novcifs - A command line utility that communicates with the cifsd daemon. You must be logged in as root to use novcifs.
novcifs [options]
[-sl, --share --list]
[-sln SHARENAME, --share --list --name=SHARENAME]
[-sap PATH -n SHARENAME -c COMMENT, --share --add --path=PATH --name=SHARENAME --comment=COMMENT ]
[-srn SHARENAME, --share --remove --name=SHARENAME]
[-sap PATH -n SHARENAME -c COMMENT -v VIRTUALSERVERFDN, --share --add --path=PATH --name=SHARENAME --comment=COMMENT --vserver=VIRTUALSERVERFDN]
[-srn SHARENAME -v VIRTUALSERVERFDN, --share --remove --name=SHARENAME --vserver=VIRTUALSERVERFDN]
[-s --enable-encryption=yes|no -n SHARE-NAME, --share --enable-encryption=yes|no --name=SHARE-NAME]
[-s --folder-redirection=yes|no -n <share_name>]
[-e yes|no, --guest-login=yes|no]
[-a -D DNSNAME -I IPADDR, --add --dns-name=DNSNAME --ip-addr=IPADDR]
[-r -D DNSNAME -I IPADDR, --remove --dns-name=DNSNAME --ip-addr=IPADDR]
[-g yes|no|optional|force, --enable-smbsigning=yes|no|optional|force]
[-e yes|no, --add --dns-name=DNS_NAME --ip-addr=IP_ADDR]
[-C | --Conn]
[-av VIRTUALSERVERFDN -I VIRTUALSERVERIP, --add --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]
[-rv VIRTUALSERVERFDN -I VIRTUALSERVERIP, --remove --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]
[-o | --oper-params]
[-g yes|no|optional|force, --enable-smbsigning=yes|no|optional|force]
[-L 0|4|5, --lm=0|4|5]
[-y [yes|no]]
[-k [SDIRCACHE | DIRCACHE | FILECACHE]=value, --set-cache SDIRCACHE | DIRCACHE | FILECACHE = value]]
[-t [yes|no]]
[-S yes|no]
[--enable-range-lock-mask=yes|no]
[--csc= 0|1|2|3]
[-UT TIMEOUT-PERIOD, --block-invalid-users --timeout-period=TIMEOUT-PERIOD]
[-Uan USER-NAME, --block-invalid-users --add --name=USER-NAME]
[-Urn USER-NAME, --block-invalid-users --remove --name=USER-NAME]
[-Ul, --block-invalid-users --list]
[--dynamic-fid-pool=yes|no]
[-d fh, --dump-statistics=fh]
[-d fp, --dump-statistics=fp]
[-d dc, --dump-statistics=dc]
[--info-level-passthru=yes|no]
[--list-servers]
[--share-vols-default=SERVER_NAME --value=yes|no]
[--dialect=SMB|SMB2|SMB3]
[--user-quota-sync <primary_volume>]
[--user-quota-sync <primary_volume> --percent <percentage>]
[--change-notify yes|no]
[--enum-shares-over-nullsession=yes|no]
[--check-share-visibility-rights=yes|no]
[--oplock-break-ack-timeout=<time in seconds>]
[--negotiate-ntstatus=yes|no]
[--dfs-support=yes|no]
[--dns-suffix=DNS-SUFFIX]
[--display-user-addr=yes|no]
[--alternate-data-stream-enabled=yes|no]
[--disable-smbv1-sessions=win-mac|mac|none|all]
[--encrypt-data=yes|no]
[--reject-unencrypted-access=yes|no]
[--log-level error|debug|info]
[--dos-names=yes|no]
[--disable-ntlmssp=yes|no]
[--block-unmanaged-cis-reads=yes|no]
[--leasing=yes|no]
[--directory-leasing=yes|no]
novcifs [-sl | --share --list]
Lists all the available share points.
novcifs [-sln SHARENAME | --share --list --name=SHARENAME]
Displays details of a specific share point.
novcifs [-sap PATH -n SHARENAME -c COMMENT | --share --add --path=PATH --name=SHARENAME --comment=COMMENT]
Adds a new share point.
Example:
novcifs -sap CIFSV:/home/user1 -n user1home -m 0 -c "User1 home directory"
novcifs -sap CIFSV: -n volumeshare -m 0 -c "Volume share"
novcifs [-srn SHARENAME | --share --remove --name=SHARENAME]
Removes an existing share point.
Example:
novcifs -srn user1home
novcifs [-sap PATH -n SHARENAME -c COMMENT -v VIRTUALSERVERFDN | --share --add --path=PATH --name=SHARENAME --comment=COMMENT --vserver=VIRTUALSERVERFDN]
Adds a new share point on a clustered volume.
Example:
Assuming the resource name of the clustered volume SHAREDV is .cn=PROJECT.ou=CL1.ou=Service.o=CT.t=NOVELL
novcifs -sap SHAREDV:/home/user1 -n user1home -m 0 -c User1 home directory -v PROJECTS.CL1.Service.CT.NOVELL
novcifs [-srn SHARENAME -v VIRTUALSERVERFDN | --share --remove --name=SHARENAME --vserver=VIRTUALSERVERFDN]
Removes an existing share point.
Example:
novcifs -srn user1home -v PROJECT.CL1.Service.CT.NOVELL
-s --enable-encryption yes | no -n SHARE-NAME, --share --enable-encryption=yes|no --name=SHARE-NAME
Enables or disables the encryption at the share level. If encryption is enabled at global level using the option --encrypt-data=yes|no, you need not enable encryption again at the share level. You can use this option to enable encryption for a specific share when encryption is disabled at global level. If this option is enabled, all the sessions established from the clients, which support encryption, to the specified share are encrypted. By default, this option is disabled.
Example:
novcifs -s --enable-encryption yes -n VOL1 enables SMB encryption for the share named VOL1.
-s --folder-redirection=yes|no -n <share_name>
Enables or disables the file share to host the redirected folders. By default, this option is disabled.
novcifs [-e yes|no | --guest-login=yes|no]
Enables or disables guest user login.
novcifs [-a -D DNSNAME -I IPADDR | --add --dns-name=DNSNAME --ip-addr=IPADDR] novcifs [-r -D DNSNAME -I IPADDR | --remove --dns-name=DNSNAME --ip-addr=IPADDR]
This option associates DNS names with cluster resource IP address in the CIFS server. You can assign more than one DNS name to the same cluster resource and access it using the CIFS client.
novcifs [-C | --Conn]
Displays the number of active connections.
novcifs [-av VIRTUALSERVERFDN -I VIRTUALSERVERIP | --add --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]
Adds a virtual server to CIFS.
novcifs [-rv VIRTUALSERVERFDN -I VIRTUALSERVERIP | --remove --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]
Removes a virtual server from CIFS.
novcifs [-o | --oper-params]
This option displays the current settings of the CIFS server.
novcifs [-g yes|no|optional|force | --enable-smbsigning=yes|no|optional|force]
Enables or disables the SMB signature.
This is an add-on functionality. By default, it is disabled.
novcifs [-L 0|4|5| --lm=0|4|5]
This option sets the LAN Manager authentication level.
By default, the LMCompatibilityLevel is set to 0.
novcifs -y [yes|no]
Enables CIFS to search for the user in the entire base context.
novcifs -k [SDIRCACHE | DIRCACHE | FILECACHE] = value | --set-cache SDIRCACHE | DIRCACHE | FILECACHE = value]
Changes the cache value. The following are the default cache values:
novcifs [-t yes|no]
Enables or disables auditing.
IMPORTANT:Ensure that the novell-vigil service is running before you enable this option.
novcifs [-S yes|no | --sync=yes|no]
Enables or disables file synchronization. This parameter ensures that all the data previously written to a CIFS share has been written to the disk.
novcifs [--compression=yes|no]
Enables or disables the compression of files as they transfer over the network.
novcifs [--enable-range-lock-mask=yes|no]
Enables or disables range lock masking behavior.
IMPORTANT:If you enable or disable this parameter, make sure you restart the CIFS server using the rcnovell-cifs restart or systemctl restsrt novell-cifs.service command in order for the changes to take effect.
By default, range lock masking is enabled.
novcifs [--csc= 0|1|2|3]
Enables or disables client-side caching feature, which can be used to store frequently used information on the client's machine.
By default, client-side caching is disabled.
CIFS is now able to cache the invalid user logins for a specific timeout period. Further authentication requests from the same user name will be ignored based on the configured timeout period. By default, caching the invalid user logins is enabled.
novcifs [-UT TIMEOUT-PERIOD | --block-invalid-users --timeout-period=TIMEOUT-PERIOD]
Specifies the amount of time a user should be considered as invalid to ignore authentication requests. Specify the timeout period in minutes. The range should be between 0 and 525600.
novcifs [-Uan USER-NAME | --block-invalid-users --add --name=USER-NAME]
Adds the specified user to the list of default invalid users whose authentication requests need to be ignored permanently.
novcifs [-Urn USER-NAME | --block-invalid-users --remove --name=USER-NAME]
Removes the specified user from the list of cached invalid users to start considering authentication requests.
novcifs [-Ul | --block-invalid-users --list]
Lists all the cached invalid users whose authentication requests are currently ignored.
NOTE:Use special USER-NAME "MachineAccounts" to add machine accounts ending with the $ symbol as default invalid users. But, if there are valid user names ending with the $ symbol, then do not use the special USER-NAME "MachineAccounts". When "MachineAccounts" is added as default invalid users, if a machine account tries to log in as an eDirectory user, the authentication request is denied. If it tries to log in as an Active Directory user, the tree connect request is denied.
Adding "MachineAccounts" to the permanent list of blocked user accounts makes cifsd service to deny Session Setup requests for computer accounts, without attempting to resolve or find the account in eDirectory which prevents exhaustion of eDirectory, when repetitive SMB authentication requests for a computer account is generated by Windows (background) processes that run as Local System account.
This makes cifsd service to deny the Tree Connect requests from Active Directory computer accounts without verifying the effective rights of such accounts with NSS, which prevents file system access performance degradation when repetitive attempts to access a CIFS share are generated by Windows (background) processes that run as Local System account.
This also avoids error messages in cifs log related to access failures for computer accounts.
Enables CIFS to increase the file id pool from 65k to 600k. By default, this option is disabled.
novcifs [--dynamic-fid-pool=yes|no]
Dumps statistics of Linux file handles opened.
novcifs [-d fh | --dump-statistics=fh]
Dumps statistics of Linux file handles and CIFS protocol file Ids opened.
novcifs [-d fp | --dump-statistics=fp]
Dumps cache statistics used to store file and directory names.
novcifs [-d dc | --dump-statistics=dc]
novcifs --get-health-status
Displays the health status of CIFS service. If the status is unhealthy, then the cause for the status is also displayed with the status.
With the file monitoring options you can view details of open files and close open files within a volume, by connection and file handles associated with a file. For more information, see Section 6.0, CIFS Monitoring and Management.
Enables or disables the pass-through information levels capability on the server.
The option is disabled by default. Enabling this option can cause differences in client behavior. Restart the CIFS server any time you modify this option.
novcifs [--info-level-passthru=yes|no]
How does enabling this option impact the client behavior?
The pass-through information levels capability exposes additional information levels as part of the CIFS protocol.
When the capability is enabled, Windows 7 starts using the new information levels - sends different verbs. No visible end user impact.
When should you enable it?
You want to do a multi-select and copy of large files from Finder on Mac clients to OES servers. The sequence of calls Finder performs for this operation causes problems if the pass through capability is not enabled.
Enabling this option also improves Web download experience to a CIFS Share on Mac Clients.
In releases earlier than OES 2015, all mounted NSS volumes are exported as shares by default when the CIFS service is started. The name of the share is the same as the corresponding volume name. If a user removes a default share using the novcifs command or iManager, it will once again be exported as a share if the CIFS service is restarted.
In OES 2015 (or later), this behavior can be modified by setting the value of the nfapCIFSShareVolsByDefault attribute of the NCP server object to false. This prevents any default shares that were removed from being shared again if the server is restarted or if the resource is migrated. This setting can be modified using the novcifs command.
The setting to control whether volumes are shared by default is specific to each physical and virtual CIFS server. Different physical and virtual servers running on an OES host can behave differently in terms of how they share volumes by default, depending on the value of the setting for each server.
With the new command option introduced in novcifs, the administrator can choose to export all mounted volumes as shares, or export only the specified volumes as shares.
novcifs [--list-servers]
Lists the NetBIOS name and whether all NSS volumes are exported as shares by default for each CIFS server on this system. Returns an entry for each physical and virtual server running on this system.
novcifs [--share-vols-default=SERVER_NAME --value=yes|no]
Enables or disables all volumes being exported as shares by default.
SERVER_NAME: The NetBIOS name of one of the CIFS servers returned by the --list-servers command.
yes: Exports all the volumes belonging to <SERVER_NAME> as CIFS shares.
no: Exports only those shares specified by the CIFS administrator.
This option is enabled by default. When this option is disabled, no new volumes mounted will be shared; however, volumes that are already exported as shares will remain as shares until they are manually removed by the administrator. When this option is enabled, any new volume mounted will be exported, and after the CIFS service is restarted all mounted volumes will be exported as shares.
Limitation: This feature does not work for virtual servers in a cluster environment where non OES 2015 (or later) nodes exist.
Examples:
Viewing the list of physical and virtual CIFS servers and the "Share volumes by default" option for each server.
novcifs --list-servers List of CIFS servers: --------------------- LINUX-100-1_W - "Share volumes by default" attribute is enabled R1-CLUSPOOL1-W - "Share volumes by default" attribute is disabled
Disabling the "Share volumes by default" option.
novcifs --share-vols-default=LINUX-100-1_W --value=no Updating the Share Volumes By Default setting of the server completed successfully.
Enabling the "Share volumes by default" option.
novcifs --share-vols-default=R1-CLUSPOOL1-W --value=yes Updating the Share Volumes By Default setting of the server completed successfully.
Sets the highest dialect for the CIFS server to communicate with the clients. Toggling between the dialects may cause difference in server behavior. Restart the CIFS service any time you modify this option.
novcifs --dialect=SMB|SMB2|SMB3
SMB Sets the highest dialect supported to NT LM 0.12 (SMB v1).
SMB2 Sets the highest dialect supported to SMB 2.1 (SMB v2). SMB1 and SMB2 clients can connect to the server.
SMB3 Sets the highest dialect supported to SMB 3.00 (SMB v3). SMB1, SMB2, and SMB3 clients can connect to the server.
By default, SMB v3 option is enabled.
Beginning with OES 2018 SP3, the SMB v1 sessions are disabled by default. To enable all SMB v1 sessions, set the option --disable-smbv1-sessions=none.
Synchronizes the users quotas from the primary volume to the secondary volume of a DST shadow volume pair.
--user-quota-sync <primary_volume>
Duplicates all of the user quotas that are set currently on the specified primary volume to the secondary volume.
--user-quota-sync <primary_volume> --percent <percentage>
Duplicates all of the user quotas that are set currently on the specified primary volume as a specified percentage to the secondary volume. The percentage value must also be specified after the volume name.
A percent value of 100 is a one-to-one quota assignment. A percent value of 50 assigns a quota that is one-half the size of the quota set on the primary volume. A percent value of 200 assigns a quota that is twice the size of the quota set on the primary volume.
--change-notify yes|no
When enabled, the client gets notifications about the changes happening on the directory which is currently being browsed or used through the Windows Explorer or Mac finder. These notifications enable the client to automatically refresh the Windows Explorer or Mac finder. The users need not press F5 to get the updated view as they will always be viewing the actual contents of the file system.
The client will be notified when one or more of the following events occur: A file or a folder is created, deleted, renamed, or moved, and metadata is changed.
Impact of enabling file system change notifications: Along with responding to the client's requests, the file server will also have to notify about every change happening on the directory to the client even if the change was done by the same client. It does increase the load on server.
Performance can be sluggish particularly when multiple users accessing or operating on the same directory.
Impact of disabling file system change notifications: Certain applications like Windows Explorer (Windows), Mac Finder, etc., expect change notifications feature to be supported or enabled. Else they end up in continuously querying the server about changes with humongous number of requests per second. The client tries to pull changes from the server and this might impact the performance of the server.
However, you can also add or modify the following Windows registry keys on the Windows client side so as to not let the client continuously query about the changes on the server.
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Key 1: NoRemoteChangeNotify (DWORD type with value set to 1)
Key 2: NoRemoteRecursiveEvents (DWORD type with value set to 1)
NOTE:By doing so, users are be forced to press F5 to get the updated view or changes on the file system. In addition, the same registry settings have to be applied on all the client machines.
IMPORTANT:The SMB client on SLED machines does not support the Change Notifications feature. Therefore, the changes on the OES file system will not be automatically reflected in the file browsers such as Nautilus.
Similarly, all client platforms do not request the server to send change notifications if the users browse using the command line.
--enum-shares-over-nullsession=yes|no
Enables or disables enumeration of shares over a null session. By default enumeration of shares over a null session is enabled. If GUEST access is enabled, enumeration of shares over a null session is still allowed even if enum-shares-over-nullsession is disabled.
If --check-share-visibility-rights is enabled, it takes precedence and null sessions do not list any shares. Only shares with Public rights are displayed.
--check-share-visibility-rights=yes|no
Enables or disables the display of shares depending on the trustee rights of the user or group.
On enabling this option, an user can view only those shares (local or cluster resource) that he or she has trustee rights on and also the shares with Public rights. To view the shares a user must be added as a user or group trustee.
By default, this option is disabled.
--oplock-lease-break-ack-timeout=<time in seconds>
Specifies the amount of time in seconds the CIFS server waits for the client's response after sending a request to the client to release oplock or lease on a file.
Default: 30 seconds. Minimum: 5 seconds. Maximum: 30 seconds.
--negotiate-ntstatus=yes|no
Enables or disables negotiating NTSTATUS capability of the CIFS server.
If this option is enabled, server will set NTSTATUS capability bit in Negotiate Protocol response. This is required for certain SMBv1 clients to proceed with the session setup especially when extended security mechanisms are used. By default, this option is disabled. It is recommended to enable this option only when the client fails to connect to OES because of NTSTATUS capability.
If this option is enabled, CIFS server will set NTSTATUS capability bit during the negotiation phase. This is required for certain type of clients like printers to connect to the CIFS server using SMBv1 as the dialect. By default, this option is disabled. It is recommended to enable this option only when certain type of clients like printers fail to connect to the CIFS server.
--dfs-support=yes|no
Enables or disables DFS support for the CIFS server. By default, this option is disabled.
--dns-suffix=DNS-SUFFIX
Sets DNS suffix to be used in DFS referral target node server name. By default, target node server name is only the NetBIOS name without any DNS suffix.To clear the DNS suffix configuration, set an empty string.
--display-user-addr=yes|no
Enables or disables updation of client IP address details for the logged in user in the eDirectory user object. Before enabling this option, the common proxy user must be given write permission on the Network Address attribute at the user level or at the parent container level. By default, this option is disabled.
--alternate-data-stream-enabled=yes|no
Enables or disables the alternate data stream. By default, this option is disabled.
--disable-smbv1-sessions=win-mac|mac|none|all
Disables the SMB v1 session from the specified clients.
win-mac disables SMB v1 session from the Windows and Mac OS X clients.
mac disables SMB v1 session from Mac OS X clients.
none does not disable SMB v1 sessions from any of the clients.
all disables SMB v1 session from all clients.
NOTE:NURM and NFARM in Mac works only over SMB v1.
--encrypt-data=yes|no
Enables or disables the global level encryption, which is applicable to all the shares on the server. If this option is enabled, all the sessions established from the clients, which support encryption, to the server are encrypted. By default, this option is disabled.
Example:
novcifs --encrypt-data=yes enables SMB encryption for all the shares on the server.
[--preferred-cipher=AES-128-GCM|AES-128-CCM|AES-256-GCM|AES-256-CCM|NONE]
CIFS supports AES-256-GCM and AES-256-CCM cryptographic suites for SMB 3.1.1 encryption. The server negotiates these advanced cipher methods when connecting to the client. AES-128-GCM andAES-128-CCM cryptographic suites are still supported for SMB 3.1.1.
AES-128-GCM sets AES-128-GCM as a cipher for encryption.
AES-128-CCM sets AES-128-CCM as a cipher for encryption.
AES-256-GCM sets AES-256-GCM as a cipher for encryption.
AES-256-CCM sets AES-256-CCM as a cipher for encryption.
Example: novcifs --preferred-cipher=AES-128-GCM|NONE sets AES-128-GCM as prefered cipher.
SMB multichannel is an SMB3.0 feature that increases network performance and the availability of file servers. SMB multichannel operation is allowed by default over the network interface which holds the IP address used for mapping the share. Additional interfaces can be enabled for smb multi-channel operation using this option.
Enabling and Disabling SMB Multichannel:
novcifs --multi-channel={yes|no}
Enables or disables SMB multichannel operations.
Adding a multi-channel interface name:
novcifs --multi-channel-interface --add --interface-name=<NETWORK-INTERFACE-NAME>
Allows you to add additional interfaces for smb multi-channel operation.
Removing a multi-channel interface name:
novcifs --multi-channel-interface --remove --interface-name=<NETWORK-INTERFACE-NAME>
Allows you to remove an interface from smb multi channel support.
Displays the list of all the multi-channel interfaces:
novcifs --multi-channel-interface --list
Displays the list of all the interfaces which are enabled for smb multi channel operation.
--reject-unencrypted-access=yes|no
Enables or disables the unencrypted access to the shares exported by the server. If this option is disabled, the clients that do not support encryption can also access the encryption enabled shares. By default, this option is enabled.
Example:
novcifs --reject-unencrypted-access=no allows SMB clients that do not support encryption to access the encrypted shares.
--log-level error|debug|info
Sets the log level for the server to log messages in. By default, the log level is set to error.
error logs the critical, error, warnings, and events log.
debug logs all the debug, info, critical, error, warnings, and events log.
info logs all the info, critical, error, warnings, and events log.
--dos-names=yes|no
Enables or disables the DOS file name support. By default, this option is enabled. When this option is disabled, file operations using DOS file name is prevented. Disabling it improves the CIFS server performance especially during directory enumeration.
--disable-ntlmssp=yes|no
Disables or enables the NTLMSSP authentication. Setting this option to yes avoids the false NTLMSSP login attempts in an AD only environment. By default, NTLMSSP authentication is enabled.
NOTE:If NTLMSSP authentication is disabled, an eDirectory anonymous (guest) login or null login cannot be performed. But an AD guest login can be performed.
--block-unmanaged-cis-reads=yes|no
Disables or enables users with unmanaged workstation (CIS Client not installed on the workstation) from accessing files uploaded to the cloud. If this option is enabled, only those users with a managed workstation (CIS Client installed on the workstation) can access the files uploaded to the cloud. If this option is disabled, users with managed or unmanaged workstation can access the files uploaded to the cloud. By default, this option is disabled. Restart the CIFS server any time you modify this option.
--leasing=yes|no
Enables or disables the file leasing for SMB 2.1 or later connections. Leasing is an enhancement to legacy oplocks, which facilitates better file caching by clients, and thereby improves the overall performance. By default, this option is enabled. Leasing works only if oplock is enabled. To configure the lease break timeout, use the --oplock-lease-break-ack-timeout option.
--directory-leasing=yes|no
Enables or disables directory leasing for SMB 3.0 or later connections. Directory leasing enables clients to cache the meta data of directories and thereby improves the overall performance.
By default, this option is enabled. Directory Leasing works only if oplock and leasing are enabled. To configure the lease break timeout, use the --oplock-lease-break-ack-timeout option.
--large-mtu=yes|no
Enables or disables large MTU support. The Maximum Transmission Unit (MTU) is the size of the biggest data unit that can be transmitted in a single SMB2 packet on a network. With large MTU, maximum data unit size can be up to 1 MB as opposed to 64 KB of a normal MTU. Large MTU support enables a server to support multi-credit operations and is available in SMB 2.1 or later. By default, this option is disabled.
Displays the help information for CIFS commands, syntax, and exits.
Displays the usage information for the commands and exits.
CIFS configuration file.
CIFS context file.
Encrypted CIFS proxy user file.
Initialization script for CIFS. You can use systemctl commands or rcnovell-cifs commands for start, stop, and restart operations.
CIFS server log file.
VOL1:dir1 or VOL1:/dir1 is a volume-based path.