svcadm(8)을 검색하려면 섹션에서 8 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
smb(5)
smb(5) File Formats smb(5)
NAME
smb - SMB server and client configuration properties
DESCRIPTION
The behavior of the Oracle Solaris SMB server and client is defined by
property values that are stored in the Service Management Facility,
smf(7).
An authorized user can use the sharectl(8) command to set global values
for these properties in SMF.
The following list describes the properties:
ads_site
Specifies the Active Directory site. Sites provide a mechanism to
partition or delegate administration and policy management, which
are typically used in large or complex domains.
The value should not be set if you do not have a local Active
Directory site. By default, no value is set.
autohome_map
Specifies the full path for the SMB autohome map file, smbautohome.
The Oracle Solaris SMB server can automatically share home directo‐
ries when a SMB client connects. The default path is /etc.
client_lmauth_level
Specifies the LAN Manager (LM) authentication level for the Oracle
Solaris SMB client. The LM compatibility level controls the type of
user authentication to use in workgroup mode or local user in
domain mode. The default value is 4.
The following describes the behavior at each level:
Oracle Solaris SMB Client
+---+------------------------------+
| 2 | Uses NTLM authentication |
| | |
+---+------------------------------+
| 3 | Uses NTLMv2 authentication |
| | |
+---+------------------------------+
| 4 | Uses NTLMv2 authentication |
+---+------------------------------+
| 5 | Uses NTLMv2 authentication |
| | |
+---+------------------------------+
client_maxprotocol
Specifies the highest protocol version the Oracle Solaris SMB
client uses to negotiate with external SMB servers. The valid val‐
ues are 1 and 1.0. The default value is 1.
The protocol version is specified as a {major}[.{minor}] number. If
the minor number is not specified, then the highest supported minor
version will be used.
client_signing_required
When SMB client signing is required, the Oracle Solaris SMB client
signs all packets, and is not able to connect to servers configured
with signing not enabled and not required. When SMB client signing
is not required (false), the Oracle Solaris SMB client only signs
packets if required by the server. Valid values are true and false.
The default value is false.
disposition
A value that controls whether the Oracle Solaris SMB server discon‐
nects the share or proceed if the map command fails. The disposi‐
tion property only has meaning when the map property has been set.
Otherwise it has no effect.
disposition = [ continue | terminate ]
continue
Proceed with share connection if the map command fails. This is
the default in the event that disposition is not specified.
terminate
Disconnect the share if the map command fails.
ddns_enable
Enables or disables dynamic DNS updates. A value of true enables
dynamic updates, while a value of false disables dynamic updates.
By default, the value is false.
For Active Directory DNS servers, when the system is joined to the
AD domain, secure updates (defined in RFC 3007) are used.
ddns_exclude
A comma-separated list of IP interfaces whose addresses should be
excluded from DDNS publication. The list is empty by default. The
entries in the list represent the IP interfaces identified by their
interface names, for example, net0. Note that the interface does
not need to have been configured to be present in the list. Any
properly-formed interface name is acceptable. Thus, for any IP
interfaces configured in the system, if it is present in the
ddns_exclude list, it will be excluded from dynamically publishing
to the DNS server and any existing resource records in the DNS
server will be removed for this interface.
dns_suffix
Specifies a primary DNS suffix for this system. Some domain member
systems have a primary DNS suffix that does not match the DNS name
of the Active Directory domain (of which they are members). This
creates a disjoint namespace. By default, no value is set.
enforce_vczero
Specifies the behavior on receiving a connection on virtual circuit
(VC) zero. The SMB protocol default is to enforce VC zero behavior.
When a client connects using VC zero the server disconnects all
previous connections from that client. The default behavior can
cause sessions to be disconnected when the DNS contains aliases for
the server and shares are mapped using different names. To avoid
disconnection, the default behavior can be changed by setting
enforce_vczero to false. The default value is true.
explicit_netgroups
Controls whether to enforce new syntax for netgroups, where net‐
groups in share access list entries must be marked with a leading
'%' to distinguish them from hostnames. Enabling this setting
requires the admin to make this change to all share access lists
manually, and can eliminate unnecessary DNS lookups. The default is
false.
ipv6_enabled
Enables IPv6 Internet protocol support within the Oracle Solaris
SMB Service. Valid values are true and false. The default value is
true.
keep_alive
Specifies the number of seconds before an idle SMB connection is
dropped by the Oracle Solaris SMB server. If set to 0, idle connec‐
tions are not dropped. Valid values are 0 to 86400 (24 hours). The
default value is 900 seconds.
map
The value is a command to be executed on the Oracle Solaris SMB
server when a SMB client connects to the share. The command can
take the following arguments, which is substituted when the command
is executed as described below:
%U
Windows username.
%D
Name of the domain or workgroup of %U.
%h
The server hostname.
%M
The client hostname, or "" if not available.
%L
The server NetBIOS name.
%m
The client NetBIOS name, or "" if not available. This option is
only valid for NetBIOS connections (port 139).
%I
The IP address of the client machine.
%i
The local IP address to which the client is connected.
%S
The name of the share.
%P
The root directory of the share.
%u
The UID of the UNIX user.
max_connections
Specifies the maximum number of concurrent open connections on the
SMB server. The value is an upper limit and it has no effect when
the number of concurrent connections is below the limit. The only
reason to change this value is to enforce a lower or higher limit
on the number of concurrent connections. The default value is
65536.
max_workers
Specifies the maximum number of worker threads that are launched to
process incoming SMB requests. The SMB max_mpx value, which indi‐
cates to a SMB client the maximum number of outstanding SMB
requests that it can have pending on the Oracle Solaris SMB server,
is derived from the max_workers value. To ensure compatibility with
older versions of Windows the lower 8-bits of max_mpx must not be
zero. If the lower byte of max_workers is zero, 64 is added to the
value. Thus the minimum value is 64 and the default value, which
appears in sharectl(8) as 1024, is 2048.
multichannel_enable
Enables or disables SMB3 multichannel support. When set to true,
the Oracle Solaris SMB server will accept multichannel sessions.
oplock_enable
Enables oplocks on the server. The valid values are true or false.
It serves as a default option when the share property
share.smb.oplocks is not explicitly set. Otherwise, the share prop‐
erty will take precedence in determining whether oplocks should be
enabled for the share.
restrict_anonymous
Disables anonymous access to IPC$ on the Oracle Solaris SMB server,
which requires that the SMB client be authenticated to get access
to MSRPC services through IPC$. A value of true disables anonymous
access to IPC$, while a value of false enables anonymous access.
The default value is true.
server_encrypt_data
Configures SMB encryption at the global level. This is an SMB ser‐
vice-wide property. It is a boolean type property, with false being
the default value. When set to true, the SMB server requires the
client to encrypt data on all new sessions. This enforcement can be
bypassed if the server allows unencrypted access. For more informa‐
tion, see the description about the server_reject_unencrypt prop‐
erty.
server_lmauth_level
Specifies the LAN Manager (LM) authentication level for the Oracle
Solaris SMB server. The LM compatibility level controls the type of
user authentication to use for the clients to connect to the Work‐
group mode. For Domain users connecting to the Oracle Solaris SMB
server, the AD Domain Controller will establish and enforce the
required authentication type. The default value is 5.
The following describes the behavior at each level:
Oracle Solaris SMB Server
+---------------------------------+
| 2 | Accepts LM, NTLM and NTLMv2 |
| | authentication |
+---+-----------------------------+
| 3 | Accepts LM, NTLM and NTLMv2 |
| | authentication |
+---+-----------------------------+
| 4 | Accepts NTLM and NTLMv2 |
| | authentication |
+---+-----------------------------+
| 5 | Accepts NTLMv2 |
| | authentication |
+---+-----------------------------+
server_maxprotocol
Specifies the highest protocol version the Oracle Solaris SMB
server uses to negotiate with a SMB client. The valid values are 1,
1.0, 2, 2.0, 2.1, 3, 3.0, and 3.1. The default value is 3.
The protocol version is specified as a {major}[.{minor}] number. If
the minor number is not specified, then the highest supported minor
version will be used. The highest supported versions are 1.0, 2.1,
and 3.1.
server_minprotocol
Specifies the minimum protocol version the Oracle Solaris SMB
server uses to negotiate with a SMB client. The valid values are 1,
1.0, 2, 2.0, 2.1, 3, 3.0 and 3.1. The default value is 1.
The protocol version is specified as a {major}[.{minor}] number. If
the minor number is not specified, then the lowest supported minor
version will be used.
server_reject_unencrypt
Allows or rejects unencrypted access when either global level or
share level encryption is turned on. This is an SMB service-wide
property. It is a boolean type property, with true being the
default value. By default, all unencrypted accesses will be
rejected when encryption is turned on. When set to false, the unen‐
crypted access will be allowed. This property is intended for a
transition phase whenever the deployment scenario requires to sup‐
port down-level clients which do not support encryption. Other than
that, it is highly recommended not to change from its default
value, unless the administrator is clear about the implications.
server_signing_enabled
Enables SMB server signing. When server signing is enabled but not
required, packets signing is at the discretion of the client. When
Oracle Solaris SMB server signing is not enabled and not required,
packets are signed if, and only if, the client requires signing.
When server_signing_required=true, server_signing_enabled is
treated as true. Valid values are true and false. The default value
is false.
The server_signing_enabled property is not applicable to SMB 2.0
protocol. For SMB 2.0 protocol, signing is controlled with the
server_signing_required property.
server_signing_required
When SMB server signing is required, all packets must be signed or
they are rejected. Clients that do not support signing are unable
to connect to the Oracle Solaris SMB server. Valid values are true
and false. The default value is false.
share_abe
Sets the access-based enumeration (ABE) policy for displaying
shares. If the value of this property is set to none, a client can
see only the shares that it is allowed to access. Access to shares
is determined by the values of the share properties rw, ro, none,
and on the ACL that is set on the share.
If the value is set to full, all shares are visible to all clients.
Valid values are full and none. The default value is full.
system_comment
Specifies an optional description for the system, which is a text
string. This property value might appear in various places, such as
Network Neighborhood or Network Places on Windows clients. By
default, no value is set.
unmap
The value is a command to be executed on the Oracle Solaris SMB
server when a SMB client disconnects the share. The command can
take the same substitutions listed on the map property.
netbios_enable
Enables or disables all NetBIOS services. A value of true enables
NetBIOS name (UDP port 137), datagram (UDP port 138), session (TCP
port 139) services and the capability of locating domain controller
via NetBIOS-based discovery. A value of false disables all of them.
The default value is true.
ATTRIBUTES
See the attributes(7) man page for descriptions of the following
attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/file-system/smb _ Interface Stabili‐
tyUncommitted
SEE ALSO
attributes(7), smf(7), sharectl(8), smbadm(8), smbd(8), smbstat(8)
RFC 3007
Oracle Solaris 11.4 11 May 2021 smb(5)