1nsmbrc(4) File Formats nsmbrc(4)
2
6 nsmbrc - configuration file for Solaris CIFS client requests
7
9 $HOME/.nsmbrc
10
13 Global behavior of the Solaris CIFS client is defined by property val‐
14 ues that are stored in the Service Management Facility (SMF). The .nsm‐
15 brc file can be used to customize the behavior of the Solaris CIFS
16 client on a per-user basis. Settings in the $HOME/.nsmbrc file are used
17 unless they have security implications.
18 An authorized user can use the sharectl command to set global values
21 for these properties in SMF. See sharectl(1M).
22 A regular user can change the global values when granted the "SMBFS
25 Management" rights profile in the /user_attr file. See user_attr(4) and
26 rbac(5).
27 The SMBFS library first reads from SMF and then the $HOME/.nsmbrc file
30 when determining which policy to apply to a particular server, user, or
31 share. $HOME/.nsmbrc entries take precedence with the exception of the
32 minauth property value. For minauth, the strongest authentication level
33 specified is used. Sections are applied so that more specific sections
34 override less specific sections. Not all keywords are valid in all sec‐
35 tions.
36 The configuration file is comprised of these four section types. Each
39 section can include zero or more properties and associated values. The
40 sections also have a hierarchical relationship with each other, as
41 shown by the order of the following list:
42 o Default section. Specifies the default property values to be
44 used by all other sections unless specifically overridden.
45 The section name appears in the .nsmbrc file as [default].
47 o Server section. Specifies the property values to be used by
49 sections that are related to the named server. These prop‐
50 erty values can be specifically overridden by a related user
51 section or share section.
52 The section name appears in the .nsmbrc file as [server-
54 name]. server-name must use uppercase characters to match.
55 o User section. Specifies the property values to be used by
57 sections that are related to the named server and user.
58 These property values can be specifically overridden by a
59 related share section.
60 The section name appears in the .nsmbrc as [server-
62 name:username]. Both server-name and username must use
63 uppercase characters to match.
64 o Share section. Specifies the property values to be used by
66 sections that are related to the named server, user, and
67 share.
68 The section name appears in the .nsmbrc as [server-
70 name:username:share-name]. Both server-name and username
71 must use uppercase characters to match.
72 The end of each section is marked either by the start of a new section
75 or by an end of file (EOF).
76 The following list describes the properties and states in which sec‐
79 tions they can be set:
80 addr
82 Specifies the DNS name or IP address of the CIFS server. This prop‐
84 erty can only be set in a server section. If this property is spec‐
85 ified, it must specify a value as there is no default.
86 domain
89 Specifies the Windows domain name to use when authenticating with a
91 server. The default value is WORKGROUP. This property can only be
92 set in the default and server sections.
93 minauth
96 Is the minimum authentication level required, which can be one of
98 kerberos, ntlmv2, ntlm, lm, or none. If minauth is set globally and
99 in a user's .nsmbrc file, the stronger authentication setting are
100 used whether set by the user or globally. This property can only be
101 set in the default and server sections. The default value is ntlm.
102 nbns
105 Specifies the DNS name or IP address of the NetBIOS/WINS name
107 server. This property can only be set by an administrator by using
108 the sharectl command. This property can only be set in the default
109 section. The default value is empty, nbns="".
110 nbns_broadcast
113 Specifies whether to perform NetBIOS/WINS broadcast lookups. Broad‐
115 cast lookups are less secure than unicast lookups. To prevent
116 broadcast lookups, set the value to no. This property has no effect
117 if the nbns_enable property is set to no or false. This property
118 can only be set by an administrator by using the sharectl command.
119 This property can only be set in the default section. Valid values
120 are yes, true, no, and false. The default value is yes.
121 nbns_enable
124 Specifies whether to perform NetBIOS/WINS name lookups. To force
126 all lookups to be done through the name service switch (see nss‐
127 witch.conf(4)), set the value to no. This property can only be set
128 by an administrator by using the sharectl command. This property
129 can only be set in the default section. Valid values are yes, true,
130 no, and false. The default value is yes.
131 password
134 Specifies the password to use when authenticating a server. The
136 password property value is used as long as the .nsmbrc file can
137 only be read and written by the owner. This property can be set in
138 the default, server, user, and share sections.
139 If you assign the hashed password from the smbutil crypt command to
141 the password property, be sure to escape the special characters in
142 the password.
143 signing
146 Specifies whether communications are digitally signed by SMB secu‐
148 rity signatures for the Solaris CIFS client. This property can only
149 be set in the default and server sections. Valid values are dis‐
150 abled, enabled, and required. The default value is disabled.
151 When set to disabled, the client permits the use of SMB security
153 signatures only if the server requires signing. In such an
154 instance, the Solaris CIFS client ignores local property values.
155 When set to enabled, the client permits, but does not require, the
157 use of SMB security signatures.
158 When set to required, the client requires the use of SMB security
160 signatures. So, if SMB security signatures are disabled on a CIFS
161 server and a client has signing required, the client cannot connect
162 to that server.
163 timeout
166 Specifies the CIFS request timeout. By default, the timeout is 15
168 seconds. This property can only be set in the default, server, and
169 share sections.
170 user
173 Specifies the user name to use when authenticating a server. The
175 default value is the Solaris account name of the user performing
176 the authentication. This property can only be set in the default
177 and server sections.
178 workgroup
181 Is supported for compatibility purposes and is a synonym for the
183 domain property. Use the domain property instead.
184
187 The examples in this section show how to use the .nsmbrc file and the
188 smbutil command to configure the ex.com environment.
189 The ex.com environment is described by means of these sections and set‐
192 tings:
193 o The default section describes the default domain, which is
195 called MYDOMAIN, and sets a default user of MYUSER. These
196 default settings are inherited by other sections unless
197 property values are overridden.
198 o FSERVER is a server section that defines a server called
200 fserv.ex.com. It is part of the SALES domain.
201 o RSERVER is a server section that defines a server called
203 rserv.ex.com that belongs to a new domain called REMGROUP.
204 Example 1 Using the $HOME/.nsmbrc Configuration File
206 The following example shows how a user can configure the ex.com envi‐
209 ronment by creating the .nsmbrc file.
210 All lines that begin with the # character are comments and are not
214 parsed.
215 # Configuration file for ex.com
218 # Specify the Windows account name to use everywhere.
219 [default]
220 domain=MYDOMAIN
221 user=MYUSER
222 # The 'FSERVER' is server in our domain.
224 [FSERVER]
225 addr=fserv.ex.com
226 # The 'RSERVER' is a server in another domain.
228 [RSERVER]
229 domain=REMGROUP
230 addr=rserv.ex.com
231 Example 2 Using the sharectl Command
234 The following example shows how an authorized user can use sharectl
237 commands to configure global settings for the ex.com environment in
238 SMF.
239 # sharectl set -p section=default -p domain=MYDOMAIN \
242 -p user=MYUSER smbfs
243 # sharectl set -p section=FSERVER -p addr=fserv.ex.com smbfs
244 # sharectl set -p section=RSERVER -p domain=REMGROUP \
245 -p addr=rserv.ex.com smbfs
246 Example 3 Using the sharectl Command to Show Current Settings
250 The following example shows how an authorized user can use the sharectl
253 get command to view the global settings for smbfs in SMF. The values
254 shown are those set by the previous example.
255 # sharectl get smbfs
258 [default]
259 domain=MYDOMAIN
260 user=MYUSER
261 [FSERVER]
262 addr=fserv.ex.com
263 [RSERVER]
264 domain=REMGROUP
265 addr=rserv.ex.com
266
270 $HOME/.nsmbrc
271 User-settable mount point configuration file to store the descrip‐
273 tion for each connection.
274
277 See attributes(5) for descriptions of the following attributes:
278 ┌─────────────────────────────┬─────────────────────────────┐
283 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
284 ├─────────────────────────────┼─────────────────────────────┤
285 │Availability │SUNWsmbfscu │
286 ├─────────────────────────────┼─────────────────────────────┤
287 │Interface Stability │Committed │
288 └─────────────────────────────┴─────────────────────────────┘
289
291 smbutil(1), mount_smbfs(1M), sharectl(1M), nsswitch.conf(4),
292 user_attr(4), attributes(5), rbac(5), smbfs(7FS)
293
295 By default, passwords stored in the .nsmbrc file are ignored unless
296 only the file owner has read and write permission.
297SunOS 5.11 Dec 8 2008 nsmbrc(4)