As Good A Place As Any

Tim Thomas's Blog

Saturday Aug 25, 2007

SAMBA and SWAT in Solaris 10 Update 4 (Solaris 10 8/07)

I have previously blogged on how to enable SAMBA and SWAT as shipped with Solaris 10.

In Solaris 10 Update 4 (AKA Solaris 10 8/07 - available real soon now) Sun is shipping SAMBA 3.0.25a, and for the first time we are supporting SAMBA's Active Directory Service (ADS) integration.

What caught me out when I installed this new release of Solaris was that the way you stop and start SAMBA and SWAT have changed.

SAMBA processes are now managed using the Service Management Facility (SMF). You configure SAMBA as before, but to start the services you type:

root# svcadm enable samba wins

To stop SAMBA.........

root# svcadm disable samba wins

To check the status of the services....

root# svcs samba wins
STATE          STIME    FMRI
online         Aug_24   svc:/network/samba:default
online         Aug_24   svc:/network/wins:default

To enable SWAT you no longer have to edit any files, you just enable the service as below...

root# svcadm enable swat

And here is how to check the status of the service...

root# svcs swat
STATE          STIME    FMRI
online         Aug_23   svc:/network/swat:default

You still connect to SWAT on port 901, just point your browser at http://servername:901.


Is there anything new about working ZFS NFSv4 ACL support in Samba?
3.0.25a is still missing ZFS ACL support.

Posted by Thorleif Wiik on August 25, 2007 at 09:07 PM BST #

Hi Thorleif, ACL support on NFSv4/ZFS is fixed in the 3.0.25a build we are shipping.

This is the full feature set that the owner of the Sun SAMBA build sent me:

1 - ADS (Active Directory Services) support
2 - ACL support on NFSv4/ZFS is fixed
3 - samba is moved under the SMF(5)

Rgds, Tim

Posted by Tim Thomas on August 25, 2007 at 09:20 PM BST #

Any idea when Solaris 10 Update 4 will be released? I am trying to use samba in combination with nfsv4 acl's(zfs) and ads support on a fresh x4500 but I have many compilation issues while trying to do so..

Posted by Stan on August 28, 2007 at 03:08 PM BST #

Hi Stan, I have just been told that Solaris 10 Update 4 will be released in a couple of weeks. That will be downloads only, media comes later. Rgds, Tim

Posted by Tim Thomas on August 28, 2007 at 03:43 PM BST #

Any hope that the release will have x86?

Any hope it will have some device support?

I've spent half the summer trying to get a samba server up on a Dell box, with no success. I know it's my own fault for wanting to use esoteric things like disk drives and scsi tape :(

Posted by Keith on August 28, 2007 at 11:51 PM BST #

Problem is that samba 3.0.25c doesn't contain nfsv4 acl's for zfs yet and I have to rollout a x4500 with cifs and acl's. Is there a way to participate in a preliminary program somehow?

Posted by Stan on August 29, 2007 at 12:28 PM BST #

Keith, I cannot speak to what devices are supported in S10 U4 - I am a storage person, I don't work in the Solaris Group - but I can say that it releases on x86 and SPARC as i have been running it on both. Rgds, Tim

Posted by Tim Thomas on August 29, 2007 at 01:05 PM BST #

Let me please some notes to the discussion above:

- vfs_zfsacl.c - module handling the ACL on ZFS was accepted by samba community to be released in the samba-3.0.26 where adopting the GPLv3 as the main goal for the new release was samba-3.0.26 source sub-tree renamed to samba-3.2.0 so this module is in development source trunk and was not released yet by the community. Only the source released version can be found in copy on in SFW source consolidation. This module will be binary-released in "Solaris 10 update 8/07" currently is also binary-available in "Solaris Express Community Edition" (please note: all known issues are fixed in build 72 where build 70 is currently the latest available)

- Solaris 10 update 8/07 (aka. S10U4) (GA) release is planned for Sept. 20-th I think and I hope I will also have the patch for the issues which I will not fixed in the S10U4 yet as: special-ace handling and "rid" and "ad" idmap backends.

Posted by Jiri Sasek on August 29, 2007 at 02:12 PM BST #

Thanks for your excellent answer! I'll have a look at samba 3.2.0 right away.

Posted by Stan on August 29, 2007 at 02:52 PM BST #

To (hopefully) clarify - native ADS integration is (finally) in u4 (so no more having to mess around with openldap and MIT krb5 (yeah!!)) .. and the ZFS ACL fix in u4 build 09 should be predating the official samba release (hence a binary release) - there's further syncs with the samba svn tree which gets to be a minor licensing hassle as they decided to adopt the GPLv3 license in early July ..

It looks like nevada 70b will be the next Solaris Express Developer Edition (SXDE) which should also drop shortly and should also have the ZFS ACL fix, but to find the full source integration you have to look in snv_72

Jiri's been doing an incredible job bridging the divide and interfacing with the samba community at large, and in typical sun fashion we've also got parallel projects going on in various states of [dis]array with the smbfs darwin port in the CIFS project, and more AD integration in the winchester project

Posted by jon e on August 29, 2007 at 07:12 PM BST #

Update 4 is out today. Great work, fellas.

Posted by Dick Davies on September 04, 2007 at 02:50 PM BST #

Good work on update 4. However the samba 3.0.25a version has problems with offline files. I am looking for a simple way to upgrade to 3.0.25b, which fixes this problem.

Posted by Siegfried Leonard on September 19, 2007 at 12:02 PM BST #

[Trackback] In Tim Thomas’s Blog kann man Neuigkeiten über Samba auf Solaris lesen. Zum Solaris 10 u4 bzw. 8/07 liefert Sun die Samba-Version 3.0.25a aus. Folgende Änderungen sind darin u.a. enthalten: Unterstützung von ADS Integration Samb...

Posted by Otmanix Blog on September 25, 2007 at 09:19 PM BST #

Sun is working on a patch to deliver 3.0.25b. I don't know the schedule yet. Rgds, Tim.

Posted by Tim Thomas on September 27, 2007 at 12:48 PM BST #

Solaris 10 U4 samba seems to have problem with "passwd program" option. If I set it to smbldap-passwd, it doesn't work. I get this error in the log with high debug:
expect: expected [Changing password for*
New password*] received [could not read default terminal attributes on pty
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1.

This configuration works with samba from blastwave, but that samba has other issues.

I checked the source code at, but this code hasn't changed for ages. It must be something else.

Google returns also only one case and that one is recent (sep/oct) also on Solaris 10, so it seems its a isolated problem.

Are you aware of this problem? Is there any known workaround?

Posted by Damien on October 21, 2007 at 07:23 PM BST #

Hi, I am sorry, but I don't know SAMBA in this depth. You need to log a support call with Sun to get help on this. Rgds, Tim

Posted by Tim Thomas on October 23, 2007 at 08:36 AM BST #

Hmm, I seem to have issues with "net ads join". I can successfully join a domain, but a keytab is never written.

Posted by Josh Lange on November 03, 2007 at 11:55 PM GMT #

Post a Comment:
  • HTML Syntax: NOT allowed
A Day At The Seaside