CIFS Service Autohome Shares
Since the topic of SMB autohome shares came up ...
SMB autohome shares resulted from of a customer request to make managing
home directory shares easier. This particular customer had around 2000
users connecting to home directories on a server and the actual request
was for help in scripting a management interface. Automatic sharing
turned out to be a better solution.
The SMB autohome map provides a means to automatically share a directory
when a user connects and unshare it when the user disconnects. SMB
autohome shares are typically used to share home directories, in which
case the share is filtered when viewed via CIFS so that it is only
visible to the user whose username matches the share name. By default, the
SMB autohome map is /etc/smbautohome, with a syntax that is similar
to that used with the automounter, although the services are not related.
A map entry takes the form shown below, where key is a username, location
is the fully qualified path for the user's home directory and container
is an optional Active Directory Service (ADS) container.
As with regular shares, autohome shares can be published in Active Directory.
The ADS container is specified as a comma-separated list of attribute=value
pairs using LDAP distinguished name (DN) or relative distinguished name (RDN)
format. The DN or RDN must be specified in LDAP format using the ou=, cn=
and dn= prefixes as indicated below:
- cn=common name
- ou=organizational unit
- dc=domain component
cn=, ou= and dn= are attribute types. The attribute type used to describe
an object's RDN is called the naming attribute, which, for ADS, include
the following object classes:
- cn for the user object class
- ou for the organizational unit (OU)
- dc for the domainDns object class
Map Key Substitution
The location field contains a directory path with the ampersand (&) and
question (?) characters providing substitution characters to simplify map
entries. Ampersands are expanded to the value of the key and question
marks are expanded to the first character of the key. In the following
example, the path would be expanded to /home/jj/jane.
Wildcard Key
An asterisk (*) can be used as the key, which is recognized as the
catch-all entry. Such an entry will match any key not previously matched.
For example; the following entry would map any user to a home directory
in /home in which the home directory name was the same as the username.
Note that the wildcard rule will only be applied if an appropriate rule
cannot be found in any other map entry.
NSSwitch Map
The nsswitch special map can be used to request that the home directory be
obtained from a name service passwd database. An ADS container can be
appended, which will be used to publish shares.
The nsswitch will only be searched if an appropriate rule cannot be found
in any other map entry, including the wildcard rule, which means that the
wildcard and nsswitch rules are mutually exclusive and an nsswitch rule
will have no effect if a wildcard rule has been defined.
Posted at
12:42AM Nov 09, 2007
by Alan Wright in Sun |
tried to set up cifs server on b77 - created etc/smbautohome, enabled both idmap and smb/server services and did smbadm enable-user <username> and smbadm join -w WORKGROUP
and tried to connect to server from macosx smb client - got message that I've entered wrong password. dmesg output on solaris shows:
SmbLogon[WORKGROUP\mareks]: WRONG_PASSWORD
Anything else need to be done by smbadm to allow user to connect ?
Thanks,
Mareks
Posted by mareks on November 23, 2007 at 11:11 AM PST #
Mareks,
It would be better to discuss configuration questions on storage-discuss@opensoloaris.org. I think the information you need has been posted there: see the "cifs server?" discussion.
Alan
Posted by 192.18.43.225 on November 26, 2007 at 03:36 PM PST #
Thanks for the tip ! Got it working (needed pam.conf entry and re-generated my password).
/mareks
Posted by mareks on November 27, 2007 at 05:55 AM PST #