the domain option should be too old because I don't even remember having this option :)
In order to get authenticated in a domain, CIFS server should be a member of that domain using "smbadm join". Some Kerberos and DNS configuration is needed before you can join a domain so take a look at the following section in the CIFS administration guide: http://docs.sun.com/app/docs/doc/820-2429/configuredomainmodetask?a=view [link to the PDF version: http://dlc.sun.com/pdf/820-2429/820-2429.pdf] There is no way to hide shares, although I don't understand why you wouldn't want to see them?! The whole purpose of typing \\computername is to get a list of exported shares on that system!! Afshin Ryland DuFour wrote:
Excellent! Upgraded to build 133 yesterday. I had wanted to do that anyway so thanks for the push. Your suggestion worked perfectly. I started digging into "sharectl" a bit more and saw what looks like older documents that said using: #sharectl set -p domain=DOMAIN.COM smb would force any authentication to that domain. I don't see that as an option in build 133. How would I do this now? Also, any way to hide the shares once they are created so when I go to \\computername and authenticate I don't see the shares? Thanks, you have been a big help. ________________________________________ From: alan.m.wri...@sun.com [alan.m.wri...@sun.com] On Behalf Of Alan M Wright [...@sun.com] Sent: Tuesday, March 09, 2010 2:30 AM To: Ryland DuFour Cc: cifs-discuss@opensolaris.org Subject: Re: [cifs-discuss] CIFS AD and UNC On 03/08/10 19:22, Ryland DuFour wrote: > I have opensolaris 2009.06 joined to AD. I recommend that you upgrade. 2009.06 was not a good vintage for SMB. # pfexec pkg set-publisher -O http://pkg.opensolaris.org/dev opensolaris.org # pfexec pkg image-update > ... I have to supply credentials to map the drives. > What I can't figure out, is why when I use a UNC path to > my server \\servername, any user from any workgroup or other > domain in my network can see all of the shares on the solaris > server. I would think that just trying to get to the root at > \\servername would still prompt for credentials. > Thanks for the help By default, any user can get a list of shares over SMB; no authentication is required. To change that: restrict anonymous access, create a local account called guest and set a password. # sharectl set -p restrict_anonymous=true smb # useradd guest # passwd guest New Password: ... Re-enter new Password: ... passwd: password successfully changed for guest Alan _______________________________________________ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
_______________________________________________ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
