novcifs - A command line utility that communicates with the cifsd daemon. You must be logged in as root to use novcifs.
novcifs [options]
[-sl, --share --list]
[-sln SHARENAME, --share --list --name=SHARENAME]
[-sap PATH -n SHARENAME -c COMMENT, --share --add --path=PATH --name=SHARENAME --comment=COMMENT ]
[-srn SHARENAME, --share --remove --name=SHARENAME]
[-sap PATH -n SHARENAME -c COMMENT -v VIRTUALSERVERFDN, --share --add --path=PATH --name=SHARENAME --comment=COMMENT --vserver=VIRTUALSERVERFDN]
[-srn SHARENAME -v VIRTUALSERVERFDN, --share --remove --name=SHARENAME --vserver=VIRTUALSERVERFDN]
[-s --enable-encryption=yes|no -n SHARE-NAME, --share --enable-encryption=yes|no --name=SHARE-NAME]
[-s --folder-redirection=yes|no -n <share_name>]
[-e yes|no, --guest-login=yes|no]
[-a -D DNSNAME -I IPADDR, --add --dns-name=DNSNAME --ip-addr=IPADDR]
[-r -D DNSNAME -I IPADDR, --remove --dns-name=DNSNAME --ip-addr=IPADDR]
[-g yes|no|optional|force, --enable-smbsigning=yes|no|optional|force]
[-e yes|no, --add --dns-name=DNS_NAME --ip-addr=IP_ADDR]
[-C | --Conn]
[-av VIRTUALSERVERFDN -I VIRTUALSERVERIP, --add --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]
[-rv VIRTUALSERVERFDN -I VIRTUALSERVERIP, --remove --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]
[-o | --oper-params]
[-g yes|no|optional|force, --enable-smbsigning=yes|no|optional|force]
[-L 0|4|5, --lm=0|4|5]
[-y [yes|no]]
[-k [SDIRCACHE | DIRCACHE | FILECACHE]=value, --set-cache SDIRCACHE | DIRCACHE | FILECACHE = value]]
[-t [yes|no]]
[-S yes|no]
[--enable-range-lock-mask=yes|no]
[--csc= 0|1|2|3]
[-UT TIMEOUT-PERIOD, --block-invalid-users --timeout-period=TIMEOUT-PERIOD]
[-Uan USER-NAME, --block-invalid-users --add --name=USER-NAME]
[-Urn USER-NAME, --block-invalid-users --remove --name=USER-NAME]
[-Ul, --block-invalid-users --list]
[--dynamic-fid-pool=yes|no]
[-d fh, --dump-statistics=fh]
[-d fp, --dump-statistics=fp]
[-d dc, --dump-statistics=dc]
[--info-level-passthru=yes|no]
[--list-servers]
[--share-vols-default=SERVER_NAME --value=yes|no]
[--dialect=SMB|SMB2|SMB3]
[--user-quota-sync <primary_volume>]
[--user-quota-sync <primary_volume> --percent <percentage>]
[--change-notify yes|no]
[--enum-shares-over-nullsession=yes|no]
[--oplock-break-ack-timeout=<time in seconds>]
[--negotiate-ntstatus=yes|no]
[--dfs-support=yes|no]
[--dns-suffix=DNS-SUFFIX]
[--display-user-addr=yes|no]
[--alternate-data-stream-enabled=yes|no]
[--disable-smbv1-sessions=win-mac|mac|none|all]
[--encrypt-data=yes|no]
[--reject-unencrypted-access=yes|no]
[--log-level error|debug|info]
[--dos-names=yes|no]
[--disable-ntlmssp=yes|no]
[--block-unmanaged-cis-reads=yes|no]
[--leasing=yes|no]
novcifs [-sl | --share --list]
Lists all the available share points.
novcifs [-sln SHARENAME | --share --list --name=SHARENAME]
Displays details of a specific share point.
novcifs [-sap PATH -n SHARENAME -c COMMENT | --share --add --path=PATH --name=SHARENAME --comment=COMMENT]
Adds a new share point.
Example:
novcifs -sap CIFSV:/home/user1 -n user1home -m 0 -c "User1 home directory"
novcifs -sap CIFSV: -n volumeshare -m 0 -c "Volume share"
novcifs [-srn SHARENAME | --share --remove --name=SHARENAME]
Removes an existing share point.
Example:
novcifs -srn user1home
novcifs [-sap PATH -n SHARENAME -c COMMENT -v VIRTUALSERVERFDN | --share --add --path=PATH --name=SHARENAME --comment=COMMENT --vserver=VIRTUALSERVERFDN]
Adds a new share point on a clustered volume.
Example:
Assuming the resource name of the clustered volume SHAREDV is .cn=PROJECT.ou=CL1.ou=Service.o=CT.t=NOVELL
novcifs -sap SHAREDV:/home/user1 -n user1home -m 0 -c User1 home directory -v PROJECTS.CL1.Service.CT.NOVELL
novcifs [-srn SHARENAME -v VIRTUALSERVERFDN | --share --remove --name=SHARENAME --vserver=VIRTUALSERVERFDN]
Removes an existing share point.
Example:
novcifs -srn user1home -v PROJECT.CL1.Service.CT.NOVELL
-s --enable-encryption yes | no -n SHARE-NAME, --share --enable-encryption=yes|no --name=SHARE-NAME
Enables or disables the encryption at the share level. If encryption is enabled at global level using the option --encrypt-data=yes|no, you need not enable encryption again at the share level. You can use this option to enable encryption for a specific share when encryption is disabled at global level. If this option is enabled, all the sessions established from the clients, which support encryption, to the specified share are encrypted. By default, this option is disabled.
Example:
novcifs -s --enable-encryption yes -n VOL1 enables SMB encryption for the share named VOL1.
-s --folder-redirection=yes|no -n <share_name>
Enables or disables the file share to host the redirected folders. By default, this option is disabled.
novcifs [-e yes|no | --guest-login=yes|no]
Enables or disables guest user login.
novcifs [-a -D DNSNAME -I IPADDR | --add --dns-name=DNSNAME --ip-addr=IPADDR] novcifs [-r -D DNSNAME -I IPADDR | --remove --dns-name=DNSNAME --ip-addr=IPADDR]
This option associates DNS names with cluster resource IP address in the CIFS server. You can assign more than one DNS name to the same cluster resource and access it using the CIFS client.
novcifs [-C | --Conn]
Displays the number of active connections.
novcifs [-av VIRTUALSERVERFDN -I VIRTUALSERVERIP | --add --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]
Adds a virtual server to CIFS.
novcifs [-rv VIRTUALSERVERFDN -I VIRTUALSERVERIP | --remove --vserver=VIRTUALSERVERFDN --ip-addr=VIRTUALSERVERIP]
Removes a virtual server from CIFS.
novcifs [-o | --oper-params]
This option displays the current settings of the CIFS server.
novcifs [-g yes|no|optional|force | --enable-smbsigning=yes|no|optional|force]
Enables or disables the SMB signature.
This is an add-on functionality. By default, it is disabled.
novcifs [-L 0|4|5| --lm=0|4|5]
This option sets the LAN Manager authentication level.
By default, the LMCompatibilityLevel is set to 0.
novcifs -y [yes|no]
Enables CIFS to search for the user in the entire base context.
novcifs -k [SDIRCACHE | DIRCACHE | FILECACHE] = value | --set-cache SDIRCACHE | DIRCACHE | FILECACHE = value]
Changes the cache value. The following are the default cache values:
novcifs [-t yes|no]
Enables or disables auditing.
IMPORTANT:Ensure that the novell-vigil service is running before you enable this option.
novcifs [-S yes|no | --sync=yes|no]
Enables or disables file synchronization. This parameter ensures that all the data previously written to a CIFS share has been written to the disk.
novcifs [--enable-range-lock-mask=yes|no]
Enables or disables range lock masking behavior.
IMPORTANT:If you enable or disable this parameter, make sure you restart the CIFS server using the rcnovell-cifs restart or systemctl restsrt novell-cifs.service command in order for the changes to take effect.
By default, range lock masking is enabled.
novcifs [--csc= 0|1|2|3]
Enables or disables client-side caching feature, which can be used to store frequently used information on the client's machine.
By default, client-side caching is disabled.
CIFS is now able to cache the invalid user logins for a specific timeout period. Further authentication requests from the same user name will be ignored based on the configured timeout period.
novcifs [-UT TIMEOUT-PERIOD | --block-invalid-users --timeout-period=TIMEOUT-PERIOD]
Specifies the amount of time a user should be considered as invalid to ignore authentication requests. Specify the timeout period in minutes. The range should be between 0 and 525600.
novcifs [-Uan USER-NAME | --block-invalid-users --add --name=USER-NAME]
Adds the specified user to the list of default invalid users whose authentication requests need to be ignored permanently.
novcifs [-Urn USER-NAME | --block-invalid-users --remove --name=USER-NAME]
Removes the specified user from the list of cached invalid users to start considering authentication requests.
novcifs [-Ul | --block-invalid-users --list]
Lists all the cached invalid users whose authentication requests are currently ignored.
Enables CIFS to increase the file id pool from 65k to 600k. By default, this option is disabled.
novcifs [--dynamic-fid-pool=yes|no]
Dumps statistics of Linux file handles opened.
novcifs [-d fh | --dump-statistics=fh]
Dumps statistics of Linux file handles and CIFS protocol file Ids opened.
novcifs [-d fp | --dump-statistics=fp]
Dumps cache statistics used to store file and directory names.
novcifs [-d dc | --dump-statistics=dc]
With the file monitoring options you can view details of open files and close open files within a volume, by connection and file handles associated with a file. For more information, see Section 6.0, CIFS Monitoring and Management.
Enables or disables the pass-through information levels capability on the server.
The option is disabled by default. Enabling this option can cause differences in client behavior. Restart the CIFS server any time you modify this option.
novcifs [--info-level-passthru=yes|no]
How does enabling this option impact the client behavior?
The pass-through information levels capability exposes additional information levels as part of the CIFS protocol.
When the capability is enabled, Windows 7 starts using the new information levels - sends different verbs. No visible end user impact.
When should you enable it?
You want to do a multi-select and copy of large files from Finder on Mac clients to OES servers. The sequence of calls Finder performs for this operation causes problems if the pass through capability is not enabled.
Enabling this option also improves Web download experience to a CIFS Share on Mac Clients.
In releases earlier than OES 2015, all mounted NSS volumes are exported as shares by default when the CIFS service is started. The name of the share is the same as the corresponding volume name. If a user removes a default share using the novcifs command or iManager, it will once again be exported as a share if the CIFS service is restarted.
In OES 2015 (or later), this behavior can be modified by setting the value of the nfapCIFSShareVolsByDefault attribute of the NCP server object to false. This prevents any default shares that were removed from being shared again if the server is restarted or if the resource is migrated. This setting can be modified using the novcifs command.
The setting to control whether volumes are shared by default is specific to each physical and virtual CIFS server. Different physical and virtual servers running on an OES host can behave differently in terms of how they share volumes by default, depending on the value of the setting for each server.
With the new command option introduced in novcifs, the administrator can choose to export all mounted volumes as shares, or export only the specified volumes as shares.
novcifs [--list-servers]
Lists the NetBIOS name and whether all NSS volumes are exported as shares by default for each CIFS server on this system. Returns an entry for each physical and virtual server running on this system.
novcifs [--share-vols-default=SERVER_NAME --value=yes|no]
Enables or disables all volumes being exported as shares by default.
SERVER_NAME: The NetBIOS name of one of the CIFS servers returned by the --list-servers command.
yes: Exports all the volumes belonging to <SERVER_NAME> as CIFS shares.
no: Exports only those shares specified by the CIFS administrator.
This option is enabled by default. When this option is disabled, no new volumes mounted will be shared; however, volumes that are already exported as shares will remain as shares until they are manually removed by the administrator. When this option is enabled, any new volume mounted will be exported, and after the CIFS service is restarted all mounted volumes will be exported as shares.
Limitation: This feature does not work for virtual servers in a cluster environment where non OES 2015 (or later) nodes exist.
Examples:
Viewing the list of physical and virtual CIFS servers and the "Share volumes by default" option for each server.
novcifs --list-servers List of CIFS servers: --------------------- LINUX-100-1_W - "Share volumes by default" attribute is enabled R1-CLUSPOOL1-W - "Share volumes by default" attribute is disabled
Disabling the "Share volumes by default" option.
novcifs --share-vols-default=LINUX-100-1_W --value=no Updating the Share Volumes By Default setting of the server completed successfully.
Enabling the "Share volumes by default" option.
novcifs --share-vols-default=R1-CLUSPOOL1-W --value=yes Updating the Share Volumes By Default setting of the server completed successfully.
Sets the dialect for the CIFS server to communicate with the clients. Toggling between the dialects may cause difference in server behavior. Restart the CIFS service any time you modify this option.
novcifs --dialect=SMB|SMB2|SMB3
SMB Sets the dialect to NT LM 0.12 (SMBv1)
SMB2 Sets the dialect to SMB 2.1 (SMB v2). SMB1 and SMB2 clients can connect to the server.
SMB3 Sets the dialect to SMB 3.00 (SMB v3). SMB1, SMB2, and SMB3 clients can connect to the server.
By default, SMB v3 option is enabled.
Synchronizes the users quotas from the primary volume to the secondary volume of a DST shadow volume pair.
--user-quota-sync <primary_volume>
Duplicates all of the user quotas that are set currently on the specified primary volume to the secondary volume.
--user-quota-sync <primary_volume> --percent <percentage>
Duplicates all of the user quotas that are set currently on the specified primary volume as a specified percentage to the secondary volume. The percentage value must also be specified after the volume name.
A percent value of 100 is a one-to-one quota assignment. A percent value of 50 assigns a quota that is one-half the size of the quota set on the primary volume. A percent value of 200 assigns a quota that is twice the size of the quota set on the primary volume.
--change-notify yes|no
When enabled, the client gets notifications about the changes happening on the directory which is currently being browsed or used through the Windows Explorer or Mac finder. These notifications enable the client to automatically refresh the Windows Explorer or Mac finder. The users need not press F5 to get the updated view as they will always be viewing the actual contents of the file system.
The client will be notified when one or more of the following events occur: A file or a folder is created, deleted, renamed, or moved, and metadata is changed.
Impact of enabling file system change notifications: Along with responding to the client's requests, the file server will also have to notify about every change happening on the directory to the client even if the change was done by the same client. It does increase the load on server.
Performance can be sluggish particularly when multiple users accessing or operating on the same directory.
Impact of disabling file system change notifications: Certain applications like Windows Explorer (Windows), Mac Finder, etc., expect change notifications feature to be supported or enabled. Else they end up in continuously querying the server about changes with humongous number of requests per second. The client tries to pull changes from the server and this might impact the performance of the server.
However, you can also add or modify the following Windows registry keys on the Windows client side so as to not let the client continuously query about the changes on the server.
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Key 1: NoRemoteChangeNotify (DWORD type with value set to 1)
Key 2: NoRemoteRecursiveEvents (DWORD type with value set to 1)
NOTE:By doing so, users are be forced to press F5 to get the updated view or changes on the file system. In addition, the same registry settings have to be applied on all the client machines.
IMPORTANT:The SMB client on SLED machines does not support the Change Notifications feature. Therefore, the changes on the OES file system will not be automatically reflected in the file browsers such as Nautilus.
Similarly, all client platforms do not request the server to send change notifications if the users browse using the command line.
--enum-shares-over-nullsession=yes|no
Enables or disables enumeration of shares over a null session. By default enumeration of shares over a null session is enabled. If GUEST access is enabled, enumeration of shares over a null session is still allowed even if enum-shares-over-nullsession is disabled.
--oplock-lease-break-ack-timeout=<time in seconds>
Specifies the amount of time in seconds the CIFS server waits for the client's response after sending a request to the client to release oplock or lease on a file.
Default: 30 seconds. Minimum: 5 seconds. Maximum: 30 seconds.
--negotiate-ntstatus=yes|no
Enables or disables negotiating NTSTATUS capability of the CIFS server.
If this option is enabled, server will set NTSTATUS capability bit in Negotiate Protocol response. This is required for certain SMBv1 clients to proceed with the session setup especially when extended security mechanisms are used. By default, this option is disabled. It is recommended to enable this option only when the client fails to connect to OES because of NTSTATUS capability.
If this option is enabled, CIFS server will set NTSTATUS capability bit during the negotiation phase. This is required for certain type of clients like printers to connect to the CIFS server using SMBv1 as the dialect. By default, this option is disabled. It is recommended to enable this option only when certain type of clients like printers fail to connect to the CIFS server.
--dfs-support=yes|no
Enables or disables DFS support for the CIFS server. By default, this option is disabled.
--dns-suffix=DNS-SUFFIX
Sets DNS suffix to be used in DFS referral target node server name. By default, target node server name is only the NetBIOS name without any DNS suffix.To clear the DNS suffix configuration, set an empty string.
--display-user-addr=yes|no
Enables or disables updation of client IP address details for the logged in user in the eDirectory user object. Before enabling this option, the common proxy user must be given write permission on the Network Address attribute at the user level or at the parent container level. By default, this option is disabled.
--alternate-data-stream-enabled=yes|no
Enables or disables the alternate data stream. By default, this option is disabled.
--disable-smbv1-sessions=win-mac|mac|none|all
Disables the SMB v1 session from the specified clients.
win-mac disables SMB v1 session from the Windows and Mac OS X clients.
mac disables SMB v1 session from Mac OS X clients.
none does not disable SMB v1 sessions from any of the clients.
all disables SMB v1 session from all clients.
NOTE:NURM and NFARM in Mac works only over SMB v1.
--encrypt-data=yes|no
Enables or disables the global level encryption, which is applicable to all the shares on the server. If this option is enabled, all the sessions established from the clients, which support encryption, to the server are encrypted. By default, this option is disabled.
Example:
novcifs --encrypt-data=yes enables SMB encryption for all the shares on the server.
--reject-unencrypted-access=yes|no
Enables or disables the unencrypted access to the shares exported by the server. If this option is disabled, the clients that do not support encryption can also access the encryption enabled shares. By default, this option is enabled.
Example:
novcifs --reject-unencrypted-access=no allows SMB clients that do not support encryption to access the encrypted shares.
--log-level error|debug|info
Sets the log level for the server to log messages in. By default, the log level is set to error.
error logs the critical, error, warnings, and events log.
debug logs all the debug, info, critical, error, warnings, and events log.
info logs all the info, critical, error, warnings, and events log.
--dos-names=yes|no
Enables or disables the DOS file name support. By default, this option is enabled. When this option is disabled, file operations using DOS file name is prevented. Disabling it improves the CIFS server performance especially during directory enumeration.
--disable-ntlmssp=yes|no
Disables or enables the NTLMSSP authentication. Setting this option to yes avoids the false NTLMSSP login attempts in an AD only environment. By default, NTLMSSP authentication is enabled.
NOTE:If NTLMSSP authentication is disabled, an eDirectory anonymous (guest) login or null login cannot be performed. But an AD guest login can be performed.
--block-unmanaged-cis-reads=yes|no
Disables or enables users with unmanaged workstation (CIS Client not installed on the workstation) from accessing files uploaded to the cloud. If this option is enabled, only those users with a managed workstation (CIS Client installed on the workstation) can access the files uploaded to the cloud. If this option is disabled, users with managed or unmanaged workstation can access the files uploaded to the cloud. By default, this option is disabled. Restart the CIFS server any time you modify this option.
--leasing=yes|no
Enables or disables the file leasing for SMB 2.1 or later connections. Leasing is an enhancement to legacy oplocks, which facilitates better file caching by clients, and thereby improves the overall performance. By default, this option is enabled. Leasing works only if oplock is enabled. To configure the lease break timeout, use the --oplock-lease-break-ack-timeout option.
Displays the help information for CIFS commands, syntax, and exits.
Displays the usage information for the commands and exits.
CIFS configuration file.
CIFS context file.
Encrypted CIFS proxy user file.
Initialization script for CIFS. You can use systemctl commands or rcnovell-cifs commands for start, stop, and restart operations.
CIFS server log file.
VOL1:dir1 or VOL1:/dir1 is a volume-based path.