Managing CIFS Mounts in Your Local Environment (Task Map)
The following table points to the tasks that a regular user can
perform to manage CIFS mounts.
How to Find Available Shares on a Known File Server
- Determine the server that you want to query about available shares.
If you are not familiar with the CIFS file servers available in
your domain, contact your system administrator. You might be able to use
Network Neighborhood on Windows systems or the Sun JavaTM Desktop System file
browser to browse for available CIFS shares.
- List the available CIFS shares on a server.
$ smbutil view [-A | -U user] //[domain;][user[:password]@]server
//[domain;][user[:password]@]server is a resource name. user is the user name with which
you connect to the CIFS server, server. You can optionally specify the
domain name and the password of the user that you specified on
the command line.
The -A option enables you to view shares anonymously, and you are
not prompted for a password. The -U user option indicates the user
with which to authenticate on the specified server.
- When prompted, enter the password for the user that you specified on
the CIFS server.
If you specified the -A option to view shares anonymously, you are
not prompted for a password.
If you did not specify a user, enter the password associated with
your user name.
- View the list of available CIFS shares.
The smbutil view output shows the name of the share, its type, and
an optional text description of the share.
Most shares have a type of disk because the shares are files
and directories. The other share types are as follows:
IPC – Represents an interprocess communication (IPC) device, such as a pipe or a mailslot
printer – Represents a printer queue
device – Represents a communications device
For example, the following command shows how to view the shares on
the solarsystem server:
$ smbutil view //cal@solarsystem
Password:
Share Type Comment
-------------------------------
netlogon disk Network Logon Service
ipc$ IPC IPC Service (Samba Server)
tmp disk Temporary file space
public disk Public Stuff
ethereal disk
root disk Home Directories
6 shares listed from 6 available
Note - The Solaris CIFS client does not support device shares.
The following command enables you to anonymously view the shares on the
solarsystem server:
$ smbutil view -A //solarsystem
How to Mount a Share on a Directory You Own
Note - If you own the directory on which you want to mount a
share, you can perform the mount operation yourself. If you do not
own the directory, you must perform the mount operation as the owner
of the directory or as superuser.
- Find the share that you want to mount from a server.
$ smbutil view //server
- Enter your password at the prompt.
- Perform the mount on your directory.
$ mount -F smbfs //[workgroup;][user[:password]@]server/share mount-point
For example, to mount the /tmp share from the solarsystem server on
the /mnt mount point, type:
$ mount -F smbfs //solarsystem/tmp /mnt
How to View the List of Mounted CIFS Shares
This procedure shows how to list all of the CIFS shares that
are mounted on your system. The resulting list includes your mounts, other
users' mounts, and multiuser mounts created by the system administrator.
How to Unmount a Share From a Directory You Own
To successfully unmount a share, you must own the mount point on
which the share is mounted.
- Determine the mount point of the share that you want to unmount.
Use one of the following commands to find shares that are mounted
from a CIFS server:
- Use the mount command.
$ mount -v | grep 'type smbfs'
//root@solarsystem/tmp on /mnt type smbfs read/write/setuid/devices/dev=5080000
on Tue Feb 12 11:40:18 2008
//root@solarsystem/files on /files type smbfs read/write/setuid/devices/dev=4800000
on Mon Feb 11 22:17:56 2008
- Use the df -k -F smbfs command.
$ df -k -F smbfs
//root@solarsystem/tmp 1871312 70864 1800448 4% /mnt
//root@solarsystem/files 8067749 8017 7979055 1% /files
- Unmount the share by specifying the name of the mount point, /mnt
or /files in the previous step.
For example:
$ umount /mnt
How to Store a Persistent Password
Interactions with a CIFS file server require authentication. For instance, when you
view the shares available on a server or you try to mount
a share on your system, the transaction is authenticated.
Note - A persistent password is not needed when Kerberos is configured on the
client and server and you have a Kerberos ticket-granting ticket (TGT). In
such configurations, you can view and mount shares without specifying a password.
You can supply the password each time that you make a connection
to the server, or you can store a persistent password to be automatically
used for these transactions.
Note - You can store a persistent password for each user on the CIFS
server that you use to access shares.
The password you store persists until any of the following occur:
The CIFS client is rebooted.
The smbutil logout command is run for the user.
The smbutil logoutall command is run by superuser.
- Store the persistent password for the CIFS server.
$ smbutil login user
Password:
The following command stores the persistent password for terry@solarsystem. Each time Terry
performs a transaction with solarsystem, the persistent password is used to perform
the authentication.
$ smbutil login terry@solarsystem
Password:
How to Configure the PAM Module to Store a Persistent Password
When installed, the pam_smbfs_login.so.1 module enables you to store a persistent password
the same as if you had run the smbutil login command for PAM_USER
in the user's or system's default domain.
This optional functionality is meant to be used only in environments that
do not run Active Directory or Kerberos, but which synchronize passwords between
Solaris clients and their CIFS/SMB servers.
For more information, see the pam_smbfs_login(5) man page.
- Use your login name and password to store a persistent password.
Add the following line to the /etc/pam.conf file after the other login
entries:
login auth optional pam_smbfs_login.so.1
This action adds a persistent password entry as if you had run
the smbutil login command.
Note - The PAM module implements a privilege to permit it to run as
superuser to store your password.
- Verify that your persistent password is stored.
$ smbutil login -c user
Example 4-1 Configuring the PAM Module to Store a Persistent Password
The following example shows how the domain is chosen. The system default
is WORKGROUP. The WORKGROUP domain is overridden by any default from SMF,
and finally by any default from the user's .nsmbrc file.
This example shows a default domain in SMF and for user terry:
# sharectl set -p section=default -p domain=AAA smbfs
# sharectl get smbfs
[default]
domain=AAA
A root login uses the domain from SMF:
# smbutil login -c terry
Keychain entry exists for AAA/terry.
A login as terry uses the domain from the ~terry/.nsmbrc file:
$ ls /.nsmbrc
/.nsmbrc: No such file or directory
$ cat ~/.nsmbrc
[default]
domain=MYDOMAIN
$ ls -l ~/.nsmbrc
-rw-r--r-- 1 terry staff 26 Feb 13 10:15 /home/terry/.nsmbrc
$ smbutil login terry
Keychain entry exists for MYDOMAIN/terry.
If Terry puts a password in ~terry/.nsmbrc, he must remove read permission.
Also, because Terry's home directory is on an NFS server, the PAM
module running as root cannot access Terry's file, so Terry would see
the following and use the SMF domain instead:
$ chmod 400 .nsmbrc
$ logout
solarsystem console login: terry
Password:
Can't open /home/terry/.nsmbrc: Permission denied
$ su
Password:
# smbutil login -c terry
Keychain entry exists for AAA/terry.
How to Delete a Persistent Password
Use this procedure to delete persistent passwords that are stored by the
smbutil login command.
If you want to delete all persistent passwords, see How to Delete All Persistent Passwords.
- Delete a persistent password for the specified server by doing one of
the following:
- To delete the persistent password for a specified user, type:
$ smbutil logout user@server
For example, the following command removes the persistent password for terry@solarsystem:
$ smbutil logout terry@solarsystem
After the password is deleted, Terry is prompted for his password each
time that he performs a transaction with solarsystem.
- To delete the password for the user running the smbutil logout command, type:
$ smbutil logout server
For example, when user dana runs the following command, he removes his
persistent password for solarsystem:
$ smbutil logout solarsystem
After the password is deleted, Dana is prompted for his password each
time that he performs a transaction with solarsystem.
How to Customize Your Solaris CIFS Environment
You can customize your Solaris CIFS environment by creating a .nsmbrc configuration
file in your home directory. For more information about the .nsmbrc file
format, see the nsmbrc(4) man page.
- Create a file called .nsmbrc file in your home directory.
- Edit the .nsmbrc file to specify values for Solaris CIFS client properties.
This example shows how user terry can configure the example.com environment by
placing this .nsmbrc configuration file in his home directory.
The default section describes the default domain, which is called SALES, and
sets a default user of MYUSER. These default settings are inherited by
other sections unless property values are overridden.
FSERVER is a server section that defines a server called fserv.example.com. It
is part of the SALES domain.
RSERVER is a server section that defines a server called rserv.example.com that
belongs to a new domain called REMGROUP.
# Configuration file for example.com
# Specify the Windows account name to use everywhere.
[default]
domain=SALES
user=MYUSER
# The 'FSERVER' is server in our domain.
[FSERVER]
addr=fserv.example.com
# The 'RSERVER' is a server in another domain.
[RSERVER]
domain=REMGROUP
addr=rserv.example.com
