when disconnecting the share. The command
435 539 can take the same substitutions listed on the \fBmap\fR property.
436 540 .RE
437 541
438 542 .sp
439 543 .ne 2
440 544 .na
441 545 \fB\fBwins_exclude\fR\fR
442 546 .ad
443 547 .sp .6
444 548 .RS 4n
445 549 Specifies a comma-separated list of network interfaces that should not be
446 550 registered with WINS. NetBIOS host announcements are made on excluded
447 551 interfaces.
448 552 .RE
449 553
450 554 .sp
451 555 .ne 2
452 556 .na
453 557 \fB\fBwins_server_1\fR\fR
454 558 .ad
455 559 .sp .6
456 560 .RS 4n
457 561 Specifies the IP address of the primary WINS server. By default, no value is
458 562 set.
459 563 .RE
460 564
461 565 .sp
462 566 .ne 2
463 567 .na
464 568 \fB\fBwins_server_2\fR\fR
465 569 .ad
466 570 .sp .6
467 571 .RS 4n
468 572 Specifies the IP address of the secondary WINS server. By default, no value is
469 573 set.
470 574 .RE
471 575
472 576 .SH ATTRIBUTES
473 577 .LP
474 578 See the \fBattributes\fR(5) man page for descriptions of the following
475 579 attributes:
476 580 .sp
477 581
478 582 .sp
479 583 .TS
480 584 box;
481 585 c | c
482 586 l | l .
483 587 ATTRIBUTE TYPE ATTRIBUTE VALUE
484 588 _
485 589 Interface Stability Uncommitted
486 590 .TE
487 591
488 592 .SH SEE ALSO
489 593 .LP
490 594 \fBsharectl\fR(1M), \fBsmbadm\fR(1M), \fBsmbd\fR(1M), \fBsmbstat\fR(1M),
491 595 \fBattributes\fR(5), \fBsmf\fR(5)
|
↓ open down ↓ |
81 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX