Accessing OpenSolaris Shares From Windows

Last year I wrote an entry on Accessing Windows Shares from OpenSolaris. This is the other way around - setting up OpenSolaris as a CIFS server so I could browse its shares from Windows.

To begin, install the CIFS server packages:

bleonard@opensolaris:~$ pfexec pkg install SUNWsmbskr
PHASE                                          ITEMS
Indexing Packages                            554/554
DOWNLOAD                                    PKGS       FILES     XFER (MB)
Completed                                    1/1         6/6     0.42/0.42

PHASE                                        ACTIONS
Install Phase                                  17/17
Reading Existing Index                           9/9
Indexing Packages                                1/1
bleonard@opensolaris:~$ pfexec pkg install SUNWsmbs
DOWNLOAD                                    PKGS       FILES     XFER (MB)
Completed                                    1/1       28/28     1.07/1.07

PHASE                                        ACTIONS
Install Phase                                  62/62
PHASE                                          ITEMS
Reading Existing Index                           9/9
Indexing Packages                                1/1

Note, there's a broken dependency between SUNWsmbs and SUNWsmbskr, which is why it's necessary to install both packages. This will be addressed with the upcoming 2009.06 release. See bug 5390 for more details.

After the packages are installed, reboot the system (there is a work-around, which you can read here. Personally I found it easier to reboot). You can follow bug 8647 to track the progress of this issue.

Notice that the CIFS server is dependent on the Native Identity Mapping Service, which is disabled by default:

bleonard@opensolaris:~$ svcs -l smb/server
fmri         svc:/network/smb/server:default
name         smbd daemon
enabled      true
state        offline
next_state   none
state_time   Thu Apr 30 16:57:28 2009
restarter    svc:/system/svc/restarter:default
dependency   require_any/error svc:/milestone/network (online)
dependency   require_all/error svc:/system/filesystem/local (online)
dependency   require_all/error svc:/system/idmap:default (disabled)

So start the CIFS server using the -r option to start all dependent services:

svcadm enable -r smb/server

If you'll be connecting to Windows machines and you use a workgroup other than the default 'WORKGROUP', set the CIFS workgroup as follows (swapping '@HOME' with the name of your workgroup):

bleonard@opensolaris:~$ smbadm join -w @HOME
Successfully joined workgroup '@HOME'

Configure the Pluggable Authentication Module (PAM) to work with CIFS. First, add the following to /etc/pam.conf:

#
# For CIFS Authentication
#
other   password required       pam_smb_passwd.so.1 nowarn

Then reset your password so it can be stored by the CIFS password encrypter (OpenSolaris will not let you set the same password, however, you can change it to something else and then back if you want to keep your original password):

bleonard@opensolaris:~$ passwd
passwd: Changing password for bleonard
Enter existing login password:
New Password:
Re-enter new Password:
passwd: password successfully changed for bleonard

Set up a share. This is most easily done with ZFS:

pfexec zfs set sharesmb=on rpool/export/home

You can verify the share with the following:

bleonard@opensolaris:~$ sharemgr show -vp
default nfs=()
zfs
    zfs/rpool/export/home smb=()
	  rpool_export_home=/export/home

Note the share name from Windows will appear as "rpool_export_home". You can use the sharemgr to change this to something more friendly, such as just "home".

pfexec sharemgr set -P smb -p name=home zfs/rpool/export/home

Connect to the share from your CIFS client. Note, due to bug 6749515, the CIFS server is not listed in the Windows workgroup computers list. This should be resolved in OpenSolaris 2009.06. For now, it's easiest to enter either the domain name or IP address of the OpenSolaris CIFS server and then enter your OpenSolaris User name and Password in the Connect to dialog:



Once connected, you can browse the OpenSolaris machine just like you would your local Windows drive:


Posted on: Apr 30, 2009

Posted by: Brian Leonard

Category: OpenSolaris

Permanent link to this entry

Bookmark and Share
Comments:

you might want to add how to change the name of the share to that

Posted by nacho on April 30, 2009 at 10:54 PM GMT #

You don't need the identity mapping service unless you need to map Unix uid & gids to Windows sids. Identity mapping is not required for normal use.

Posted by andrewk7 on May 01, 2009 at 02:05 PM GMT #

@nacho - good suggestion - done.

@andrewk7 - but the smb/server has a required dependency on the identity mapping service. smb/server fails to start if idmap isn't also running.

Posted by Brian Leonard on May 01, 2009 at 02:35 PM GMT #

Thanks for writing this--it's probably the best step-by-step guide I've seen. I can now get workgroup mode to work like a charm out of the box with OSOL 2009.06 on my home system, but joining a domain on my work PC still eludes me after hours and hours and hours of trying (works fine with likewise on Ubuntu though, wth!)

Also weird, is that even in workgroup mode which "works", I can only access it via \\<IP ADDRESS>, I can't access it by hostname (\\<hostname>\<share>).

Posted by Garen on November 05, 2009 at 12:58 AM GMT #

Post a Comment:
  • HTML Syntax: NOT allowed

This blog copyright 2009 by Roman Strobl