Print this page
12513 SMB 3.1.1 support for server
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man4/smb.4.man.txt
+++ new/usr/src/man/man4/smb.4.man.txt
1 1 SMB(4) File Formats and Configurations SMB(4)
2 2
3 3
4 4
5 5 NAME
6 6 smb - configuration properties for Solaris CIFS server
7 7
8 8 DESCRIPTION
9 9 Behavior of the Solaris CIFS server is defined by property values that
10 10 are stored in the Service Management Facility, smf(5).
11 11
12 12
13 13 An authorized user can use the sharectl(1M) command to set global
14 14 values for these properties in SMF.
15 15
16 16
17 17 The following list describes the properties:
18 18
19 19 ads_site
20 20
21 21 Specifies the site configured in DNS to look up Active Directory
22 22 information. Sites provide a mechanism to partition or delegate
23 23 administration and policy management, which are typically used in
24 24 large or complex domains.
25 25
26 26 The value should not be set if you do not have a local Active
27 27 Directory site. By default, no value is set.
28 28
29 29
30 30 autohome_map
31 31
32 32 Specifies the full path for the SMD autohome map file, smbautohome.
33 33 The default path is /etc.
34 34
35 35
36 36 bypass_traverse_checking
37 37
38 38 When set, allows the SMB server to bypass ACL "traverse" checks.
39 39 The default value is true, for Windows compatibility. If this
40 40 parameter is false, ACL checks require that "traverse" (directory
41 41 execute) is granted on every directory above the directory the SMB
42 42 client tries to access. Windows shares are normally setup with the
43 43 higher level directories not specifically granting such access.
44 44
45 45
46 46 disposition
47 47
48 48 A value that controls whether to disconnect the share or proceed if
49 49 the map command fails. The disposition property only has meaning
50 50 when the map property has been set. Otherwise it will have no
51 51 effect.
52 52
53 53 disposition = [ continue | terminate ]
54 54
55 55
56 56
57 57 continue
58 58
59 59 Proceed with share connection if the map command fails. This is
60 60 the default in the event that disposition is not specified.
61 61
62 62
63 63 terminate
64 64
65 65 Disconnect the share if the map command fails.
66 66
67 67
68 68
69 69 ddns_enable
70 70
71 71 Enables or disables dynamic DNS updates. A value of true enables
72 72 dynamic updates, while a value of false disables dynamic updates.
73 73 By default, the value is false.
74 74
75 75
76 76 encrypt
77 77
78 78 Controls SMB3 Encryption. For requests on a particular share, the
79 79 server's behavior is controlled by the stricter of this option and
80 80 the per-share "encrypt" option.
81 81
82 82 When set to disabled, the server will not ask clients to encrypt
83 83 requests. When set to enabled, the server will ask clients to
|
↓ open down ↓ |
83 lines elided |
↑ open up ↑ |
84 84 encrypt requests, but will not require that they do so. Any message
85 85 that can be encrypted will be encrypted. When set to required, the
86 86 server will deny access to or disconnect any client that does not
87 87 support encryption or fails to encrypt requests that they should.
88 88
89 89 In other words, the enabled behavior is that any message that CAN
90 90 be encrypted SHOULD be encrypted, while the required behavior is
91 91 that any message that CAN be encrypted MUST be encrypted.
92 92
93 93
94 + encrypt_cipher
95 +
96 + Specifies SMB 3.1.1 Encryption Cipher. This property is only used
97 + when encryption is On (see encrypt property) and negotiated SMB
98 + dialect is 3.1.1 or higher (see max_protocol property). Otherwise
99 + it is ignored. If the property is not set the default encryption
100 + algorith is AES-128-GCM.
101 +
102 + The property can be set to one of these values:
103 +
104 + aes128-ccm
105 + AES-128-CCM. This is the only cipher used for SMB
106 + 3.0.2 dialect. It is deprecated by AES-128-GCM cipher.
107 +
108 +
109 + aes128-gcm
110 + AES-128-GCM. This is default cipher for SMB 3.1.1
111 + dialect.
112 +
113 +
114 +
94 115 ipv6_enable
95 116
96 117 Enables IPv6 Internet protocol support within the CIFS Service.
97 118 Valid values are true and false. The default value is false.
98 119
99 120
100 121 keep_alive
101 122
102 123 Specifies the number of seconds before an idle SMB connection is
103 124 dropped by the Solaris CIFS server. If set to 0, idle connections
104 125 are not dropped. Valid values are 0 and from 20 seconds and above.
105 126 The default value is 0.
106 127
107 128
108 129 lmauth_level
109 130
110 131 Specifies the LAN Manager (LM) authentication level. The LM
111 132 compatibility level controls the type of user authentication to use
112 133 in workgroup mode or domain mode. The default value is 3.
113 134
114 135 The following describes the behavior at each level.
115 136
116 137 2
117 138 In Windows workgroup mode, the Solaris CIFS server
118 139 accepts LM, NTLM, LMv2, and NTLMv2 requests. In domain
119 140 mode, the SMB redirector on the Solaris CIFS server
120 141 sends NTLM requests.
121 142
122 143
123 144 3
124 145 In Windows workgroup mode, the Solaris CIFS server
125 146 accepts LM, NTLM, LMv2, and NTLMv2 requests. In domain
126 147 mode, the SMB redirector on the Solaris CIFS server
127 148 sends LMv2 and NTLMv2 requests.
128 149
129 150
130 151 4
131 152 In Windows workgroup mode, the Solaris CIFS server
132 153 accepts NTLM, LMv2, and NTLMv2 requests. In domain
133 154 mode, the SMB redirector on the Solaris CIFS server
134 155 sends LMv2 and NTLMv2 requests.
135 156
136 157
137 158 5
138 159 In Windows workgroup mode, the Solaris CIFS server
139 160 accepts LMv2 and NTLMv2 requests. In domain mode, the
140 161 SMB redirector on the Solaris CIFS server sends LMv2
141 162 and NTLMv2 requests.
142 163
143 164
144 165
145 166 map
146 167
147 168 The value is a command to be executed when connecting to the share.
148 169 The command can take the following arguments, which will be
149 170 substituted when the command is exec'd as described below:
150 171
151 172 %U
152 173
153 174 Windows username.
154 175
155 176
156 177 %D
157 178
158 179 Name of the domain or workgroup of %U.
159 180
160 181
161 182 %h
162 183
163 184 The server hostname.
164 185
165 186
166 187 %M
167 188
168 189 The client hostname, or "" if not available.
169 190
170 191
171 192 %L
172 193
173 194 The server NetBIOS name.
174 195
175 196
176 197 %m
177 198
178 199 The client NetBIOS name, or "" if not available. This option is
179 200 only valid for NetBIOS connections (port 139).
180 201
181 202
182 203 %I
183 204
184 205 The IP address of the client machine.
185 206
186 207
187 208 %i
188 209
189 210 The local IP address to which the client is connected.
190 211
191 212
192 213 %S
193 214
194 215 The name of the share.
195 216
196 217
197 218 %P
198 219
199 220 The root directory of the share.
200 221
201 222
202 223 %u
203 224
204 225 The UID of the Unix user.
205 226
206 227
207 228
208 229 max_protocol
209 230
210 231 Specifies the maximum SMB protocol level that the SMB service
211 232 should allow clients to negotiate. The default value is 2.1.
212 233 Valid settings include: 1, 2.1, 3.0
213 234
214 235
215 236 min_protocol
216 237
217 238 Specifies the minimum SMB protocol level that the SMB service
218 239 should allow clients to negotiate. The default value is 1. Valid
219 240 settings include: 1, 2.1, 3.0
220 241
221 242
222 243 max_workers
223 244
224 245 Specifies the maximum number of worker threads that will be
225 246 launched to process incoming CIFS requests. The SMB max_mpx value,
226 247 which indicates to a client the maximum number of outstanding SMB
227 248 requests that it may have pending on the server, is derived from
228 249 the max_workers value. To ensure compatibility with older versions
229 250 of Windows the lower 8-bits of max_mpx must not be zero. If the
230 251 lower byte of max_workers is zero, 64 is added to the value. Thus
231 252 the minimum value is 64 and the default value, which appears in
232 253 sharectl(1M) as 1024, is 1088.
233 254
234 255
235 256 netbios_scope
236 257
237 258 Specifies the NetBIOS scope identifier, which identifies logical
238 259 NetBIOS networks that are on the same physical network. When you
239 260 specify a NetBIOS scope identifier, the server filters the number
240 261 of machines that are listed in the browser display to make it
241 262 easier to find other hosts. The value is a text string that
242 263 represents a domain name. By default, no value is set.
243 264
244 265
245 266 oplock_enable
246 267
247 268 Controls whether "oplocks" may be granted by the SMB server. The
248 269 term "oplock" is short for "opportunistic lock", which is the
249 270 legacy name for cache delegations in SMB. By default, oplocks are
250 271 enabled. Note that if oplocks are disabled, file I/O perfrormance
251 272 may be severely reduced.
252 273
253 274
254 275 pdc
255 276
256 277 Specifies the preferred IP address for the domain controller. This
257 278 property is sometimes used when there are multiple domain
258 279 controllers to indicate which one is preferred. If the specified
259 280 domain controller responds, it is chosen even if the other domain
260 281 controllers are also available. By default, no value is set.
261 282
262 283
263 284 restrict_anonymous
264 285
265 286 Disables anonymous access to IPC$, which requires that the client
266 287 be authenticated to get access to MSRPC services through IPC$. A
267 288 value of true disables anonymous access to IPC$, while a value of
268 289 false enables anonymous access.
269 290
270 291
271 292 signing_enabled
272 293
273 294 Enables SMB signing. When signing is enabled but not required it is
274 295 possible for clients to connect regardless of whether or not the
275 296 client supports SMB signing. If a packet has been signed, the
276 297 signature will be verified. If a packet has not been signed it will
277 298 be accepted without signature verification. Valid values are true
278 299 and false. The default value is false.
279 300
280 301
281 302 signing_required
282 303
283 304 When SMB signing is required, all packets must be signed or they
284 305 will be rejected, and clients that do not support signing will be
285 306 unable to connect to the server. The signing_required setting is
286 307 only taken into account when signing_enabled is true. Valid values
287 308 are true and false. The default value is false.
288 309
289 310
290 311 system_comment
291 312
292 313 Specifies an optional description for the system, which is a text
293 314 string. This property value might appear in various places, such as
294 315 Network Neighborhood or Network Places on Windows clients. By
295 316 default, no value is set.
296 317
297 318
298 319 traverse_mounts
299 320
300 321 The traverse_mounts setting determines how the SMB server presents
301 322 sub-mounts underneath an SMB share. When traverse_mounts is true
302 323 (the default), sub-mounts are presented to SMB clients like any
303 324 other subdirectory. When traverse_mounts is false, sub-mounts are
304 325 not shown to SMB clients.
305 326
306 327
307 328 unmap
308 329
309 330 The value is a command to be executed when disconnecting the share.
310 331 The command can take the same substitutions listed on the map
311 332 property.
312 333
313 334
314 335 wins_exclude
315 336
316 337 Specifies a comma-separated list of network interfaces that should
317 338 not be registered with WINS. NetBIOS host announcements are made on
318 339 excluded interfaces.
319 340
320 341
321 342 wins_server_1
322 343
323 344 Specifies the IP address of the primary WINS server. By default, no
324 345 value is set.
325 346
326 347
327 348 wins_server_2
328 349
329 350 Specifies the IP address of the secondary WINS server. By default,
330 351 no value is set.
331 352
332 353
333 354 ATTRIBUTES
334 355 See the attributes(5) man page for descriptions of the following
335 356 attributes:
336 357
337 358
338 359
339 360
340 361 +--------------------+-----------------+
341 362 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
342 363 +--------------------+-----------------+
343 364 |Interface Stability | Uncommitted |
344 365 +--------------------+-----------------+
345 366
346 367 SEE ALSO
347 368 sharectl(1M), smbadm(1M), smbd(1M), smbstat(1M), attributes(5), smf(5)
348 369
349 370
350 371
351 372 April 23, 2015 SMB(4)
|
↓ open down ↓ |
248 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX