novcifs (8)

Name

novcifs - A command line utility that communicates with the cifsd daemon. You must be logged in as root to use novcifs.

Syntax

novcifs [options]

[-sl, --share --list]

[-sln SHARENAME, --share --list --name=SHARENAME]

[-sap PATH -n SHARENAME -c COMMENT, --share --add --path=PATH --name=SHARENAME --comment=COMMENT ]

[-srn SHARENAME, --share --remove --name=SHARENAME]

[-sap PATH -n SHARENAME -c COMMENT -v VIRTUALSERVERFDN, --share --add --path=PATH --name=SHARENAME --comment=COMMENT --vserver=VIRTUALSERVERFDN]

[-srn SHARENAME -v VIRTUALSERVERFDN, --share --remove --name=SHARENAME --vserver=VIRTUALSERVERFDN]

[-s --folder-redirection=yes|no -n <share_name>]

[-b yes|no, --enable-debug=yes|no]

[-f yes|no, --enable-info=yes|no]

[-e yes|no, --guest-login=yes|no]

[-a -D DNSNAME -I IPADDR, --add --dns-name=DNSNAME --ip-addr=IPADDR]

[-r -D DNSNAME -I IPADDR, --remove --dns-name=DNSNAME --ip-addr=IPADDR]

[-g yes|no|optional|force, --enable-smbsigning=yes|no|optional|force]

[-e yes|no, --add --dns-name=DNS_NAME --ip-addr=IP_ADDR]

[-C | --Conn]

[-av VIRTUALSERVERFDN -I VIRTUALSERVERIP, --add --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]

[-rv VIRTUALSERVERFDN -I VIRTUALSERVERIP, --remove --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]

[-o | --oper-params]

[-g yes|no|optional|force, --enable-smbsigning=yes|no|optional|force]

[-L 0|4|5, --lm=0|4|5]

[-y [yes|no]]

[-k [SDIRCACHE | DIRCACHE | FILECACHE] = value, --set-cache SDIRCACHE | DIRCACHE | FILECACHE = value]]

[-t [yes|no]]

[-S yes|no]

[--enable-range-lock-mask=yes|no]

[--csc= 0|1|2|3]

[-UT TIMEOUT-PERIOD, --block-invalid-users --timeout-period=TIMEOUT-PERIOD]

[-Uan USER-NAME, --block-invalid-users --add --name=USER-NAME]

[-Urn USER-NAME, --block-invalid-users --remove --name=USER-NAME]

[-Ul, --block-invalid-users --list]

[--dynamic-fid-pool=yes|no]

[-d fh, --dump-statistics=fh]

[-d fp, --dump-statistics=fp]

[-d dc, --dump-statistics=dc]

[--info-level-passthru=yes|no]

[--list-servers]

[--share-vols-default=SERVER_NAME --value=yes|no]

[--dialect=SMB | SMB2]

[--user-quota-sync <primary_volume>]

[--user-quota-sync <primary_volume> --percent <percentage>]

[--change-notify yes | no]

[--enum-shares-over-nullsession = yes | no]

[--oplock-break-ack-timeout=<time in seconds>]

[--negotiate-ntstatus= yes | no]

[--dfs-support=yes|no]

[--dns-suffix=DNS-SUFFIX]

[--display-user-addr=yes|no]

[--disable-smbv1-sessions=none | all]

Options

Displaying the List of Share Points

novcifs [-sl | --share --list]

Lists all the available share points.

Displaying Details of a Share Point

novcifs [-sln SHARENAME | --share --list --name=SHARENAME]

Displays details of a specific share point.

Adding a New Share Point on a Non-Clustered Volume (Login to the node as root)

novcifs [-sap PATH -n SHARENAME -c COMMENT | --share --add --path=PATH --name=SHARENAME --comment=COMMENT]

Adds a new share point.

Example:

novcifs -sap CIFSV:/home/user1 -n user1home -m 0 -c "User1 home directory"

novcifs -sap CIFSV: -n volumeshare -m 0 -c "Volume share"

Removing a Share Point on a Non-Clustered Volume (Login to the node as root)

novcifs [-srn SHARENAME | --share --remove --name=SHARENAME]

Removes an existing share point.

Example:

novcifs -srn user1home

Adding a New Share Point on a Clustered Volume (Login to the node hosting resource as root)

novcifs [-sap PATH -n SHARENAME -c COMMENT -v VIRTUALSERVERFDN | --share --add --path=PATH --name=SHARENAME --comment=COMMENT --vserver=VIRTUALSERVERFDN]

Adds a new share point on a clustered volume.

Example:

Assuming the resource name of the clustered volume SHAREDV is .cn=PROJECT.ou=CL1.ou=Service.o=CT.t=NOVELL

novcifs -sap SHAREDV:/home/user1 -n user1home -m 0 -c User1 home directory -v PROJECTS.CL1.Service.CT.NOVELL

Removing a Share Point on a Clustered Volume

novcifs [-srn SHARENAME -v VIRTUALSERVERFDN | --share --remove --name=SHARENAME --vserver=VIRTUALSERVERFDN]

Removes an existing share point.

Example:

novcifs -srn user1home -v PROJECT.CL1.Service.CT.NOVELL

Enabling or Disabling Folder Redirection

-s --folder-redirection=yes|no -n <share_name>

Enables or disables the file share to host the redirected folders. By default, this option is disabled.

Enabling or Disabling the Debug Log

novcifs [-b yes|no | --enable-debug=yes|no]

Enables or disables the debug log.

Enabling or Disabling the Info Log

novcifs [-f yes|no | --enable-info=yes|no]

Enable this option to log all informative messages from the CIFS server.

Enabling or Disabling Anonymous (guest) Login

novcifs [-e yes|no | --guest-login=yes|no]

Enables or disables guest user login.

Adding or Removing DNS Names (other than hostnames) for Advertising

novcifs [-a -D DNSNAME -I IPADDR | --add --dns-name=DNSNAME --ip-addr=IPADDR]
novcifs [-r -D DNSNAME -I IPADDR | --remove --dns-name=DNSNAME --ip-addr=IPADDR]

This option associates DNS names with cluster resource IP address in the CIFS server. You can assign more than one DNS name to the same cluster resource and access it using the CIFS client.

Displaying Active Connection Count

novcifs [-C | --Conn]

Displays the number of active connections.

Adding a Virtual Server

novcifs [-av VIRTUALSERVERFDN -I VIRTUALSERVERIP | --add --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]

Adds a virtual server to CIFS.

Removing a Virtual Server

novcifs [-rv VIRTUALSERVERFDN -I VIRTUALSERVERIP | --remove --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]

Removes a virtual server from CIFS.

Displaying Operational Parameters

novcifs [-o | --oper-params]

This option displays the current settings of the CIFS server.

Enabling or Disabling SMB Signing

novcifs [-g yes|no|optional|force | --enable-smbsigning=yes|no|optional|force]

Enables or disables the SMB signature.

  • Yes for enabling.
  • No for disabling.
  • Optional for optional enabling.
  • Force for mandatory enabling.

This is an add-on functionality.

Setting LMCompatibilityLevel

novcifs [-L 0|4|5| --lm=0|4|5]

This option sets the LAN Manager authentication level.

  • 0 for Accept LM and NTLM responses.
  • 4 for Accept NTLM response/refuse LM response.
  • 5 for Accept NTLMv2 response/refuse LM and NTLM responses.

Enabling or Disabling Subtree Search Capability

novcifs -y [yes|no]

Enables CIFS to search for the user in the entire base context.

Changing the Cache Settings

novcifs -k [SDIRCACHE | DIRCACHE | FILECACHE] = value | --set-cache SDIRCACHE | DIRCACHE | FILECACHE = value]

Changes the cache value. The following are the default cache values:

  • Maximum cached subdirectories per volume (SDIRCACHE)=102400
  • Maximum cached files per subdirectory (DIRCACHE)=10240
  • Maximum cached files per volume (FILECACHE)=256000

Enabling or Disabling Auditing

novcifs [-t yes|no]

Enables or disables auditing.

IMPORTANT:Ensure that the novell-vigil service is running before you enable this option.

Enabling or Disabling File Synchronization

novcifs [-S yes|no | --sync=yes|no]

Enables or disables file synchronization. This parameter ensures that all the data previously written to a CIFS share has been written to the disk.

Enabling or Disabling Mask Behavior for Range Locks

novcifs [--enable-range-lock-mask=yes|no]

Enables or disables range lock masking behavior.

IMPORTANT:If you enable or disable this parameter, make sure you restart the CIFS server using the rcnovell-cifs restart command in order for the changes to take effect.

By default, range lock masking is enabled.

Enabling or Disabling Client-side Caching

novcifs [--csc= 0|1|2|3]

Enables or disables client-side caching feature, which can be used to store frequently used information on the client's machine.

  • 0 Caches files for offline use. Does not permit automatic file-by-file reintegration.
  • 1 Caches files for offline use. Permits automatic file-by-file reintegration.
  • 2 Caches files for offline use. Clients are permitted to work from their local cache even while online.
  • 3 Disables offline caching.

By default, client-side caching is disabled.

Enabling Invalid User Caching

CIFS is now able to cache the invalid user logins for a specific timeout period. Further authentication requests from the same user name will be ignored based on the configured timeout period.

novcifs [-UT TIMEOUT-PERIOD | --block-invalid-users --timeout-period=TIMEOUT-PERIOD]

Specifies the amount of time a user should be considered as invalid to ignore authentication requests. Specify the timeout period in minutes. The range should be between 0 and 525600.

novcifs [-Uan USER-NAME | --block-invalid-users --add --name=USER-NAME]

Adds the specified user to the list of default invalid users whose authentication requests need to be ignored permanently.

novcifs [-Urn USER-NAME | --block-invalid-users --remove --name=USER-NAME]

Removes the specified user from the list of cached invalid users to start considering authentication requests.

novcifs [-Ul | --block-invalid-users --list]

Lists all the cached invalid users whose authentication requests are currently ignored.

Enabling CIFS File Id Pool

Enables CIFS to increase the file id pool from 65k to 600k. If this option is enabled, 65k files can be opened per user session up to a server level maximum of 600k.By default, this option is disabled.

novcifs [--dynamic-fid-pool=yes|no]

Dumping File Handle Statistics

Dumps statistics of Linux file handles opened.

novcifs [-d fh | --dump-statistics=fh]

Dumps statistics of Linux file handles and CIFS protocol file Ids opened.

novcifs [-d fp | --dump-statistics=fp]

Dumping Directory Cache Statistics

Dumps cache statistics used to store file and directory names.

novcifs [-d dc | --dump-statistics=dc]

CIFS Monitoring and Management

With the file monitoring options you can view details of open files and close open files within a volume, by connection and file handles associated with a file. For more information, see Section 6.0, CIFS Monitoring and Management.

Enabling or Disabling the Pass-through Information Levels Capability

Enables or disables the pass-through information levels capability on the server.

The option is disabled by default. Enabling this option can cause differences in client behavior. Restart the CIFS server any time you modify this option.

novcifs [--info-level-passthru=yes|no]

How does enabling this option impact the client behavior?

The pass-through information levels capability exposes additional information levels as part of the CIFS protocol.

When the capability is enabled, Windows 7 starts using the new information levels - sends different verbs. No visible end user impact.

When should you enable it?

You want to do a multi-select and copy of large files from Finder on Mac clients to OES servers. The sequence of calls Finder performs for this operation causes problems if the pass through capability is not enabled.

Enabling this option also improves Web download experience to a CIFS Share on Mac Clients.

How do the users see their current quota on the client?

Passthru Info Levels Capability disabled: The Total, Used, and Free spaces displayed by the client will be the total Volume quota. It does not consider User and Directory quotas set.

For example, set 1 TB as Volume quota, 1 GB as User quota, and 100 GB as Directory quota. The disk usage (Total space, Used space, and Free space) visible to the user is 1 TB (Volume quota).

Passthru Info Levels Capability enabled: The Total, Used, and Free spaces displayed by the client is limited to Volume quota and User quota. It does not consider Directory quota set.

For example, set 1 TB as Volume quota, 1 GB as User quota, and 100 GB as Directory quota. The Free space and Total space visible to the user is limited to 1 GB [minimum of User and Volume quotas], and the Used space displayed will be the effective used space, which is less than or equal to 1 GB.

Passthru Info Levels Capability enabled (Mac clients): The Total, Used, and Free spaces displayed by the client will be the total Volume quota. It does not consider User and Directory quotas set.

For example, set 1 TB as Volume quota, 1 GB as User quota, and 100 GB as Directory quota. The disk usage (Total space, Used space, and Free space) visible to the user is 1 TB (Volume Quota).

Viewing the NetBIOS Names of Servers and Changing the Behavior of Exporting Volumes by Default

In releases earlier than OES 2015, all mounted NSS volumes are exported as shares by default when the CIFS service is started. The name of the share is the same as the corresponding volume name. If a user removes a default share using the novcifs command or iManager, it will once again be exported as a share if the CIFS service is restarted.

In OES 2015 (or later), this behavior can be modified by setting the value of the nfapCIFSShareVolsByDefault attribute of the NCP server object to false. This prevents any default shares that were removed from being shared again if the server is restarted or if the resource is migrated. This setting can be modified using the novcifs command.

The setting to control whether volumes are shared by default is specific to each physical and virtual CIFS server. Different physical and virtual servers running on an OES host can behave differently in terms of how they share volumes by default, depending on the value of the setting for each server.

With the new command option introduced in novcifs, the administrator can choose to export all mounted volumes as shares, or export only the specified volumes as shares.

novcifs [--list-servers]

Lists the NetBIOS name and whether all NSS volumes are exported as shares by default for each CIFS server on this system. Returns an entry for each physical and virtual server running on this system.

novcifs [--share-vols-default=SERVER_NAME --value=yes|no]

Enables or disables all volumes being exported as shares by default.

SERVER_NAME: The NetBIOS name of one of the CIFS servers returned by the --list-servers command.

yes: Exports all the volumes belonging to <SERVER_NAME> as CIFS shares.

no: Exports only those shares specified by the CIFS administrator.

This option is enabled by default. When this option is disabled, no new volumes mounted will be shared; however, volumes that are already exported as shares will remain as shares until they are manually removed by the administrator. When this option is enabled, any new volume mounted will be exported, and after the CIFS service is restarted all mounted volumes will be exported as shares.

Limitation: This feature does not work for virtual servers in a cluster environment where non OES 2015 (or later) nodes exist.

Examples:

Viewing the list of physical and virtual CIFS servers and the "Share volumes by default" option for each server.

novcifs --list-servers
List of CIFS servers:
---------------------
LINUX-100-1_W   -  "Share volumes by default" attribute is enabled
R1-CLUSPOOL1-W  -  "Share volumes by default" attribute is disabled

Disabling the "Share volumes by default" option.

novcifs --share-vols-default=LINUX-100-1_W --value=no
Updating the Share Volumes By Default setting of the server completed successfully.

Enabling the "Share volumes by default" option.

novcifs --share-vols-default=R1-CLUSPOOL1-W --value=yes
Updating the Share Volumes By Default setting of the server completed successfully.

Toggling between SMB Versions

Sets the dialect for the CIFS server to communicate with the clients. Toggling between the dialects may cause difference in server behavior. Restart the CIFS service any time you modify this option.

novcifs --dialect=SMB | SMB2 

SMB Sets the dialect to NT LM 0.12 (SMBv1)

SMB2 Sets the dialect to SMB 2.002 (SMB v2)

By default, SMB2 option is enabled.

Synchronizing Users Quotas

Synchronizes the users quotas from the primary volume to the secondary volume of a DST shadow volume pair.

--user-quota-sync <primary_volume>

Duplicates all of the user quotas that are set currently on the specified primary volume to the secondary volume.

--user-quota-sync <primary_volume> --percent <percentage>

Duplicates all of the user quotas that are set currently on the specified primary volume as a specified percentage to the secondary volume. The percentage value must also be specified after the volume name.

A percent value of 100 is a one-to-one quota assignment. A percent value of 50 assigns a quota that is one-half the size of the quota set on the primary volume. A percent value of 200 assigns a quota that is twice the size of the quota set on the primary volume.

Enabling or Disabling File System Change Notifications to the Clients

--change-notify yes | no

When enabled, the client gets notifications about the changes happening on the directory which is currently being browsed or used through the Windows Explorer or Mac finder. These notifications enable the client to automatically refresh the Windows Explorer or Mac finder. The users need not press F5 to get the updated view as they will always be viewing the actual contents of the file system.

The client will be notified when one or more of the following events occur: A file or a folder is created, deleted, renamed, or moved, and metadata is changed.

Impact of enabling file system change notifications: Along with responding to the client's requests, the file server will also have to notify about every change happening on the directory to the client even if the change was done by the same client. It does increase the load on server.

Performance can be sluggish particularly when multiple users accessing or operating on the same directory.

Impact of disabling file system change notifications: Certain applications like Windows Explorer (Windows), Mac Finder, etc., expect change notifications feature to be supported or enabled. Else they end up in continuously querying the server about changes with humongous number of requests per second. The client tries to pull changes from the server and this might impact the performance of the server.

However, you can also add or modify the following Windows registry keys on the Windows client side so as to not let the client continuously query about the changes on the server.

Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

Key 1: NoRemoteChangeNotify (DWORD type with value set to 1)

Key 2: NoRemoteRecursiveEvents (DWORD type with value set to 1)

NOTE:By doing so, users are be forced to press F5 to get the updated view or changes on the file system. In addition, the same registry settings have to be applied on all the client machines.

IMPORTANT:The SMB client on SLED machines does not support the Change Notifications feature. Therefore, the changes on the OES file system will not be automatically reflected in the file browsers such as Nautilus.

Similarly, all client platforms do not request the server to send change notifications if the users browse using the command line.

Enabling or Disabling Enumeration of Shares Over Null Session

--enum-shares-over-nullsession = yes | no

Enables or disables enumeration of shares over a null session. By default enumeration of shares over a null session is enabled. If GUEST access is enabled, enumeration of shares over a null session is still allowed even if enum-shares-over-nullsession is disabled.

Setting Oplock Break Acknowledgement Timeout Period

--oplock-break-ack-timeout=<time in seconds>

Specifies the amount of time in seconds the CIFS server waits for the client's response after sending a request to the client to release oplock on a file.

Default: 30 seconds. Minimum: 5 seconds. Maximum: 30 seconds.

Enabling or Disabling Negotiating NTSTATUS Capability

--negotiate-ntstatus= yes | no

Enables or disables negotiating NTSTATUS capability of the CIFS server.

If this option is enabled, server will set NTSTATUS capability bit in Negotiate Protocol response. This is required for certain SMBv1 clients to proceed with the session setup especially when extended security mechanisms are used. By default, this option is disabled. It is recommended to enable this option only when the client fails to connect to OES because of NTSTATUS capability.

If this option is enabled, CIFS server will set NTSTATUS capability bit during the negotiation phase. This is required for certain type of clients like printers to connect to the CIFS server using SMBv1 as the dialect. By default, this option is disabled. It is recommended to enable this option only when certain type of clients like printers fail to connect to the CIFS server.

Enabling or Disabling DFS Support

--dfs-support=yes|no

Enables or disables DFS support for the CIFS server. By default, this option is disabled.

Setting DNS Suffix

--dns-suffix=DNS-SUFFIX

Sets DNS suffix to be used in DFS referral target node server name. By default, target node server name is only the NetBIOS name without any DNS suffix. To clear the DNS suffix configuration, set an empty string.

Updating Client IP Address Details

--display-user-addr=yes|no

Enables or disables updation of client IP address details for the logged in user in the eDirectory user object. Before enabling this option, the common proxy user must be given write permission on the Network Address attribute at the user level or at the parent container level. By default, this option is disabled.

Disabling SMB v1 Sessions

--disable-smbv1-sessions=none | all

Disables the SMB v1 session from the specified clients.

none does not disable SMB v1 sessions from any of the clients.

all disables SMB v1 session from all clients.

Help Options

-h | --help

Displays the help information for CIFS commands, syntax, and exits.

-u | --usage

Displays the usage information for the commands and exits.

Files

/etc/opt/novell/cifs/cifs.conf

CIFS configuration file.

/etc/opt/novell/cifs/cifsctxs.conf

CIFS context file.

/etc/opt/novell/cifs/.cifspwd.enc

Encrypted CIFS proxy user file.

/etc/init.d/novell-cifs

Initialization script for CIFS. You should use this script to start and stop CIFS, rather than running it directly.

/var/log/cifs/cifs.log

CIFS server log file.

Examples

/etc/init.d/novell-cifs start runs this program in the standard way.

/usr/sbin/novcifs runs the client interface program directly.

VOL1:dir1 or VOL1:/dir1 is a volume-based path.