Tuesday, July 8, 2008

CIFS share with real-time virus scanning in OpenSolaris.

I had a question the other day about NAS and I reply with OpenSolaris.
So I thought it would be a good idea to document the whole process here..
As always see docs.sun.com for proper documentation on the subject, here:
http://docs.sun.com/app/docs/doc/820-2429

I will be setting up the share in 'Workgroup' mode.

First we need to add in the missing bits:
$pfexec pkg install SUNWsmbs
$pfexec pkg install SUNWsmbskr
$pfexec pkg install SUNWvscankr
$pfexec pkg install SUNWvscanr
$pfexec pkg install SUNWvscanu

Next, start up the service:
$pfexec svcadm enable -r smb/server

..And of course join a workgroup:
$smbadm join -w workgroup-name

N.B. CIFS does not support UNIX or NIS style passwords. The SMB PAM module is required to generate CIFS style passwords. When the SMB PAM module is installed, the passwd command generates additional encrypted versions of each password that are suitable for use with CIFS.

Add the following line to the end of the /etc/pam.conf file to support creation of an encrypted version of the user's password for CIFS.

$pfexec echo "other password required pam_smb_passwd.so.1 nowarn" >> /etc/pam.conf

Note - After the PAM module is installed, the passwd command automatically generates CIFS-suitable passwords for new users. You must also run the passwd command to generate CIFS-style passwords for existing users.

$pfexec passwd username

Now the ZFS part; to enable a share on a ZFS FS then its simply:

$pfexec zfs set sharesmb=on fsname

Turn RT-AntiVirus scanning on {more info to come} http://opensolaris.org/os/project/vscan/ :

$pfexec zfs set vscan=on fsname

Make some useful shares ..

$pfexec zfs create -o casesensitivity=mixed -o nbmand=on -o sharesmb=on fsname/music
$pfexec zfs create -o casesensitivity=mixed -o nbmand=on -o sharesmb=on fsname/photos
$pfexec zfs create -o casesensitivity=mixed -o nbmand=on -o sharesmb=on fsname/movies
$pfexec zfs create -o casesensitivity=mixed -o nbmand=on -o sharesmb=on fsname/backups

You can down verify your shares by doing:

$pfexec sharemgr show -vp

To access the share, connect to \\solaris-hostname\share-name

*Please do comment on anything I may of missed or needs more work.
Thanks,

~
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)