compared with
Current by Chris Ridd
on Oct 15, 2017 17:46.

(show comment)
Key
This line was removed.
This word was removed. This word was added.
This line was added.

Changes (39)

View Page History
This HowTo is based on a patch introduced on Nov 17, 2015 that enables a Joyent non-global zone to use kernel based CIFS. The nice part of this is it takes very little work to get a CIFS zone up and running, no {{smb.conf}} file needed. This How-To uses delegate datasets to make things easier to manage within the zone. From the ZFS Admin Guide concerning delegate datasets:

{quote}
The zone administrator can set file system properties, as well as create children. In addition, the zone administrator can take snapshots, create clones, and otherwise control the entire file system hierarchy.
{quote}

Downside to delegated datasets is if the zone is deleted the datasets are also deleted.

Here is the step by step I came up with.
* # Import base64 image (tested 15.3.0 and 15.4.1)
{code}$ imgadm avail name=base-64 version=15.3.0
842e6fa6-6e9b-11e5-8402-1b490459e334 base-64 15.3.0 smartos 2015-10-09T15:36:32Z
$ imgadm import 842e6fa6-6e9b-11e5-8402-1b490459e334{code}
* create joyent zone json (see below)

# Create joyent zone json
{code}
{
}
{code}


* # Create Joyent zone from the json file
{code}$ vmadm create -f yourName.json{code}
* log into zone
# Log into zone
{code}$ zlogin zoneUUID{code}
* add entry to /etc/pam.conf for pam_smb_passwd


# Add entry to {{/etc/pam.conf}} for {{pam_smb_passwd}}
{code}
# Used when service name is not explicitly mentioned for password management
 other password required pam_smb_passwd.so.1 nowarn
{code}
Note that {{pam.conf}} requires tabs between columns. The inserted line should include tabs as follows:
The inserted line should include tabs as follows:
other<tab>password required<tab>pam_smb_passwd.so.1<tab>nowarn

{code}other<tab>password required<tab>pam_smb_passwd.so.1<tab>nowarn{code}
Even though this enables SMB authentication, this does not initialize the SMB password database. The SMB password database by default will be empty at this point, and all accounts will fail SMB authentication until their password is set, for example by using the command line 'passwd' {{passwd}} utility, as mentioned below.

* enable these services
# Enable these services
** {code}$ svcadm enable smb/server
** $ svcadm enable smb/client
** $ svcadm enable rpc/bind
** svcadm enable idmap

$ svcadm enable idmap{code}
* verify # Verify services have started

{code}
admin@nas2 ~]$ $ svcs |grep smb
online 18:36:54 svc:/network/smb/client:default
online 18:36:54 svc:/network/smb/server:default
online 18:36:55 svc:/network/shares/group:smb

[admin@nas2 ~]$ $ svcs |grep bind
online 18:36:53 svc:/network/rpc/bind:default

[admin@nas2 ~]$ $ svcs |grep idmap
online 18:36:54 svc:/system/idmap:default
{code}

* create # Create a mount point dataset
{code}$ zfs create zones/6ecf3543-1c65-6600-ab32-e05de443026c/data/share1{code}
* set # Set a quota for the dataset
{code}$ zfs set quota=100M zones/6ecf3543-1c65-6600-ab32-e05de443026c/data/share1{code}
* create # Create a mount point
{code}$ sudo zfs set mountpoint=/share1 zones/6ecf3543-1c65-6600-ab32-e05de443026c/data/share1{code}
* change file ownership. In this case I used admin:staff
# Change file ownership. In this case I used {{admin:staff}}
{code}$ sudo chown admin:staff /share1{code}
* change # Change admin’s password so SMB password will be updated
{code}$ passwd admin xxxx{code}
* share the filesystem
# Share the filesystem
{code}$ sharemgr add-share -r testCifs -s /share1 smb{code}
(note: \-r is the displayed resource name, \-s is the share location, smb is the file system export type. see man sharemgr)
* # Test with a CIFS client