novcifs (8)

Name

novcifs - A command line utility that communicates with the cifsd daemon. You must be logged in as root to use novcifs.

Syntax

novcifs [options]

[-sl, --share --list]

[-sln SHARENAME, --share --list --name=SHARENAME]

[-sap PATH -n SHARENAME -c COMMENT, --share --add --path=PATH --name=SHARENAME --comment=COMMENT ]

[-srn SHARENAME, --share --remove --name=SHARENAME]

[-sap PATH -n SHARENAME -c COMMENT -v VIRTUALSERVERFDN, --share --add --path=PATH --name=SHARENAME --comment=COMMENT --vserver=VIRTUALSERVERFDN]

[-srn SHARENAME -v VIRTUALSERVERFDN, --share --remove --name=SHARENAME --vserver=VIRTUALSERVERFDN]

[-s --enable-encryption=yes|no -n SHARE-NAME, --share --enable-encryption=yes|no --name=SHARE-NAME]

[-s --folder-redirection=yes|no -n <share_name>]

[-s --atm-backup=yes|no -n SHARENAME, --share --atm-backup =yes|no --name SHARENAME]

[-s --mfa=yes|no -n SHARENAME, --share --mfa=yes|no --name SHARENAME]

[-e yes|no, --guest-login=yes|no]

[-a -D DNSNAME -I IPADDR, --add --dns-name=DNSNAME --ip-addr=IPADDR]

[-r -D DNSNAME -I IPADDR, --remove --dns-name=DNSNAME --ip-addr=IPADDR]

[-g yes|no|optional|force, --enable-smbsigning=yes|no|optional|force]

[-e yes|no, --add --dns-name=DNS_NAME --ip-addr=IP_ADDR]

[-C | --Conn]

[-av VIRTUALSERVERFDN -I VIRTUALSERVERIP, --add --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]

[-rv VIRTUALSERVERFDN -I VIRTUALSERVERIP, --remove --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]

[-o | --oper-params]

[-g yes|no|optional|force, --enable-smbsigning=yes|no|optional|force]

[-L 0|4|5, --lm=0|4|5]

[-y [yes|no]]

[-k [SDIRCACHE | DIRCACHE | FILECACHE]=value, --set-cache SDIRCACHE | DIRCACHE | FILECACHE = value]]

[-t [yes|no]]

[-S yes|no]

[--enable-range-lock-mask=yes|no]

[--csc= 0|1|2|3]

[-UT TIMEOUT-PERIOD, --block-invalid-users --timeout-period=TIMEOUT-PERIOD]

[-Uan USER-NAME, --block-invalid-users --add --name=USER-NAME]

[-Urn USER-NAME, --block-invalid-users --remove --name=USER-NAME]

[-Ul, --block-invalid-users --list]

[--dynamic-fid-pool=yes|no]

[-d fh, --dump-statistics=fh]

[-d fp, --dump-statistics=fp]

[-d dc, --dump-statistics=dc]

[--info-level-passthru=yes|no]

[--list-servers]

[--share-vols-default=SERVER_NAME --value=yes|no]

[--dialect=SMB|SMB2|SMB3]

[--user-quota-sync <primary_volume>]

[--user-quota-sync <primary_volume> --percent <percentage>]

[--change-notify yes|no]

[--enum-shares-over-nullsession=yes|no]

[--check-share-visibility-rights=yes|no]

[--oplock-break-ack-timeout=<time in seconds>]

[--negotiate-ntstatus=yes|no]

[--dfs-support=yes|no]

[--dns-suffix=DNS-SUFFIX]

[--display-user-addr=yes|no]

[--alternate-data-stream-enabled=yes|no]

[--disable-smbv1-sessions=win-mac|mac|none|all]

[--encrypt-data=yes|no]

[--reject-unencrypted-access=yes|no]

[--log-level error|debug|info]

[--dos-names=yes|no]

[--disable-ntlmssp=yes|no]

[--block-unmanaged-cis-reads=yes|no]

[--leasing=yes|no]

[--directory-leasing=yes|no]

[--zerocopy=yes|no]

[--large-mtu=yes|no]

[--mfa=yes|no]

Options

Displaying the List of Share Points

novcifs [-sl | --share --list]

Lists all the available share points.

Displaying Details of a Share Point

novcifs [-sln SHARENAME | --share --list --name=SHARENAME]

Displays details of a specific share point.

Adding a New Share Point on a Non-Clustered Volume (Login to the node as root)

novcifs [-sap PATH -n SHARENAME -c COMMENT | --share --add --path=PATH --name=SHARENAME --comment=COMMENT]

Adds a new share point.

Example:

novcifs -sap CIFSV:/home/user1 -n user1home -m 0 -c "User1 home directory"

novcifs -sap CIFSV: -n volumeshare -m 0 -c "Volume share"

Removing a Share Point on a Non-Clustered Volume (Login to the node as root)

novcifs [-srn SHARENAME | --share --remove --name=SHARENAME]

Removes an existing share point.

Example:

novcifs -srn user1home

Adding a New Share Point on a Clustered Volume (Login to the node hosting resource as root)

novcifs [-sap PATH -n SHARENAME -c COMMENT -v VIRTUALSERVERFDN | --share --add --path=PATH --name=SHARENAME --comment=COMMENT --vserver=VIRTUALSERVERFDN]

Adds a new share point on a clustered volume.

Example:

Assuming the resource name of the clustered volume SHAREDV is .cn=PROJECT.ou=CL1.ou=Service.o=CT.t=NOVELL

novcifs -sap SHAREDV:/home/user1 -n user1home -m 0 -c User1 home directory -v PROJECTS.CL1.Service.CT.NOVELL

Removing a Share Point on a Clustered Volume

novcifs [-srn SHARENAME -v VIRTUALSERVERFDN | --share --remove --name=SHARENAME --vserver=VIRTUALSERVERFDN]

Removes an existing share point.

Example:

novcifs -srn user1home -v PROJECT.CL1.Service.CT.NOVELL

Enabling or Disabling SMB 3.0 Encryption at Share Level

-s --enable-encryption yes|no -n SHARE-NAME, --share --enable-encryption=yes|no --name=SHARE-NAME

Enables or disables the encryption at the share level. If encryption is enabled at global level using the option --encrypt-data=yes|no, you need not enable encryption again at the share level. You can use this option to enable encryption for a specific share when encryption is disabled at global level. If this option is enabled, all the sessions established from the clients, which support encryption, to the specified share are encrypted. By default, this option is disabled.

Example:

novcifs -s --enable-encryption yes -n VOL1 enables SMB encryption for the share named VOL1.

Enabling or Disabling Folder Redirection

-s --folder-redirection=yes|no -n <share_name> --share --folder-redirection =yes|no --name=SHARENAME

Enables or disables the file share to host the redirected folders. By default, this option is disabled.

Enabling or Disabling ATM Backup at Share Level

-s --atm-backup=yes|no -n SHARENAME, --share --atm-backup =yes|no --name= SHARENAME

Enables or disables share to be Apple Time Machine (ATM) backup target. Enable this option tolet ATM running on the Mac clients to backup their data to the specified share. This feature works only when --leasing is enabled with SMB3 or later connections.

Enabling or Disabling MFA at Share Level

-s --mfa=yes|no -n SHARENAME, --share --mfa=yes|no --name SHARENAME

Enables or disables MFA at share level. If enabled, access to the share requires MFA. By default, this option is disabled.

Enabling or Disabling Anonymous (guest) Login

novcifs [-e yes|no | --guest-login=yes|no]

Enables or disables guest user login.

Adding or Removing DNS Names (other than hostnames) for Advertising

novcifs [-a -D DNSNAME -I IPADDR | --add --dns-name=DNSNAME --ip-addr=IPADDR]
novcifs [-r -D DNSNAME -I IPADDR | --remove --dns-name=DNSNAME --ip-addr=IPADDR]

This option associates DNS names with cluster resource IP address in the CIFS server. You can assign more than one DNS name to the same cluster resource and access it using the CIFS client.

Displaying Active Connection Count

novcifs [-C | --Conn]

Displays the number of active connections.

Adding a Virtual Server

novcifs [-av VIRTUALSERVERFDN -I VIRTUALSERVERIP | --add --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]

Adds a virtual server to CIFS.

Removing a Virtual Server

novcifs [-rv VIRTUALSERVERFDN -I VIRTUALSERVERIP | --remove --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]

Removes a virtual server from CIFS.

Displaying Operational Parameters

novcifs [-o | --oper-params]

This option displays the current settings of the CIFS server.

Enabling or Disabling SMB Signing

novcifs [-g yes|no|optional|force | --enable-smbsigning=yes|no|optional|force]

Enables or disables the SMB signature.

  • Yes for enabling.
  • No for disabling.
  • Optional for optional enabling.
  • Force for mandatory enabling.

This is an add-on functionality. By default, it is disabled.

Setting LMCompatibilityLevel

novcifs [-L 0|4|5| --lm=0|4|5]

This option sets the LAN Manager authentication level.

  • 0 for Accept LM and NTLM responses.
  • 4 for Accept NTLM response/refuse LM response.
  • 5for Accept NTLMv2 response/refuse LM and NTLM responses.

By default, the LMCompatibilityLevel is set to 0.

Enabling or Disabling Subtree Search Capability

novcifs -y [yes|no]

Enables CIFS to search for the user in the entire base context.

Changing the Cache Settings

novcifs -k [SDIRCACHE | DIRCACHE | FILECACHE] = value | --set-cache SDIRCACHE | DIRCACHE | FILECACHE = value]

Changes the cache value. The following are the default cache values:

  • Maximum cached subdirectories per volume (SDIRCACHE)=102400
  • Maximum cached files per subdirectory (DIRCACHE)=10240
  • Maximum cached files per volume (FILECACHE)=256000

Enabling or Disabling Auditing

novcifs [-t yes|no]

Enables or disables auditing.

IMPORTANT:Ensure that the novell-vigil service is running before you enable this option.

Enabling or Disabling File Synchronization

novcifs [-S yes|no | --sync=yes|no]

Enables or disables file synchronization. This parameter ensures that all the data previously written to a CIFS share has been written to the disk.

Enabling or Disabling File Compression

novcifs [--compression=yes|no]

Enables or disables the compression of files as they transfer over the network.

Enabling or Disabling Mask Behavior for Range Locks

novcifs [--enable-range-lock-mask=yes|no]

Enables or disables range lock masking behavior.

IMPORTANT:If you enable or disable this parameter, make sure you restart the CIFS server using the rcnovell-cifs restart or systemctl restsrt novell-cifs.service command in order for the changes to take effect.

By default, range lock masking is enabled.

Enabling or Disabling Client-side Caching

novcifs [--csc= 0|1|2|3]

Enables or disables client-side caching feature, which can be used to store frequently used information on the client's machine.

  • 0 Caches files for offline use. Does not permit automatic file-by-file reintegration.
  • 1 Caches files for offline use. Permits automatic file-by-file reintegration.
  • 2Caches files for offline use. Clients are permitted to work from their local cache even while online.
  • 3Disables offline caching.

By default, client-side caching is disabled.

Enabling Invalid User Caching

CIFS is now able to cache the invalid user logins for a specific timeout period. Further authentication requests from the same user name will be ignored based on the configured timeout period. By default, caching the invalid user logins is enabled.

novcifs [-UT TIMEOUT-PERIOD | --block-invalid-users --timeout-period=TIMEOUT-PERIOD]

Specifies the amount of time a user should be considered as invalid to ignore authentication requests. Specify the timeout period in minutes. The range should be between 0 and 525600.

novcifs [-Uan USER-NAME | --block-invalid-users --add --name=USER-NAME]

Adds the specified user to the list of default invalid users whose authentication requests need to be ignored permanently.

novcifs [-Urn USER-NAME | --block-invalid-users --remove --name=USER-NAME]

Removes the specified user from the list of cached invalid users to start considering authentication requests.

novcifs [-Ul | --block-invalid-users --list]

Lists all the cached invalid users whose authentication requests are currently ignored.

NOTE:Use special USER-NAME "MachineAccounts" to add machine accounts ending with the $ symbol as default invalid users. But, if there are valid user names ending with the $ symbol, then do not use the special USER-NAME "MachineAccounts". When "MachineAccounts" is added as default invalid users, if a machine account tries to log in as an eDirectory user, the authentication request is denied. If it tries to log in as an Active Directory user, the tree connect request is denied.

Adding "MachineAccounts" to the permanent list of blocked user accounts makes cifsd service to deny Session Setup requests for computer accounts, without attempting to resolve or find the account in eDirectory which prevents exhaustion of eDirectory, when repetitive SMB authentication requests for a computer account is generated by Windows (background) processes that run as Local System account.

This makes cifsd service to deny the Tree Connect requests from Active Directory computer accounts without verifying the effective rights of such accounts with NSS, which prevents file system access performance degradation when repetitive attempts to access a CIFS share are generated by Windows (background) processes that run as Local System account.

This also avoids error messages in cifs log related to access failures for computer accounts.

Enabling CIFS File Id Pool

Enables CIFS to increase the file id pool from 65k to 600k. By default, this option is disabled.

novcifs [--dynamic-fid-pool=yes|no]

Dumping File Handle Statistics

Dumps statistics of Linux file handles opened.

novcifs [-d fh | --dump-statistics=fh]

Dumps statistics of Linux file handles and CIFS protocol file Ids opened.

novcifs [-d fp | --dump-statistics=fp]

Dumping Directory Cache Statistics

Dumps cache statistics used to store file and directory names.

novcifs [-d dc | --dump-statistics=dc]

Monitoring CIFS Health Status

novcifs --get-health-status

Displays the health status of CIFS service. If the status is unhealthy, then the cause for the status is also displayed with the status.

CIFS Monitoring and Management

With the file monitoring options you can view details of open files and close open files within a volume, by connection and file handles associated with a file. For more information, see Section 6.0, CIFS Monitoring and Management.

Enabling or Disabling the Pass-through Information Levels Capability

Enables or disables the pass-through information levels capability on the server.

The option is disabled by default. Enabling this option can cause differences in client behavior. Restart the CIFS server any time you modify this option.

novcifs [--info-level-passthru=yes|no]

How does enabling this option impact the client behavior?

The pass-through information levels capability exposes additional information levels as part of the CIFS protocol.

When the capability is enabled, Windows 7 starts using the new information levels - sends different verbs. No visible end user impact.

When should you enable it?

You want to do a multi-select and copy of large files from Finder on Mac clients to OES servers. The sequence of calls Finder performs for this operation causes problems if the pass through capability is not enabled.

Enabling this option also improves Web download experience to a CIFS Share on Mac Clients.

Viewing the NetBIOS Names of Servers and Changing the Behavior of Exporting Volumes by Default

In releases earlier than OES 2015, all mounted NSS volumes are exported as shares by default when the CIFS service is started. The name of the share is the same as the corresponding volume name. If a user removes a default share using the novcifs command or iManager, it will once again be exported as a share if the CIFS service is restarted.

In OES 2015 (or later), this behavior can be modified by setting the value of the nfapCIFSShareVolsByDefault attribute of the NCP server object to false. This prevents any default shares that were removed from being shared again if the server is restarted or if the resource is migrated. This setting can be modified using the novcifs command.

The setting to control whether volumes are shared by default is specific to each physical and virtual CIFS server. Different physical and virtual servers running on an OES host can behave differently in terms of how they share volumes by default, depending on the value of the setting for each server.

With the new command option introduced in novcifs, the administrator can choose to export all mounted volumes as shares, or export only the specified volumes as shares.

novcifs [--list-servers]

Lists the NetBIOS name and whether all NSS volumes are exported as shares by default for each CIFS server on this system. Returns an entry for each physical and virtual server running on this system.

novcifs [--share-vols-default=SERVER_NAME --value=yes|no]

Enables or disables all volumes being exported as shares by default.

SERVER_NAME: The NetBIOS name of one of the CIFS servers returned by the --list-servers command.

yes: Exports all the volumes belonging to <SERVER_NAME> as CIFS shares.

no: Exports only those shares specified by the CIFS administrator.

This option is enabled by default. When this option is disabled, no new volumes mounted will be shared; however, volumes that are already exported as shares will remain as shares until they are manually removed by the administrator. When this option is enabled, any new volume mounted will be exported, and after the CIFS service is restarted all mounted volumes will be exported as shares.

Limitation: This feature does not work for virtual servers in a cluster environment where non OES 2015 (or later) nodes exist.

Examples:

Viewing the list of physical and virtual CIFS servers and the "Share volumes by default" option for each server.

novcifs --list-servers
List of CIFS servers:
---------------------
LINUX-100-1_W   -  "Share volumes by default" attribute is enabled
R1-CLUSPOOL1-W  -  "Share volumes by default" attribute is disabled

Disabling the "Share volumes by default" option.

novcifs --share-vols-default=LINUX-100-1_W --value=no
Updating the Share Volumes By Default setting of the server completed successfully.

Enabling the "Share volumes by default" option.

novcifs --share-vols-default=R1-CLUSPOOL1-W --value=yes
Updating the Share Volumes By Default setting of the server completed successfully.

Toggling between SMB Versions

Sets the highest dialect for the CIFS server to communicate with the clients. Toggling between the dialects may cause difference in server behavior. Restart the CIFS service any time you modify this option.

novcifs --dialect=SMB|SMB2|SMB3

SMB Sets the highest dialect supported to NT LM 0.12 (SMB v1).

SMB2 Sets the highest dialect supported to SMB 2.1 (SMB v2). SMB1 and SMB2 clients can connect to the server.

SMB3 Sets the highest dialect supported to SMB 3.00 (SMB v3). SMB1, SMB2, and SMB3 clients can connect to the server.

By default, SMB v3 option is enabled.

Beginning with OES 2018 SP3, the SMB v1 sessions are disabled by default. To enable all SMB v1 sessions, set the option --disable-smbv1-sessions=none.

Synchronizing Users Quotas

Synchronizes the users quotas from the primary volume to the secondary volume of a DST shadow volume pair.

--user-quota-sync <primary_volume>

Duplicates all of the user quotas that are set currently on the specified primary volume to the secondary volume.

--user-quota-sync <primary_volume> --percent <percentage>

Duplicates all of the user quotas that are set currently on the specified primary volume as a specified percentage to the secondary volume. The percentage value must also be specified after the volume name.

A percent value of 100 is a one-to-one quota assignment. A percent value of 50 assigns a quota that is one-half the size of the quota set on the primary volume. A percent value of 200 assigns a quota that is twice the size of the quota set on the primary volume.

Enabling or Disabling File System Change Notifications to the Clients

--change-notify yes|no

When enabled, the client gets notifications about the changes happening on the directory which is currently being browsed or used through the Windows Explorer or Mac finder. These notifications enable the client to automatically refresh the Windows Explorer or Mac finder. The users need not press F5 to get the updated view as they will always be viewing the actual contents of the file system.

The client will be notified when one or more of the following events occur: A file or a folder is created, deleted, renamed, or moved, and metadata is changed.

Impact of enabling file system change notifications: Along with responding to the client's requests, the file server will also have to notify about every change happening on the directory to the client even if the change was done by the same client. It does increase the load on server.

Performance can be sluggish particularly when multiple users accessing or operating on the same directory.

Impact of disabling file system change notifications: Certain applications like Windows Explorer (Windows), Mac Finder, etc., expect change notifications feature to be supported or enabled. Else they end up in continuously querying the server about changes with humongous number of requests per second. The client tries to pull changes from the server and this might impact the performance of the server.

However, you can also add or modify the following Windows registry keys on the Windows client side so as to not let the client continuously query about the changes on the server.

Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

Key 1: NoRemoteChangeNotify (DWORD type with value set to 1)

Key 2: NoRemoteRecursiveEvents (DWORD type with value set to 1)

NOTE:By doing so, users are be forced to press F5 to get the updated view or changes on the file system. In addition, the same registry settings have to be applied on all the client machines.

IMPORTANT:The SMB client on SLED machines does not support the Change Notifications feature. Therefore, the changes on the OES file system will not be automatically reflected in the file browsers such as Nautilus.

Similarly, all client platforms do not request the server to send change notifications if the users browse using the command line.

Enabling or Disabling Enumeration of Shares Over Null Session

--enum-shares-over-nullsession=yes|no

Enables or disables enumeration of shares over a null session. By default enumeration of shares over a null session is enabled. If GUEST access is enabled, enumeration of shares over a null session is still allowed even if enum-shares-over-nullsession is disabled.

If --check-share-visibility-rights is enabled, it takes precedence and null sessions do not list any shares. Only shares with Public rights are displayed.

Enabling or Disabling Display of Shares Depending on Trustees

--check-share-visibility-rights=yes|no

Enables or disables the display of shares depending on the trustee rights of the user or group.

On enabling this option, an user can view only those shares (local or cluster resource) that he or she has trustee rights on and also the shares with Public rights. To view the shares a user must be added as a user or group trustee.

By default, this option is disabled.

Setting Oplock Break Acknowledgement Timeout Period

--oplock-lease-break-ack-timeout=<time in seconds>

Specifies the amount of time in seconds the CIFS server waits for the client's response after sending a request to the client to release oplock or lease on a file.

Default: 30 seconds. Minimum: 5 seconds. Maximum: 30 seconds.

Enabling or Disabling Negotiating NTSTATUS Capability

--negotiate-ntstatus=yes|no

Enables or disables negotiating NTSTATUS capability of the CIFS server.

If this option is enabled, server will set NTSTATUS capability bit in Negotiate Protocol response. This is required for certain SMBv1 clients to proceed with the session setup especially when extended security mechanisms are used. By default, this option is disabled. It is recommended to enable this option only when the client fails to connect to OES because of NTSTATUS capability.

If this option is enabled, CIFS server will set NTSTATUS capability bit during the negotiation phase. This is required for certain type of clients like printers to connect to the CIFS server using SMBv1 as the dialect. By default, this option is disabled. It is recommended to enable this option only when certain type of clients like printers fail to connect to the CIFS server.

Enabling or Disabling DFS Support

--dfs-support=yes|no

Enables or disables DFS support for the CIFS server. By default, this option is disabled.

Setting DNS Suffix

--dns-suffix=DNS-SUFFIX

Sets DNS suffix to be used in DFS referral target node server name. By default, target node server name is only the NetBIOS name without any DNS suffix.To clear the DNS suffix configuration, set an empty string.

Updating Client IP Address Details

--display-user-addr=yes|no

Enables or disables updation of client IP address details for the logged in user in the eDirectory user object. Before enabling this option, the common proxy user must be given write permission on the Network Address attribute at the user level or at the parent container level. By default, this option is disabled.

Enabling or Disabling Alternate Data Stream

--alternate-data-stream-enabled=yes|no

Enables or disables the alternate data stream. By default, this option is disabled.

Disabling SMB v1 sessions

--disable-smbv1-sessions=win-mac|mac|none|all

Disables the SMB v1 session from the specified clients.

win-mac disables SMB v1 session from the Windows and Mac OS X clients.

mac disables SMB v1 session from Mac OS X clients.

none does not disable SMB v1 sessions from any of the clients.

all disables SMB v1 session from all clients.

NOTE:NURM and NFARM in Mac works only over SMB v1.

Enabling or Disabling SMB 3.0 Encryption at Global Level

--encrypt-data=yes|no

Enables or disables the global level encryption, which is applicable to all the shares on the server. If this option is enabled, all the sessions established from the clients, which support encryption, to the server are encrypted. By default, this option is disabled.

Example:

novcifs --encrypt-data=yes enables SMB encryption for all the shares on the server.

Selecting a Cipher among the Supported Ciphers

[--preferred-cipher=AES-128-GCM|AES-128-CCM|AES-256-GCM|AES-256-CCM|NONE]

CIFS supports AES-256-GCM and AES-256-CCM cryptographic suites for SMB 3.1.1 encryption. The server negotiates these advanced cipher methods when connecting to the client. AES-128-GCM andAES-128-CCM cryptographic suites are still supported for SMB 3.1.1.

AES-128-GCM sets AES-128-GCM as a cipher for encryption.

AES-128-CCM sets AES-128-CCM as a cipher for encryption.

AES-256-GCM sets AES-256-GCM as a cipher for encryption.

AES-256-CCM sets AES-256-CCM as a cipher for encryption.

Example: novcifs --preferred-cipher=AES-128-GCM|NONE sets AES-128-GCM as prefered cipher.

SMB Multichannel Operations

SMB multichannel is an SMB3.0 feature that increases network performance and the availability of file servers. SMB multichannel operation is allowed by default over the network interface which holds the IP address used for mapping the share. Additional interfaces can be enabled for smb multi-channel operation using this option.

Enabling and Disabling SMB Multichannel:

novcifs --multi-channel={yes|no}

Enables or disables SMB multichannel operations.

Adding a multi-channel interface name:

novcifs --multi-channel-interface --add --interface-name=<NETWORK-INTERFACE-NAME>

Allows you to add additional interfaces for smb multi-channel operation.

Removing a multi-channel interface name:

novcifs --multi-channel-interface --remove --interface-name=<NETWORK-INTERFACE-NAME>

Allows you to remove an interface from smb multi channel support.

Displays the list of all the multi-channel interfaces:

novcifs --multi-channel-interface --list

Displays the list of all the interfaces which are enabled for smb multi channel operation.

Enabling or Disabling Unencrypted Access to the Share

--reject-unencrypted-access=yes|no

Enables or disables the unencrypted access to the shares exported by the server. If this option is disabled, the clients that do not support encryption can also access the encryption enabled shares. By default, this option is enabled.

Example:

novcifs --reject-unencrypted-access=no allows SMB clients that do not support encryption to access the encrypted shares.

Setting the Log Level

--log-level error|debug|info

Sets the log level for the server to log messages in. By default, the log level is set to error.

error logs the critical, error, warnings, and events log.

debug logs all the debug, info, critical, error, warnings, and events log.

info logs all the info, critical, error, warnings, and events log.

Enabling or Disabling DOS File Name Support

--dos-names=yes|no

Enables or disables the DOS file name support. By default, this option is enabled. When this option is disabled, file operations using DOS file name is prevented. Disabling it improves the CIFS server performance especially during directory enumeration.

Enabling or Disabling NTLMSSP Authentication

--disable-ntlmssp=yes|no

Disables or enables the NTLMSSP authentication. Setting this option to yes avoids the false NTLMSSP login attempts in an AD only environment. By default, NTLMSSP authentication is enabled.

NOTE:If NTLMSSP authentication is disabled, an eDirectory anonymous (guest) login or null login cannot be performed. But an AD guest login can be performed.

Managing CIS Reads

--block-unmanaged-cis-reads=yes|no

Disables or enables users with unmanaged workstation (CIS Client not installed on the workstation) from accessing files uploaded to the cloud. If this option is enabled, only those users with a managed workstation (CIS Client installed on the workstation) can access the files uploaded to the cloud. If this option is disabled, users with managed or unmanaged workstation can access the files uploaded to the cloud. By default, this option is disabled. Restart the CIFS server any time you modify this option.

Leasing

--leasing=yes|no

Enables or disables the file leasing for SMB 2.1 or later connections. Leasing is an enhancement to legacy oplocks, which facilitates better file caching by clients, and thereby improves the overall performance. By default, this option is enabled. Leasing works only if oplock is enabled. To configure the lease break timeout, use the --oplock-lease-break-ack-timeout option.

Directory Leasing

--directory-leasing=yes|no

Enables or disables directory leasing for SMB 3.0 or later connections. Directory leasing enables clients to cache the meta data of directories and thereby improves the overall performance.

By default, this option is enabled. Directory Leasing works only if oplock and leasing are enabled. To configure the lease break timeout, use the --oplock-lease-break-ack-timeout option.

Enabling or Disabling Large MTU

--large-mtu=yes|no

Enables or disables large MTU support. The Maximum Transmission Unit (MTU) is the size of the biggest data unit that can be transmitted in a single SMB2 packet on a network. With large MTU, maximum data unit size can be up to 1 MB as opposed to 64 KB of a normal MTU. Large MTU support enables a server to support multi-credit operations and is available in SMB 2.1 or later. By default, this option is disabled.

Enabling or Disabling MFA at Server Level

--mfa=yes|no

Enables or disables MFA at server level. If this option is enabled, access to any share on the server requires MFA. By default, this option is disabled.

Help Options

-h | --help

Displays the help information for CIFS commands, syntax, and exits.

-u | --usage

Displays the usage information for the commands and exits.

Files

/etc/opt/novell/cifs/cifs.conf

CIFS configuration file.

/etc/opt/novell/cifs/cifsctxs.conf

CIFS context file.

/etc/opt/novell/cifs/.cifspwd.enc

Encrypted CIFS proxy user file.

/usr/sbin/rcnovell-cifs

Initialization script for CIFS. You can use systemctl commands or rcnovell-cifs commands for start, stop, and restart operations.

/var/log/cifs/cifs.log

CIFS server log file.

Examples

VOL1:dir1 or VOL1:/dir1 is a volume-based path.