Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Sorry for the delay. I'm not on this site very often. If you want more
information, please let me know. I have to do things a little different because my
systems sit on stand-alone networks. So I actually have to setup a local Solaris
repository to get the packages, but once it is setup I still use package manager to
install the two packages listed below. Also, I disable the "auto" network because
I aggregate multiple NICs.
3. Set DNS
a. # svccfg
b. # svc:> select dns/client
c. # svc:/ network/dns/client> setprop config/nameserver=(192.168.0.1
192.168.0.2)
d. # svc:/ network/dns/client> setprop config/domain=myDomain.com
e. # svc:/ network/dns/client> setprop config/search=myDomain.com
f. # svc:/ network/dns/client> select dns/client:default
g. # svc:/ network/dns/client:default> refresh
h. # svc:/ network/dns/client:default> validate
i. # svc:/ network/dns/client:default> exit
j. # svcadm enable -r dns/client
4. Jo 4. Joining System to Windows 2008 Domain
a. # Need to install the following packages (Use Package Manager)
# system/security/kerberos-5
# service/file-system/smb (SMB/CIFS Server)
b. # cp /etc/nsswitch.dns /etc/nsswitch.conf
c. # Edit /etc/nsswitch.conf and add �ad� after �files� on the following two
lines (The reason for doing this is so you get user names instead of UIDs)
# passwd: files ad
# group: files ad
d. # Ensure time is accurate to a domain controller
# ntpdate 192.168.0.1
e. # kclient -a adminName -T ms_ad (This should create the
/etc/krb5/krb5.conf file with all the correct parameters and creates a computer
account in active directory)
Follow instructions
f. # svcadm enable -r smb/server
g. # smbadm join -u adminName myDomain.com (This actually joins the
system to the domain)
In this Document
Purpose
Details
Product Support Team
Alerts
Description
Versions
Compatibility/Patches
Configuration
FAQ
Information Gathering
Installation
De-installation
Troubleshooting
Performance
Lab
References
Proactive
References
APPLIES TO:
Solaris SPARC Operating System - Version 9 GA to 10 8/11 U10 [Release 9.0 to 10.0]
Solaris x64/x86 Operating System - Version 9 GA to 10 8/11 U10 [Release 9.0 to
10.0]
Information in this document applies to any platform.
PURPOSE
DETAILS
Alerts
To retrieve Alerts specific to Samba, perform a keyword search under the filter
"Sun Products" using the word "samba". Sort by "All Document Types - Alert Notice"
using the "Refine Results" side menu.
Description
Samba is a suite of Unix applications that speak the SMB (Server Message Block)
protocol. Many operating systems, including Windows and OS/2, use SMB to perform
client-server networking. By supporting this protocol, Samba allows Unix servers to
get in on the action, communicating with the same networking protocol as Microsoft
Windows products.
Supported clients:
* LAN Manager
* Windows for Workgroups, Windows 95, 98, and ME
* Windows NT, 2000, XP, Vista
* Linux
* OS/2
Samba is considered Open Source software (OSS) by its authors, and is distributed
under the GNU General Public License (GPL).
Common Standards
* Net BIOS over TCP/IP(NBT) (RFC 1001/1002) includes: -Name service -Datagrams
-Sessions
Abbreviations/Acronyms
Versions
As Samba is an open source project, there exist many self-compiled versions of this
software on the Internet, and in our customers' systems, as well as Solaris
packages delivering Samba that have been built by third parties (e.g. samba.org, or
sunfreeware.org). Sun cannot investigate (and officially does not support) third
party Samba builds.
Please do check that the Samba running on a customer system is indeed the Solaris
bundled Samba. This can be done by e.g. grep mbd <explorerdir>/sysconfig/ps-ef.out
The output should include smbd and nmbd binaries running from /usr/sfw/sbin/.
In any other case, this is worth a double-check on the origin of those binaries.
Compatibility/Patches
Date: July 2013 : The following Soalris 10 Patch is Samba Version 3.6.23
For Sun Cluster the latest supported is with Cluster is 119757-19 until 126077-03
(HA-Samba) is released
NOTE 1: If you are updating Samba from release 3.0.37, you should pay special
attention. The version of the current installed Samba can be obtained
by using the command:
/usr/sfw/sbin/smbd -V
or:
/usr/sbin/smbd -V
NOTE: with the latest patch 119757-26 the version should display 3.6.8
NOTE 2: Please ensure all Samba services are disabled before installing
this patch:
NOTE 3: Configuration changes may be required. The smb.conf file has moved
from /etc/sfw to /etc/samba to avoid unintentional launch of Samba
services without a manual check of the smb.conf file.
NOTE 4: In case of trouble after the patch install, the original .tdb-files
may also need to be purged:
rm -fr /var/samba/lo*/*
NOTE 5: The configuration option for SAM-QFS offline files support has
changed. Please replace the original [share] option:
The "samfs.so" module also supports making files offline from the
SMB-client's side. Such operation was not originally supported by
the previous solution.
April, 2011: The following Solaris 10 patches, brought Samba to version 3.5.5
NOTE 2: Please ensure all Samba services are disabled before installing this patch:
NOTE 3: Configuration changes may be required. The smb.conf file has moved from
/etc/sfw to /etc/samba to avoid unintentional launch of Samba services without a
manual check of the smb.conf file.
NOTE 4: In case of trouble after the patch install, the original .tdb-files may
also need to be purged:
rm -fr /var/samba/lo*/*
NOTE 5: The configuration option for SAM-QFS offline files support has changed.
Please replace the original [share] option:
The "samfs.so" module also supports making files offline from the SMB-client's
side. Such operation was not originally supported by the previous solution.
Use the "Patches and Updates" tab to perform a "Product or Family (Advanced)"
search using the following parameters:
Configuration
* /etc/sfw
* /etc/sfw/smb.conf: main configuration file,see man smb.conf
* /etc/sfw/private/smbpasswd: password file for the samba users (change with
smbpasswd)
* /etc/sfw/usermap.txt: location depends on the entry in smb.conf, maps unix user
names to samba users
To run Samba the /etc/sfw/smb.conf must be in place and properly configured (after
the installation there is only a smb.conf-example file)
FAQ
ANSWER: Yes, See: 146363-01 (Sparc) and 146364-01 (x86) or 119757-20 and above
==================
QUESTION: I have configured samba on a solaris10 server. I am using the samba that
comes with solaris10. I am attempting to use winbind and AD from a Windows 2003 AD
domain. When I put ACL's on a share to allow specific AD group write or create
privileges they are denied unless I remove the user from AD groups until it is
below 16 group. Then everything works OK. I found some stuff on Sunsolve about the
parameter ngroups_max and being able to set it to 32 instead of the default 16. I
did this but it didn't seem to affect the way that samba works. Am I missing
something or will Samba not use this value?
ANSWER: According to this CR, the ability to have a user in more than 16 groups has
been implemented in Open Solaris and will be backported to Solaris 10u10.
==============================
QUESTION: How to create a public share in Samba which will be open to anyone?
ANSWER: With samba, all shares are public essentially public till you limit them.
Public means that the shares are visible but you may or may not be able to access
the data in them. A non public share is not visible to anyone, but can be accessed
if you know where it lives.
It appears that your customer is looking for a public share with generic access.
(not only can everyone see the share but anyone can access it)
[ttrace_dev]
path = /omarcsdv/tektrace
guest ok = Yes
read only = Yes
When PC users access this share, they will be authenticated via the passwd server
in the [global] section.The process is something like this:
user on PC----password server----samba now looks up a unix user associated to the
PC user --->if no match, pop-up a login window
Keep in mind that there are PC users (with PC permissions/ownership) and unix users
(with unix permissions/ownership). Something has to map between these. It can be
the smbpasswd file, it could be Active Directory, or it can me a samba map. Note
that unless instructed otherwise, (i.e., a guest connection), Samba will expect
both the client and the server user to have the same password. The [global] section
of this smb.conf file shows;
So this customer will probably needs to add an entry in this map to map all
authenticated PC users to a valid unix user (i.e. a user in /etc/passwd). I would
suggest, create a unix user called "guest" (this user must be the owner of the
shared directory (/omarcsdv/tektrace). Now map this unix user to all authenticated
PC users. Add the following line to the /etc/sfw/users.map.%L file;
guest = *
There is another way to configure a public any access share. This is done in the
[share] section of the smb.conf file.
[sales]
path = /home/sales
comment = Fiction Corp Sales Data
writeable = yes
guest ok = yes
guest account =
guest only = yes
There is a very good writeup on this in the O'reilly Samba book. Here is the
section;
http://oreilly.com/catalog/samba/chapter/book/ch06_02.html
====================================
old run daemons are blocking the binded port for listen so the newly started
instance of daemon (performed by SMF(5)) will fail on bind(). I am doing the
following cleanup in such case:
svcadm disable samba wins winbind swat svcs samba wins winbind swat ...repeat
disable for the services which can not disable for the first "call"
check the daemons remains running: ps -ef | grep mbd # for smbd and nmbd ps -ef |
grep win # for winbindd
svcadm enable
================================
SYMPTOM: Some users cannot delete files anymore (filesystem is UFS, no ACL's used.)
ANSWER: in the smb.conf profile acl was set to "YES". After changing it to "NO" all
users were able to delete files.
====================================
QUESTION: Where do I find the adjoin script that automates process of joining
Solaris client to a
AD domain, that is discussed in some internet references.
ANSWER:
Information Gathering
Things to get:
* /etc/sfw/smb.conf
* explorer
* ps -ef | grep mbd
* /var/adm/messages
* /var/samba/log (or the directory specified in the smb.conf file, eventually
increase the debug level before)
* ping
* /usr/sfw/bin/smbclient -U% -L localhost
* ping
* nbtstat -A
* nbtstat -a
* net use d: \\servername\service
Information needed to assign to an other support group:
Installation
De-installation
Troubleshooting
Chapter 9.1 The Tool Bag of the O'Reilly "Using Samba" book outlines debug options:
Performance
Lab
References
samba.org
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html
Jiri's Blogs:
http://blogs.oracle.com/jurasek/entry/ads_domain_member_server1
http://blogs.oracle.com/jurasek/entry/even_more_simple_configuration
Email:
SAMBA-SUPPORT_WW_GRP@oracle.com
mailfinder archive at mailfinder.us.oracle.com
External links:
http://www.nineproductions.com/sun-solaris.html for articles on:
Solaris 11 Samba/ZFS Configuration
Solaris 10 Samba/ZFS Configuration
Proactive
REFERENCES
NOTE:1360695.1 - Solaris 10 Samba service may enter maintenance mode due to Solaris
print services failures
NOTE:1390259.1 - Windows 7 client cannot access Samba share from Solaris 10 server
NOTE:1390849.1 - After Patch Cluster Installation that Includes 119757-20, Samba
Failed to Login with Windows ADS (Active Directory Server)
NOTE:1400605.1 - TSC Network Product Home
NOTE:1000738.1 - Security Vulnerabilities in Samba May Allow Unauthorized Root
Privileges
Document Details
Email link to this documentOpen document in new windowPrintable Page
Type:
Status:
Last Major Update:
Last Update:
REFERENCE
PUBLISHED
29/07/2014
29/07/2014
Related Products
Information Centers
Show More
Document References
Solaris 10 Samba service may enter maintenance mode due to Solaris print services
failures [1360695.1]
Windows 7 client cannot access Samba share from Solaris 10 server [1390259.1]
After Patch Cluster Installation that Includes 119757-20, Samba Failed to Login
with Windows ADS (Active Directory Server) [1390849.1]
Show More
Recently Viewed
E-PUM: Unable to Connect to Samba Shared Folders of the PUM Image Using
Windows 7 [1612282.1]
Sun Storage 7000 Unified Storage System: AKD (Appliance Kit Daemon) fails to
restart when a cache device is faulted [1553271.1]
Show More
Attachments
Related
Products
Sun Microsystems > Operating Systems > Solaris Operating System > Solaris SPARC
Operating System > Windows Connectivity (samba, cifs) > samba smb
Sun Microsystems > Operating Systems > Solaris Operating System > Solaris x64/x86
Operating System > Windows Connectivity (samba, cifs) > samba smb
Keywords
Errors
RFC-1001