[OpenIndiana-discuss] CIFS server on oi_148

Martin Frost me at cs.Stanford.EDU
Wed Jan 18 03:45:37 UTC 2012 

Ah, that's interesting, though it means I would have to log into each
share from Windows.  I'm the administrator and not a Windows user
(Linux, Mac, OI user).

Really no one uses an smb.conf file?

Martin


 > Date: Tue, 17 Jan 2012 22:21:32 -0500
 > From: Gordon Ross <gordon.w.ross at gmail.com>
 > 
 > If you're logged in with appropriate privileges (i.e. root or some
 > account that's a member of the Administrators group) then
 > you can right click on the share in Windows and edit the
 > share connect security settings.
 > 
 > On Mon, Jan 9, 2012 at 4:22 PM, Martin Frost <me at cs.stanford.edu> wrote:
 > > What about restricting who can login to a given share?  I have that
 > > capabiity under Samba on Linux, as demonstrated below in the smb.conf
 > > snippet.
 > >
 > > Is anyone use CIFS/OI with an smb.conf file?
 > >
 > > Martin
 > >
 > >  > Date: Tue, 3 Jan 2012 23:39:05 +0100
 > >  > From: Robin Axelsson <gu99roax at student.chalmers.se>
 > >  >
 > >  > I guess you have two ways to control user access to different
 > >  > shares, one is the Unix style and the other is through
 > >  > ACLs. From my experience the kernel-CIFS server has sometimes
 > >  > ignored the Unix/Posix permission bits that I set. For example
 > >  > even if I say "chmod 444" a file I can still delete the file
 > >  > over the network, I don't remember the specifics now but some
 > >  > things worked whereas other did not. But I think you can have
 > >  > different shares for different users by chowning the different
 > >  > file systems to different users.
 > >  >
 > >  > Then I started working with the ACL based permission bits and
 > >  > I was more successful with that (I never did anything serious
 > >  > with it, I just tried it out and saw that it works). To work
 > >  > with ACLs you need to use the /bin/ls, /bin/chmod etc and look
 > >  > at the man pages specifically for '/bin/ls' for more
 > >  > information on ACLs. My guess is that access control using
 > >  > ACLs is what you are looking for and it is a bit different
 > >  > from the way you administrate samba configurations, at least
 > >  > so I heard as I've never configured a samba server for
 > >  > outbound file sharing.
 > >  >
 > >  > Managing ACLs on Solaris/OpenSolaris have been reportedly a
 > >  > difficult thing to do and get around but maybe things have
 > >  > become easier in the development process of OpenIndiana. After
 > >  > all it has been quite a while since I looked into ACLs on
 > >  > OpenSolaris.
 > >  >
 > >  > NFS is beyond my knowledge but I assume that NFS is Linux/Unix
 > >  > only. As far as I know there is no support for NFS sharing (or
 > >  > client access thereto) on Windows systems. I know that there
 > >  > used to be a Unix for Windows package somewhere that Microsoft
 > >  > published (SFU3.5) but I think it is only for old 32-bit
 > >  > operating systems.
 > >  >
 > >  > Robin.
 > >  >
 > >  > On 2011-12-27 08:20, Martin Frost wrote:
 > >  > > We have Windows machines that need to access ZFS filesystems
 > >  > > under oi_148 that are also exported via NFS to Linux
 > >  > > machines.
 > >  > >
 > >  > > I need to be able to specify which filesystems each Windows
 > >  > > user can see.  Below is a sample of what I do on a Linux
 > >  > > system to restrict Samba access for a given share to certain
 > >  > > users.  Can this be done under OI/CIFS?
 > >  > >
 > >  > >      [fin]
 > >  > >         comment = Fin
 > >  > >         path = /home/fin
 > >  > >         valid users = fin,user1,user2,user3
 > >  > >         create mask = 0770
 > >  > >         directory mask = 0770
 > >  > >         force group = fin
 > >  > >
 > >  > > I'm hoping to use the in-kernel CIFS server, as I assume it
 > >  > > provides better performance, but I'm not clear about the
 > >  > > configuration differences between the Samba server and the
 > >  > > in-kernel CIFS server under OI.
 > >  > >
 > >  > > I ran:
 > >  > >
 > >  > >     zfs create -o casesensitivity=mixed -o nbmand=on thepool/test1
 > >  > >     zfs set sharenfs='rw=remotehostfqdn,root=remotehostfqdn thepool/test1
 > >  > >     zfs set sharesmb=on thepool/test1
 > >  > >
 > >  > > and that made the test1 filesystem mountable via
 > >  > > 'smb:/server/thepool' from Finder on a Mac (so I assume it
 > >  > > will work from Windows too).
 > >  > >
 > >  > > I noticed that the first time I set sharesmb on,
 > >  > > /usr/lib/smbsrv/smbd got started up.  Is this the non-kernel
 > >  > > Samba server??
 > >  > >
 > >  > > There is no smb.conf file.  There is a
 > >  > > /etc/samba/smb.conf-example, but nothing like smb.conf shows
 > >  > > up in 'strings /usr/lib/smbsrv/smbd'.  And 'man smbd'
 > >  > > doesn't mention any configuration file.  I do see a man page
 > >  > > for smb.conf' -- can I use an smb.conf file with the
 > >  > > in-kernel CIFS server?  If so, would it live in /etc/samba?
 > >  > >
 > >  > >
 > >  > > I've added this to /etc/pam.conf so that users get Samba
 > >  > > passwords:
 > >  > >
 > >  > >    other password required pam_smb_passwd.so.1 nowarn
 > >  > >
 > >  > > Since the OI machine is only a fileserver, I don't want the
 > >  > > users to ssh into the machine, so unless there's a better
 > >  > > way, I plan to lock the Samba users' passwords in
 > >  > > /etc/shadow.
 > >  > >
 > >  > > Thanks for your help.
 > >  > >
 > >  > > Martin
 > >
 > > _______________________________________________
 > > OpenIndiana-discuss mailing list
 > > OpenIndiana-discuss at openindiana.org
 > > http://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the OpenIndiana-discuss mailing list