Tuesday, November 18, 2008

Enabling CIFS (SMB) on OpenSolaris

Updated: Aug 16, 2009
For snv_111b, it seems SUNWsmba is needed again. Instructions updated.

Updated: Jan 14, 2009
There are posts out there that advise the install of SUNWsmba, but so far my experience shows it is not necessary, and could add to unnecessary hassles. My new setup is with OpenSolaris snv_101b and M$ Vista with SP1. All the following steps are still valid.


---------------------

I thought enabling SMB on OpenSolaris should be straight forward and just like a stroll in the park, I was dead wrong.

It was partly my own fault, because I used to associate OpenSolaris with Unix, and in turn that means stability and no reboot required. According to my dictionary, rebooting to make changes to take effect is sissy, and is only for Windows. My (biased) assumption costed me a few hours of debugging.

Note: Recently even Linux distros like Ubuntu also need reboots after upgrade. Duh!

Before I start, here are my environment settings and assumptions:

  1. One OpenSolaris machine with snv_100a (NEW: verified and working under snv_111b also)
  2. One Windows XP Pro with SP3 in the default workgroup (Vista Home Premium will work, too)
  3. Both machines are on the same subnet
  4. NEW: Due to my machines are at home, security is not my main concern. If your set up is exposed to public or/and hostile environment, please think twice for the smb settings.

My goal is to have OpenSolaris to host a Windows-accessible directory.

Here are the steps that work for me:

  • First assume root privilege and install the smb packages


# pkg install SUNWsmbskr
# pkg install SUNWsmbs
# pkg install SUNWsmba


  • Reboot your machine. No, I am not kidding, this was where I tripped. Without rebooting, smbd won't start and "smb/server" will be in maintenance mode. Some people suggest running "rem_drv smbsrv" and then do "add_drv smbsrv". That didn't work for me.
  • Import the Solaris CIFS service SMF manifest.
  • # svccfg import /var/svc/manifest/network/smb/server.xml

  • Start the CIF service. You may see an error message emitted by "milestone/network", complaining on multiple instances of "network/physical". From my understanding this can be safely ignored.
  • # svcadm enable -r smb/server

  • Update the "/etc/pam.conf" file by adding the following line to it

  • other password required pam_smb_passwd.so.1 nowarn


  • Next you need to reset the password of the username who will access the SMB service. In order to do that, you need to run the passwd and you can use back the same password, the goal of this is so that the line we entered in pam.conf will be processed

  • # passwd username

  • Import the SMB manifest
    #svccfg import /var/svc/manifest/network/samba.xml

  • Copy the example configuration file over
    #cp /etc/sfw/smb.conf-example /etc/sfw/smb.conf


  • Edit the smb.conf and list the directories you wish to be exported. Since the authentication is troublesome to set, I have the following lines in my smb.conf. The hosts allow provides a very weak form of security and should not be used for untrusted networks. The 'share' mode for security disables the authentication (default is 'security = user')

    security = share
    hosts allow = [IP of Windows machine]

  • After this you can proceed with creating the zfs dataset and enable the SMB either through sharemgr or 'zfs set sharesmb=on'. There are ample references on these operations, I will just skip the details here.

3 comments:

Jimmy L. said...

I heard of Technology Convergence all too often but nobody ever mentions about Frustration Convergence -- there's always a lower bound in frustration in completing similar tasks!

The Soothsayer said...

The only time I needed to reboot after upgrading was if the kernel or some kernel modules were changed.

Configuring some of these things can be a chore. I found I couldn't be arsed after 5 minutes of looking through the huge SMB config file and decided to just forget it.

Cuppa Chai said...

F.Stream: In fact, any entity that can lower the frustration bound is in a position to get rich. Take a look how Apple has done to general computing. I will argue it is still not perfect, but so far it is arguably the best in user-friendliness and usability.

S.Sayer: It is not too bad under Linux. My experience under Ubuntu is much more pleasant than those of OpenSolaris. The smb config file no doubt is long, but note most of it are comments. Just scroll until you see code, copy and paste, and modify accordingly. If your windoze configuration isn't complicated it should be fast.