Manage CIFS Shares

Query Status of CIFS Services

Display the status of the CIFS service.

Command

syscli ‑‑getstatus cifs

Example Output

CIFS status = disabled (unconfigured)

Details:

NMB daemon not running

SMB daemon not running

Query CIFS Settings

Query CIFS server settings. You can query a single setting OR all settings.

Command

syscli ‑‑get smbsetting ‑‑oplocks | ‑‑dbglevel | ‑‑ldapsigning | ‑‑maxprocesses | ‑‑clientntlmv2auth | ‑‑serversigning | ‑‑strictwritethrough | ‑‑all}

Command Attributes

Review the following attribute descriptions.

`‑‑get smbsetting`	Queries the specified settings of the CIFS server.
`‑‑oplocks`	Queries various oplocks settings.
`‑‑dbglevel`	Queries the debug level setting in the CIFS server.
`‑‑ldapsigning`	Queries the LDAP client signing setting: `client ldap sasl wrapping`.
`‑‑maxprocesses`	Queries the limit on the number of Samba processes: `max smbd processes`.
`‑‑clientntlmv2auth`	Queries the NTLMv2 login setting: `client NTLMv2 auth`.
`‑‑strictwritethrough`	Queries the strict write through setting.
`‑‑all`	Queries all global and pre-share CIFS settings.

Change CIFS Settings

Change CIFS server settings.You can change a single setting at a time.

Command

syscli ‑‑set smbsetting {‑‑oplocks yes|no} | {‑‑dbglevel <n>} | {‑‑ldapsigning disabled|enabled} | {‑‑maxprocesses <max_smbd_processes>} | {‑‑clientntlmv2auth yes|no} | {‑‑serversigning disabled|enabled}} | {‑‑strictwritethrough yes|no}}

Command Attributes

Review the following attribute descriptions.

`‑‑set smbsetting`	Changes the specified CIFS server settings.
`‑‑oplocks yes\|no`	Changes the kernel oplocks setting in CIFS. In an unstable network environment, you should set the the kernel oplocks setting to `no`.
`‑‑dbglevel <n>`	Changes the debug level to a nonnegative number (`<n>`). The higher the value, the more verbose the log files are. A value of zero gives minimum logging (for errors only).
`‑‑ldapsigning disabled\|enabled`	Enables or disables LDAP client signing. You must enable this setting if the LDAP server signing is enabled on the ADS domain server. Otherwise, disable this setting. For more information on how to enable LDAP server signing on the ADS domain server, see Microsoft documentation at: http://support.microsoft.com/kb/935834.
`‑‑maxprocesses <max_smbd_processes>`	Changes the maximum number of Samba processes at any given time. By default, the limit is 100.
`‑‑clientntlmv2auth yes\|no`	Changes NTLMv2 login setting to `yes` or `no`. By default, this setting is set to `yes`. Do not change the default setting unless the domain group policy on the ADS domain is set to exclusively use the older NTLM (v1).
`‑‑serversigning disabled\|enabled`	Changes the server signing setting to `disabled` or `enabled`.
`‑‑strictwritethrough`	Changes strict write through setting to `yes` or `no`.

Delete a Share Administrator

Remove the share admin rights from an existing share administrator.

Command

syscli ‑‑del shareadmin ‑‑name <domain_user_or_group_name>

Command Attributes

Review the following attribute descriptions.

‑‑del shareadmin

Reomves share administrator privileges from the specified user/group .

‑‑name <domain_user_or_group_name>

You must enter the domain name after the ‑‑name option, and then enter the name of the specific user or group, as follows:

‑‑name <domain_name>\<user_or_group_name>

If you are typing in a shell, make sure to type the backslash twice.

Example

If the domain name is quantum.com and the user is joe, type the following command at the shell prompt:

syscli ‑‑del shareadmin ‑‑name quantum\\joe

Delete All Share Administrators

Remove the share administrator rights from all domain users or groups previously granted this privilege, with the exception of the built-in domain admins group. If you specify the --sure option, the CLI executes the command without prompting for confirmation.

Command

syscli ‑‑deleteall shareadmin [‑‑sure]

List Workgroup Users

List of workgroup users created for your system.

Command

syscli ‑‑list user [‑‑name <username> |‑‑namematch <pattern>]

Command Attributes

Review the following attribute descriptions.

‑‑list user

Lists workgroups users.

‑‑name <username>

If you use this option, only information for the specified user name is listed.

‑‑namematch <pattern>

If you use this option, only workgroup users whose names match the specified pattern are listed. The wild characters ^ and $ are supported as follows:

^xxx – Matches pattern xxx at the start of names
xxx$ – Matches pattern xxx at the end of names
Because $ is special to the shell, remember to escape the character with a backslash (\) because it is special to the shell.
Example
To list all shares ending with test in the names, enter the following command:
syscli ‑‑list user ‑‑namematch test\$

Add Workgroup Users

Add a workgroup user if the system is joined to a workgroup.

Command

syscli ‑‑add user ‑‑name <username> [‑‑password <user_password [‑‑desc <description>] [‑‑admin]

Command Attributes

Review the following attribute descriptions.

`‑‑add user`	Adds a user to a workgroup.
`‑‑name <username>`	Enter the user name to assign to the workgroup user.
`‑‑password <user_password>`	Enter the password for the workgroup user account. You can choose not to supply the password on the command line. In this case the CLI prompts you for the password and does not echo the response for security purposes. A password is required when creating a workgroup user.
`‑‑desc <description>`	If you use this option, a description for the workgroup user.
`‑‑admin`	Grants the workgroup user administrative rights.

Edit Workgroup Users

Modify a workgroup user's attributes.

Command

syscli ‑‑edit user ‑‑name <workgroup_user_name> [‑‑password <user_password>] [‑‑desc <description>] [‑‑admin enabled|disabled]

Command Attributes

Review the following attribute descriptions.

`‑‑edit user`	Edits a workgroup user's attributes.
`‑‑name <workgroup_user_name>`	Enter the name of the workgroup user. You cannot edit the workgroup user name.
`‑‑password <user_password>`	Edit the password for the workgroup user account.
`‑‑desc <description>`	Edit the description for the workgroup user.
`‑‑admin enabled\|disabled`	Edit the admin attribute for the workgroup user, either enabling or disabling administrative rights.

Delete a Workgroup User

Delete an existing workgroup user. The user will no longer exist in the local Linux user database as well as Samba password database.

Command

syscli ‑‑del user ‑‑name <workgroup_user_name>

Delete All Workgroup Users

Delete all existing workgroup users. If you specify the --sure option, the CLI executes the command without prompting for confirmation.

Command

syscli ‑‑deleteall user [‑‑sure]

List Share Users

Display a list all workgroup users that have access to the specified CIFS share. If the returned list is empty, it means all workgroup users are allowed read-write access to the specified share.

Command

syscli ‑‑list shareuser ‑‑share <share_name>

Example Output

Total count = 1

[User = 1]

Username = userone

Access Rights = rw

Add Share Users

Grant an existing workgroup user the right to access the specified CIFS share.

By default, a CIFS share is created with an empty initial share access list if the server is joined to a workgroup. When the share access list is empty, all workgroup users are allowed read-write access to it. Use this command to add a workgroup user to the share access list of the specified CIFS share. As soon as the share access list contains workgroup user names, only these users have access to the share.

Command

syscli ‑‑add shareuser ‑‑share <CIFS_share_name> ‑‑user <username> [‑‑rw]

Command Attributes

Review the following attribute descriptions.

`‑‑add shareuser`	Adds a workgroup user to the share access list for the specified CIFS share.
`‑‑share <CIFS_share_name>`	Enter the name of the CIFS share to which you are granting access.
`‑‑user <username>`	Enter the name of the user to whom you are granting access.
`‑‑rw`	If you specify this option, the user is allowed complete read-write access to the specified share. However, the effective access rights depend on the share access mode. If the share is read-only, all users can only have read-only access regardless of their settings. By default, the user has read-only access to the share.

Delete a Share User

Remove a workgroup user's right to access the specified CIFS share.

Note: When the last workgroup user is deleted from a CIFS share, the share access list of the specified share is empty, which means the share now allows read-write access to all workgroup users.

Command

syscli ‑‑del shareuser ‑‑share <share_name> ‑‑user <username>

Command Attributes

Review the following attribute descriptions.

`‑‑del shareuser`	Removes a workgroup user's access from the specified CIFS share.
`‑‑share <share_name>`	Enter the name of the CIFS share from which you are removing user-access.
`‑‑user <username>`	Enter the name of the user from whom you are removing access.

Delete All Share Users

Remove all workgroup user rights in accessing the specified CIFS share. If you specify the --sure option, the CLI executes the command without prompting for confirmation.

Note: When all workgroup users are deleted from a CIFS share, the share access list of the specified share is empty, which means the share now allows read-write access to all workgroup users.

Command

syscli ‑‑deleteall shareuser ‑‑share <share_name> [‑‑sure]