How to create a persistent password to be used by a SMB client in a Solaris 11 non-global zone (Doc ID 2068195.1)

Last updated on APRIL 20, 2023

Applies to:

Goal

Depending on the configuration of a SMB File Sharing environment, the mount_smbfs(1M) command on a Solaris SMB client may need to authenticate at the SMB server by using a username, and providing the password for that user, when mounting a filesystem from the server.

If a SMB filesystem shall become automatically mounted at boot time, it needs an entry in the vfstab(4) file of the system. During this process the password for the user needs to get provided to the mount operation without any manual intervention, and so may not prompt to manually enter the password. This is called a persistent password.

Such persistent passwords may get created and stored in a secure way, by using the command smbadm(1M) with the sub command "add-key".
As part of the SMB server feature the smbadm(1M) command may only get used in the global zone on a system, because the SMF server is only available in the global zone, but not in a non-global zone on a system.

That's the reason why the smbadm command fails and does display the message "cannot execute in non-global zone", when using that command in a non-global zone.

The SMB client feature is also available in non-global zones on Solaris 11.
If a non-global zone shall automatically mount a SMB filesystem at boot time, the persistent password that is needed to authenticate that mount operation, does also need to exist in the non-global zone.

This document provides an example to create and store a persistent password of a user for that purpose in non-global zones in Solaris 11.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.