With the capabilities that ZFS brings to the table, I’m beginning to think that OpenSolaris just might make a better CIFS server than Windows. Sun has built CIFS support into the kernel, which helps with some of the interoperability challenges faced with Samba in a mixed Windows/*nix environment. Here’s how to set it up.
First things, first. Install the CIFS server:
james@opensolaris:~# pkg install SUNWsmbskr
DOWNLOAD PKGS FILES XFER (MB)
Completed 2/2 35/35 2.0/2.0
PHASE ACTIONS
Install Phase 90/90
Start the idmap and smb/server services:
james@opensolaris:~# svcadm enable idmap
james@opensolaris:~# svcadm enable smb/server
james@opensolaris:~# svcs | egrep "idmap|smb/server"
online 10:50:07 svc:/system/idmap:default
online 10:50:08 svc:/network/smb/server:default
Now let’s create a ZFS file system with the proper permissions and share it out:
james@opensolaris:~# zfs create -o casesensitivity=mixed -o nbmand=on rpool/test
james@opensolaris:~# chmod 777 /rpool/test
james@opensolaris:~# chmod -R A=everyone@:full_set:fd:allow /rpool/test
james@opensolaris:~# zfs set sharesmb=name=test,guestok=true rpool/test
james@opensolaris:~# sharemgr show -v
default
zfs
zfs/rpool/test
/rpool/test
test=/rpool/test smb=(guestok="true")
I've enabled guest access on this share (i.e., no password required; you'll probably want to do this on a home network). This requires build snv_118 or later. If you decide to forgo guest access, you'll need to generate SMB compatible passwords for your user accounts. This can be done by simply resetting their passwords. Connect to the share from a Windows box and create a file:
Now take a look at it back on the OpenSolaris box:
james@opensolaris:/rpool/test# ls -al test.txt
-rwxrwxrwx+ 1 2147483649 2147483650 0 Dec 17 10:38 test.txt
Uh-oh. OpenSolaris doesn't know how to translate the Windows users/groups. Let's fix that:
james@opensolaris:/rpool/test# idmap add winuser:Guest@opensolaris unixuser:nobody
add winuser:Guest@opensolaris unixuser:nobody
james@opensolaris:/rpool/test# idmap add "wingroup:Domain Users@opensolaris" unixgroup:staff
add "wingroup:Domain Users@opensolaris" unixgroup:staff
You'll need to reboot for this change to take effect. There may be a way around this, but restarting idmap and/or smb/server doesn't seem to work. Check out the permissions now:
james@opensolaris:/rpool/test# ls -al test.txt
-rwxrwxrwx+ 1 nobody staff 0 Dec 17 10:38 test.txt
Looks good on the Windows side as well:
idmap might not be especially exciting in a home environment, but it does work quite well when integrated into an AD infrastructure. More on that in a future post.
One last thing: ZFS snapshots are recognized by Windows as well:
