1 SMB(4) File Formats and Configurations SMB(4) 2 3 4 5 NAME 6 smb - configuration properties for Solaris CIFS server 7 8 DESCRIPTION 9 Behavior of the Solaris CIFS server is defined by property values that 10 are stored in the Service Management Facility, smf(5). 11 12 13 An authorized user can use the sharectl(1M) command to set global 14 values for these properties in SMF. 15 16 17 The following list describes the properties: 18 19 ads_site 20 21 Specifies the site configured in DNS to look up Active Directory 22 information. Sites provide a mechanism to partition or delegate 23 administration and policy management, which are typically used in 24 large or complex domains. 25 26 The value should not be set if you do not have a local Active 27 Directory site. By default, no value is set. 28 29 30 autohome_map 31 32 Specifies the full path for the SMD autohome map file, smbautohome. 33 The default path is /etc. 34 35 36 bypass_traverse_checking 37 38 When set, allows the SMB server to bypass ACL "traverse" checks. 39 The default value is true, for Windows compatibility. If this 40 parameter is false, ACL checks require that "traverse" (directory 41 execute) is granted on every directory above the directory the SMB 42 client tries to access. Windows shares are normally setup with the 43 higher level directories not specifically granting such access. 44 45 46 disposition 47 48 A value that controls whether to disconnect the share or proceed if 49 the map command fails. The disposition property only has meaning 50 when the map property has been set. Otherwise it will have no 51 effect. 52 53 disposition = [ continue | terminate ] 54 55 56 57 continue 58 59 Proceed with share connection if the map command fails. This is 60 the default in the event that disposition is not specified. 61 62 63 terminate 64 65 Disconnect the share if the map command fails. 66 67 68 69 ddns_enable 70 71 Enables or disables dynamic DNS updates. A value of true enables 72 dynamic updates, while a value of false disables dynamic updates. 73 By default, the value is false. 74 75 76 encrypt 77 78 Controls SMB3 Encryption. For requests on a particular share, the 79 server's behavior is controlled by the stricter of this option and 80 the per-share "encrypt" option. 81 82 When set to disabled, the server will not ask clients to encrypt 83 requests. When set to enabled, the server will ask clients to 84 encrypt requests, but will not require that they do so. Any message 85 that can be encrypted will be encrypted. When set to required, the 86 server will deny access to or disconnect any client that does not 87 support encryption or fails to encrypt requests that they should. 88 89 In other words, the enabled behavior is that any message that CAN 90 be encrypted SHOULD be encrypted, while the required behavior is 91 that any message that CAN be encrypted MUST be encrypted. 92 93 94 encrypt_cipher 95 96 Specifies SMB 3.1.1 Encryption Cipher. This property is only used 97 when encryption is On (see encrypt property) and negotiated SMB 98 dialect is 3.1.1 or higher (see max_protocol property). Otherwise 99 it is ignored. If the property is not set the default encryption 100 algorith is AES-128-GCM. 101 102 The property can be set to one of these values: 103 104 aes128-ccm 105 AES-128-CCM. This is the only cipher used for SMB 106 3.0.2 dialect. It is deprecated by AES-128-GCM cipher. 107 108 109 aes128-gcm 110 AES-128-GCM. This is default cipher for SMB 3.1.1 111 dialect. 112 113 114 115 ipv6_enable 116 117 Enables IPv6 Internet protocol support within the CIFS Service. 118 Valid values are true and false. The default value is false. 119 120 121 keep_alive 122 123 Specifies the number of seconds before an idle SMB connection is 124 dropped by the Solaris CIFS server. If set to 0, idle connections 125 are not dropped. Valid values are 0 and from 20 seconds and above. 126 The default value is 0. 127 128 129 lmauth_level 130 131 Specifies the LAN Manager (LM) authentication level. The LM 132 compatibility level controls the type of user authentication to use 133 in workgroup mode or domain mode. The default value is 3. 134 135 The following describes the behavior at each level. 136 137 2 138 In Windows workgroup mode, the Solaris CIFS server 139 accepts LM, NTLM, LMv2, and NTLMv2 requests. In domain 140 mode, the SMB redirector on the Solaris CIFS server 141 sends NTLM requests. 142 143 144 3 145 In Windows workgroup mode, the Solaris CIFS server 146 accepts LM, NTLM, LMv2, and NTLMv2 requests. In domain 147 mode, the SMB redirector on the Solaris CIFS server 148 sends LMv2 and NTLMv2 requests. 149 150 151 4 152 In Windows workgroup mode, the Solaris CIFS server 153 accepts NTLM, LMv2, and NTLMv2 requests. In domain 154 mode, the SMB redirector on the Solaris CIFS server 155 sends LMv2 and NTLMv2 requests. 156 157 158 5 159 In Windows workgroup mode, the Solaris CIFS server 160 accepts LMv2 and NTLMv2 requests. In domain mode, the 161 SMB redirector on the Solaris CIFS server sends LMv2 162 and NTLMv2 requests. 163 164 165 166 map 167 168 The value is a command to be executed when connecting to the share. 169 The command can take the following arguments, which will be 170 substituted when the command is exec'd as described below: 171 172 %U 173 174 Windows username. 175 176 177 %D 178 179 Name of the domain or workgroup of %U. 180 181 182 %h 183 184 The server hostname. 185 186 187 %M 188 189 The client hostname, or "" if not available. 190 191 192 %L 193 194 The server NetBIOS name. 195 196 197 %m 198 199 The client NetBIOS name, or "" if not available. This option is 200 only valid for NetBIOS connections (port 139). 201 202 203 %I 204 205 The IP address of the client machine. 206 207 208 %i 209 210 The local IP address to which the client is connected. 211 212 213 %S 214 215 The name of the share. 216 217 218 %P 219 220 The root directory of the share. 221 222 223 %u 224 225 The UID of the Unix user. 226 227 228 229 max_protocol 230 231 Specifies the maximum SMB protocol level that the SMB service 232 should allow clients to negotiate. The default value is 2.1. 233 Valid settings include: 1, 2.1, 3.0 234 235 236 min_protocol 237 238 Specifies the minimum SMB protocol level that the SMB service 239 should allow clients to negotiate. The default value is 1. Valid 240 settings include: 1, 2.1, 3.0 241 242 243 max_workers 244 245 Specifies the maximum number of worker threads that will be 246 launched to process incoming CIFS requests. The SMB max_mpx value, 247 which indicates to a client the maximum number of outstanding SMB 248 requests that it may have pending on the server, is derived from 249 the max_workers value. To ensure compatibility with older versions 250 of Windows the lower 8-bits of max_mpx must not be zero. If the 251 lower byte of max_workers is zero, 64 is added to the value. Thus 252 the minimum value is 64 and the default value, which appears in 253 sharectl(1M) as 1024, is 1088. 254 255 256 netbios_scope 257 258 Specifies the NetBIOS scope identifier, which identifies logical 259 NetBIOS networks that are on the same physical network. When you 260 specify a NetBIOS scope identifier, the server filters the number 261 of machines that are listed in the browser display to make it 262 easier to find other hosts. The value is a text string that 263 represents a domain name. By default, no value is set. 264 265 266 oplock_enable 267 268 Controls whether "oplocks" may be granted by the SMB server. The 269 term "oplock" is short for "opportunistic lock", which is the 270 legacy name for cache delegations in SMB. By default, oplocks are 271 enabled. Note that if oplocks are disabled, file I/O perfrormance 272 may be severely reduced. 273 274 275 pdc 276 277 Specifies the preferred IP address for the domain controller. This 278 property is sometimes used when there are multiple domain 279 controllers to indicate which one is preferred. If the specified 280 domain controller responds, it is chosen even if the other domain 281 controllers are also available. By default, no value is set. 282 283 284 restrict_anonymous 285 286 Disables anonymous access to IPC$, which requires that the client 287 be authenticated to get access to MSRPC services through IPC$. A 288 value of true disables anonymous access to IPC$, while a value of 289 false enables anonymous access. 290 291 292 signing_enabled 293 294 Enables SMB signing. When signing is enabled but not required it is 295 possible for clients to connect regardless of whether or not the 296 client supports SMB signing. If a packet has been signed, the 297 signature will be verified. If a packet has not been signed it will 298 be accepted without signature verification. Valid values are true 299 and false. The default value is false. 300 301 302 signing_required 303 304 When SMB signing is required, all packets must be signed or they 305 will be rejected, and clients that do not support signing will be 306 unable to connect to the server. The signing_required setting is 307 only taken into account when signing_enabled is true. Valid values 308 are true and false. The default value is false. 309 310 311 system_comment 312 313 Specifies an optional description for the system, which is a text 314 string. This property value might appear in various places, such as 315 Network Neighborhood or Network Places on Windows clients. By 316 default, no value is set. 317 318 319 traverse_mounts 320 321 The traverse_mounts setting determines how the SMB server presents 322 sub-mounts underneath an SMB share. When traverse_mounts is true 323 (the default), sub-mounts are presented to SMB clients like any 324 other subdirectory. When traverse_mounts is false, sub-mounts are 325 not shown to SMB clients. 326 327 328 unmap 329 330 The value is a command to be executed when disconnecting the share. 331 The command can take the same substitutions listed on the map 332 property. 333 334 335 wins_exclude 336 337 Specifies a comma-separated list of network interfaces that should 338 not be registered with WINS. NetBIOS host announcements are made on 339 excluded interfaces. 340 341 342 wins_server_1 343 344 Specifies the IP address of the primary WINS server. By default, no 345 value is set. 346 347 348 wins_server_2 349 350 Specifies the IP address of the secondary WINS server. By default, 351 no value is set. 352 353 354 ATTRIBUTES 355 See the attributes(5) man page for descriptions of the following 356 attributes: 357 358 359 360 361 +--------------------+-----------------+ 362 | ATTRIBUTE TYPE | ATTRIBUTE VALUE | 363 +--------------------+-----------------+ 364 |Interface Stability | Uncommitted | 365 +--------------------+-----------------+ 366 367 SEE ALSO 368 sharectl(1M), smbadm(1M), smbd(1M), smbstat(1M), attributes(5), smf(5) 369 370 371 372 April 23, 2015 SMB(4)