Forum Stats

  • 3,826,625 Users
  • 2,260,682 Discussions
  • 7,897,041 Comments

Discussions

Part 7 - Configuring ZFS SMB Sharing in Oracle Solaris 11

RickRamsey-Oracle
RickRamsey-Oracle Member Posts: 32
edited Mar 26, 2015 12:49PM in Solaris 11

by  @Alexandre Borges<em><img align="middle" alt="ace-icon.gif" class="image-4 jive-image" src="https://community.oracle.com/servlet/JiveServlet/downloadImage/15198/ace-icon.gif" data-mce-src="/servlet/JiveServlet/downloadImage/15198/ace-icon.gif"></em>

Part 7 of a series that describes the key features of ZFS in Oracle Solaris 11.1 and provides step-by-step procedures explaining how to use them. This article focuses on sharing ZFS file systems using the SMB protocol. The first 6 parts were published in the old OTN web page.



Published December 2014



Introduction


Oracle Solaris 11 allows us to share a ZFS file system using the Server Message Block (SMB) protocol that was originally created by Microsoft. The procedure for sharing files using SMB is similar to sharing files using NFS and, honestly, it's so easy.

Here the fun begins.

First, we must install the SMB service on the system, if necessary. This service is installed when you install Oracle Solaris 11.1.

[email protected]:~# pkg install service/file-system/smb

Next, create a file system with the share.smb, the SMB protocol mandatory locking (nbmand), and the cache client (csc) properties enabled:

[email protected]:~# zfs create -o share.smb=on -o nbmand=on -o share.smb.csc=auto rpool/smb_example_1

The second file system will be created with almost the same configuration, but we will also accept guest clients by including the guestok property:

[email protected]:~# zfs create -o share.smb=on -o nbmand=on -o share.smb.csc=auto \
-o share.smb.guestok=on rpool/smb_example_2

Then, check whether the sharesmb property is configured:

[email protected]:~#  zfs get sharesmb rpool/smb_example_1
NAME                             PROPERTY  VALUE  SOURCE rpool/smb_example_1   share.smb     on         local [email protected]:~#  zfs get sharesmb rpool/smb_example_2
NAME                            PROPERTY   VALUE  SOURCE rpool/smb_example_2  share.smb      on         local

It's likely that the SMB server is not configured. Thus, this task must be done:

[email protected]:~# svcadm enable -r smb/server
[email protected]:~# svcs -a | grep smb
online         20:58:45 svc:/network/smb:default online         20:08:26 svc:/network/smb/client:default online         20:08:27 svc:/network/smb/server:default

After the SMB shares are configured, we can verify that the shares are offered by our system:

[email protected]:~# zfs get share
NAME                            PROPERTY  VALUE  SOURCE rpool/smb_example_1  share             name=smb_example_1,path=/rpool/smb_example_1,prot= smb,csc=auto  local rpool/smb_example_2  share             name=smb_example_2,path=/rpool/smb_example_2,prot= smb,csc=auto,guestok=true  local [email protected]:~# cat /etc/dfs/sharetab
/var/smb/cvol   c$      smb   -   Default Share -                       IPC$   smb   -   Remote IPC /rpool/smb_example_1   smb_example_1   smb   csc=auto /rpool/smb_example_2   smb_example_2   smb   guestok,csc=auto [email protected]:~# share
IPC$                          smb   -   Remote IPC c$   /var/smb/cvol     smb   -   Default Share smb_example_2       /rpool/smb_example_2  smb   csc=auto,guestok=true smb_example_1       /rpool/smb_example_1  smb   csc=auto    

There's an interesting way to learn about the ACL information for a share such as smb_example_1:

[email protected]:/ cd /rpool/smb_example_1/.zfs/shares
[email protected]:/rpool/smb_example_1/.zfs/shares# ls -lv
total 1 -rwxrwxrwx+  1 root     root           0 Dec  5 15:58 smb_example_1      0:[email protected]:read_data/write_data/append_data/read_xattr/write_xattr          /execute/delete_child/read_attributes/write_attributes/delete          /read_acl/write_acl/write_owner/synchronize:allow

Now, we will create a new user (with a password) and enable the new user to use the SMB share service:

[email protected]:~# useradd borges
[email protected]:~# passwd borges
New Password: Re-enter new Password: passwd: password successfully changed for borges [email protected]:~# smbadm enable-user borges
borges is enabled. [email protected]:~# smbadm lookup-user borges
borges: S-1-5-21-3351362105-248310137-3301682468-1102

SMB authentication can be enabled by inserting a new line at the end of the /etc/pam.d/other configuration file:

password required    pam_smb_passwd.so.1    nowarn

[email protected]:~# more /etc/pam.d/other
# # Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. # # PAM configuration # # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authentication # auth definitive      pam_user_policy.so.1 auth requisite       pam_authtok_get.so.1 auth required        pam_dhkeys.so.1 auth required        pam_unix_auth.so.1 auth required        pam_unix_cred.so.1 # # Default definition for Account management # Used when service name is not explicitly mentioned for account management # pam_tsol_account(5) returns PAM_IGNORE if the system is not configured # with Trusted Extensions (TX) enabled.  In TX environments some PAM services # run in the Trusted Path where pam_tsol_account(5) isn't applicable so in # those cases, like gdm(1m) or xscreensaver(1), PAM stacks are delivered # in /etc/pam.d which exclude pam_tsol_account(5).  pam_tsol_account(5) does # need to run in the Trusted Path for ensuring remote hosts connecting to the # global zone have a CIPSO host type. # account requisite     pam_roles.so.1 account definitive    pam_user_policy.so.1 account required      pam_unix_account.so.1 account required      pam_tsol_account.so.1 # # Default definition for Session management # Used when service name is not explicitly mentioned for session management # session definitive    pam_user_policy.so.1 session required      pam_unix_session.so.1 # # Default definition for Password management # Used when service name is not explicitly mentioned for password management # password definitive   pam_user_policy.so.1 # Password construction requirements apply to all users. # Edit /usr/lib/security/pam_authtok_common and remove force_check # to have the traditional authorized administrator bypass of construction # requirements. password include      pam_authtok_common password required     pam_authtok_store.so.1 password required     pam_smb_passwd.so.1     nowarn

Done. Now, confirm that everything is working. On the second machine (solaris11-2), look up the first machine:

[email protected]:/mnt# smbadm lookup-server //solaris11-1
Workgroup: WORKGROUP Server: SOLARIS11-1 IP address: 192.168.1.103

And then we can verify which shares are available:

[email protected]:/mnt# smbadm show-shares -u borges solaris11-1
Enter password: c$                    Default Share IPC$                Remote IPC smb_example_1       smb_example_2       4 shares (total=4, read=4)

Mount the first ZFS share (smb_example_1) from machine solaris11-1 onto machine solaris11-2:

[email protected]:~# mount -o user=borges -F smbfs //solaris11-1/smb_example_1 /mnt
[email protected]:~# df -h /mnt
Filesystem    Size   Used  Available Capacity  Mounted on //solaris11-1/smb_example_1                              40G    63M        40G     1%    /mnt [email protected]:~# cd /mnt
[email protected]:/mnt# ls -al
total 7414 drwxr-x---+  1 2147483649 2147483650     512 Dec  5 16:35 . drwxr-xr-x  31 root               staff                   33 Dec  5 13:43 .. drwxr-x---+  1 2147483649 2147483650     512 Dec  5 16:35 john-1.7.9-jumbo-7-Solaris-x86-64 -rwxr-----+   1 2147483649 2147483650 3563461 Dec  5 16:35 john-1.7.9-jumbo-7-Solaris-x86-64-1.tar.gz drwxr-x---+  1 2147483649 2147483650     512 Dec  5 16:35 john_the_ripper drwxr-x---+  1 2147483649 2147483650     512 Dec  5 16:35 mhvtl-1.4 -rwxr-----+   1 2147483649 2147483650  230896 Dec  5 16:35 mhvtl-2013-10-20.tgz

Now, instead of mounting the second SMB share (smb_example_2) onto solaris11-2 using the Oracle Solaris 11.1 command line, let's accomplish this task using Microsoft Windows.

For example, if you are running Microsoft Windows 7, you can search for ZFS shares by clicking the Windows Start icon and typing \\192.168.1.103 into the search box, as shown in Figure 1:

f1.gif

Figure 1. Searching for ZFS shares


As soon as you press Enter, all shares provided by machine solaris11-1 are shown. See Figure 2.

f2.gif

Figure 2. Currently available ZFS shares


Double-click the smb_example_2 folder to see the content of the smb_example_2 share:

f3.gif

Figure 3. Content of smb_example_2 ZFS share


It worked! And, in case you didn't notice, no password was required because of the guestok=true setting that we configured for this second SMB share. If we had used the same procedure we used with the first SMB share (smb_example_1), we would have been asked for the username (Workgroup\borges) and the user's password.

Finally, unsharing is done by executing the following:

[email protected]:~# zfs share.smb=off rpool/smb_example_1
[email protected]:~# share
IPC$      smb        -             Remote     IPC c$         /var/smb/cvol   smb   -   Default Share smb_example_2   /rpool/smb_example_2   smb   csc=auto,guestok=true [email protected]:~# zfs get share
NAME                        PROPERTY  VALUE  SOURCE rpool/smb_example_2   share     name=smb_example_2,path=/rpool/smb_example_2,prot=smb,csc= auto,guestok=true  local

See Also

Here are some links to other things I've written:

And here are some Oracle Solaris 11 resources:

About the Author

@Alexandre Borges is an Oracle ACE in Solaris and has been teaching courses on Oracle Solaris since 2001. He worked as an employee and a contracted instructor at Sun Microsystems, Inc. until 2010, teaching hundreds of courses on Oracle Solaris (such as Administration, Networking, DTrace, and ZFS), Oracle Solaris Performance Analysis, Oracle Solaris Security, Oracle Cluster Server, Oracle/Sun hardware, Java Enterprise System, MySQL Administration, MySQL Developer, MySQL Cluster, and MySQL tuning. He was awarded the title of Instructor of the Year twice for his performance teaching Sun Microsystems courses. Since 2009, he has been imparting training at Symantec Corporation (NetBackup, Symantec Cluster Server, Storage Foundation, and Backup Exec) and EC-Council [Certified Ethical Hacking (CEH)]. In addition, he has been working as a freelance instructor for Oracle education partners since 2010. In 2014, he became an instructor for Hitachi Data Systems (HDS) and Brocade.


Currently, he also teaches courses on Reverse Engineering, Windows Debugging, Memory Forensic Analysis, Assembly, Digital Forensic Analysis, and Malware Analysis. Alexandre is also an (ISC)2 CISSP instructor and has been writing articles on the Oracle Technical Network (OTN) on a regular basis since 2013.

Revision 1.1, 12/16/2014

Follow us:
Blog | Facebook | Twitter | YouTube

Comments