Skip to end of metadata
Go to start of metadata


Captured from the email with subject:
 SMB server is now "zone-aware"
Date: Apr 28, 2015 


You can now run the native SMB service in a zone, as of this commit today:
8622ec4569457733001d4982ef7f5b44427069be

For most purposes, SMB server administration within a (non-global)
zone should look the same as it does in the global zone.  Windows
environments will view each zone as an entirely separate machine, with
it's own workgroup or domain membership etc.

There's just one major limitation: (that I know about:-)

While the SMB server is now "zone-aware", the share manager code is
not yet zone-aware.
What that means is: until sharemgr is also zone-aware, the convenient
method of defining SMB shares using "zfs set sharesmb=name=foo
dataset" works only in the global zone.  However, in a non-global zone
you can define SMB shares using "sharmgr(1M)".  For example:

    sharemgr create -P smb tsgrp
    sharemgr add-share -r foo -d "foo in zone tsmb" -s /foo tsgrp

In this case /foo is a ZFS dataset that I've delegated to this zone.
(See zonecfg(1M) for details on how to do that.)  Here's my zonecfg:

    root@gwr1oi:~# zonecfg -z tsmb export
    create -b
    set zonepath=/rpool1/zones/tsmb
    set brand=ipkg
    set autoboot=false
    set limitpriv=default,sys_smb
    set ip-type=shared
    add net
    set address=10.10.0.112/23
    set physical=e1000g0
    set defrouter=10.10.0.1
    end
    add dataset
    set name=rpool1/zones/tsmb/foo
    end


This work was a long time coming (three years for some of it).  Thanks
to everyone who helped get this ready for integration, including
everyone listed in the commit message, and probably others I've
forgotten to mention.

commit 8622ec4569457733001d4982ef7f5b44427069be
Author: Gordon Ross <gwr@nexenta.com>
Date:   Wed Dec 7 00:03:44 2011 -0500

    1527 SMB server in non-global zones

    Reviewed by: Dan McDonald <danmcd@nexenta.com>
    Reviewed by: Stepan Zastupov <stepan.zastupov@gmail.com>
    Reviewed by: Albert Lee <trisk@nexenta.com>
    Reviewed by: Thomas Keiser <thomas.keiser@nexenta.com>
    Approved by: Garrett D'Amore <garrett@damore.org>

Thanks,
Gordon Ross
 

Labels:
  1. Oct 21, 2016

    Q/A from a SmartOS user:

    Is there anything else required to make this function?

    https://github.com/joyent/smartos-live/issues/443 
    is an attempt to get this working in a 
    zone but the following error is returned:

    > [ May 11 16:35:22 Method "start" exited with status 95. ]
    > [ May 11 16:35:43 Enabled. ]
    > [ May 11 16:35:48 Executing start method ("/usr/lib/smbsrv/smbd start"). ]
    > smbd: NetBIOS services started
    > smbd: kernel bind error: Not owner
    > smbd: daemon initialization failed
    > [ May 11 16:35:48 Method "start" exited with status 95. ]

    Answer:

    The bind error is probably because the zone is missing some
    required privilege like: PRIV_SYS_SMB