1 SMB(4) File Formats and Configurations SMB(4) 2 3 4 5 NAME 6 smb - configuration properties for Solaris CIFS server 7 8 DESCRIPTION 9 Behavior of the Solaris CIFS server is defined by property values that 10 are stored in the Service Management Facility, smf(5). 11 12 13 An authorized user can use the sharectl(1M) command to set global 14 values for these properties in SMF. 15 16 17 The following list describes the properties: 18 19 ads_site 20 21 Specifies the site configured in DNS to look up Active Directory 22 information. Sites provide a mechanism to partition or delegate 23 administration and policy management, which are typically used in 24 large or complex domains. 25 26 The value should not be set if you do not have a local Active 27 Directory site. By default, no value is set. 28 29 30 autohome_map 31 32 Specifies the full path for the SMD autohome map file, smbautohome. 33 The default path is /etc. 34 35 36 bypass_traverse_checking 37 38 When set, allows the SMB server to bypass ACL "traverse" checks. 39 The default value is true, for Windows compatibility. If this 40 parameter is false, ACL checks require that "traverse" (directory 41 execute) is granted on every directory above the directory the SMB 42 client tries to access. Windows shares are normally setup with the 43 higher level directories not specifically granting such access. 44 45 46 disposition 47 48 A value that controls whether to disconnect the share or proceed if 49 the map command fails. The disposition property only has meaning 50 when the map property has been set. Otherwise it will have no 51 effect. 52 53 disposition = [ continue | terminate ] 54 55 56 57 continue 58 59 Proceed with share connection if the map command fails. This is 60 the default in the event that disposition is not specified. 61 62 63 terminate 64 65 Disconnect the share if the map command fails. 66 67 68 69 ddns_enable 70 71 Enables or disables dynamic DNS updates. A value of true enables 72 dynamic updates, while a value of false disables dynamic updates. 73 By default, the value is false. 74 75 76 encrypt 77 78 Controls SMB3 Encryption. For requests on a particular share, the 79 server's behavior is controlled by the stricter of this option and 80 the per-share "encrypt" option. 81 82 When set to disabled, the server will not ask clients to encrypt 83 requests. When set to enabled, the server will ask clients to 84 encrypt requests, but will not require that they do so. Any message 85 that can be encrypted will be encrypted. When set to required, the 86 server will deny access to or disconnect any client that does not 87 support encryption or fails to encrypt requests that they should. 88 89 In other words, the enabled behavior is that any message that CAN 90 be encrypted SHOULD be encrypted, while the required behavior is 91 that any message that CAN be encrypted MUST be encrypted. 92 93 94 ipv6_enable 95 96 Enables IPv6 Internet protocol support within the CIFS Service. 97 Valid values are true and false. The default value is false. 98 99 100 keep_alive 101 102 Specifies the number of seconds before an idle SMB connection is 103 dropped by the Solaris CIFS server. If set to 0, idle connections 104 are not dropped. Valid values are 0 and from 20 seconds and above. 105 The default value is 0. 106 107 108 lmauth_level 109 110 Specifies the LAN Manager (LM) authentication level. The LM 111 compatibility level controls the type of user authentication to use 112 in workgroup mode or domain mode. The default value is 3. 113 114 The following describes the behavior at each level. 115 116 2 117 In Windows workgroup mode, the Solaris CIFS server 118 accepts LM, NTLM, LMv2, and NTLMv2 requests. In domain 119 mode, the SMB redirector on the Solaris CIFS server 120 sends NTLM requests. 121 122 123 3 124 In Windows workgroup mode, the Solaris CIFS server 125 accepts LM, NTLM, LMv2, and NTLMv2 requests. In domain 126 mode, the SMB redirector on the Solaris CIFS server 127 sends LMv2 and NTLMv2 requests. 128 129 130 4 131 In Windows workgroup mode, the Solaris CIFS server 132 accepts NTLM, LMv2, and NTLMv2 requests. In domain 133 mode, the SMB redirector on the Solaris CIFS server 134 sends LMv2 and NTLMv2 requests. 135 136 137 5 138 In Windows workgroup mode, the Solaris CIFS server 139 accepts LMv2 and NTLMv2 requests. In domain mode, the 140 SMB redirector on the Solaris CIFS server sends LMv2 141 and NTLMv2 requests. 142 143 144 145 map 146 147 The value is a command to be executed when connecting to the share. 148 The command can take the following arguments, which will be 149 substituted when the command is exec'd as described below: 150 151 %U 152 153 Windows username. 154 155 156 %D 157 158 Name of the domain or workgroup of %U. 159 160 161 %h 162 163 The server hostname. 164 165 166 %M 167 168 The client hostname, or "" if not available. 169 170 171 %L 172 173 The server NetBIOS name. 174 175 176 %m 177 178 The client NetBIOS name, or "" if not available. This option is 179 only valid for NetBIOS connections (port 139). 180 181 182 %I 183 184 The IP address of the client machine. 185 186 187 %i 188 189 The local IP address to which the client is connected. 190 191 192 %S 193 194 The name of the share. 195 196 197 %P 198 199 The root directory of the share. 200 201 202 %u 203 204 The UID of the Unix user. 205 206 207 208 max_protocol 209 210 Specifies the maximum SMB protocol level that the SMB service 211 should allow clients to negotiate. The default value is 2.1. 212 Valid settings include: 1, 2.1, 3.0 213 214 215 min_protocol 216 217 Specifies the minimum SMB protocol level that the SMB service 218 should allow clients to negotiate. The default value is 1. Valid 219 settings include: 1, 2.1, 3.0 220 221 222 max_workers 223 224 Specifies the maximum number of worker threads that will be 225 launched to process incoming CIFS requests. The SMB max_mpx value, 226 which indicates to a client the maximum number of outstanding SMB 227 requests that it may have pending on the server, is derived from 228 the max_workers value. To ensure compatibility with older versions 229 of Windows the lower 8-bits of max_mpx must not be zero. If the 230 lower byte of max_workers is zero, 64 is added to the value. Thus 231 the minimum value is 64 and the default value, which appears in 232 sharectl(1M) as 1024, is 1088. 233 234 235 netbios_scope 236 237 Specifies the NetBIOS scope identifier, which identifies logical 238 NetBIOS networks that are on the same physical network. When you 239 specify a NetBIOS scope identifier, the server filters the number 240 of machines that are listed in the browser display to make it 241 easier to find other hosts. The value is a text string that 242 represents a domain name. By default, no value is set. 243 244 245 oplock_enable 246 247 Controls whether "oplocks" may be granted by the SMB server. The 248 term "oplock" is short for "opportunistic lock", which is the 249 legacy name for cache delegations in SMB. By default, oplocks are 250 enabled. Note that if oplocks are disabled, file I/O performance 251 may be severely reduced. 252 253 254 pdc 255 256 Specifies the preferred IP address for the domain controller. This 257 property is sometimes used when there are multiple domain 258 controllers to indicate which one is preferred. If the specified 259 domain controller responds, it is chosen even if the other domain 260 controllers are also available. By default, no value is set. 261 262 263 restrict_anonymous 264 265 Disables anonymous access to IPC$, which requires that the client 266 be authenticated to get access to MSRPC services through IPC$. A 267 value of true disables anonymous access to IPC$, while a value of 268 false enables anonymous access. 269 270 271 signing_enabled 272 273 Enables SMB signing. When signing is enabled but not required it is 274 possible for clients to connect regardless of whether or not the 275 client supports SMB signing. If a packet has been signed, the 276 signature will be verified. If a packet has not been signed it will 277 be accepted without signature verification. Valid values are true 278 and false. The default value is false. 279 280 281 signing_required 282 283 When SMB signing is required, all packets must be signed or they 284 will be rejected, and clients that do not support signing will be 285 unable to connect to the server. The signing_required setting is 286 only taken into account when signing_enabled is true. Valid values 287 are true and false. The default value is false. 288 289 290 system_comment 291 292 Specifies an optional description for the system, which is a text 293 string. This property value might appear in various places, such as 294 Network Neighborhood or Network Places on Windows clients. By 295 default, no value is set. 296 297 298 traverse_mounts 299 300 The traverse_mounts setting determines how the SMB server presents 301 sub-mounts underneath an SMB share. When traverse_mounts is true 302 (the default), sub-mounts are presented to SMB clients like any 303 other subdirectory. When traverse_mounts is false, sub-mounts are 304 not shown to SMB clients. 305 306 307 unmap 308 309 The value is a command to be executed when disconnecting the share. 310 The command can take the same substitutions listed on the map 311 property. 312 313 314 wins_exclude 315 316 Specifies a comma-separated list of network interfaces that should 317 not be registered with WINS. NetBIOS host announcements are made on 318 excluded interfaces. 319 320 321 wins_server_1 322 323 Specifies the IP address of the primary WINS server. By default, no 324 value is set. 325 326 327 wins_server_2 328 329 Specifies the IP address of the secondary WINS server. By default, 330 no value is set. 331 332 333 ATTRIBUTES 334 See the attributes(5) man page for descriptions of the following 335 attributes: 336 337 338 339 340 +--------------------+-----------------+ 341 | ATTRIBUTE TYPE | ATTRIBUTE VALUE | 342 +--------------------+-----------------+ 343 |Interface Stability | Uncommitted | 344 +--------------------+-----------------+ 345 346 SEE ALSO 347 sharectl(1M), smbadm(1M), smbd(1M), smbstat(1M), attributes(5), smf(5) 348 349 350 351 May 16, 2020 SMB(4)