OpenSolaris: Two options for Windows file and print sharing

Table of contents

A quick primer on cross-platform Windows file-sharing

  • SMB ("Server Message Block") was the original Microsoft Windows file and printer sharing protocol. (Actually a collection of protocols, services, and client programs.)
  • CIFS ("Common Internet File System") represents extensions and enhancements to SMB, made by Microsoft.
  • Known collectively as "SMB/CIFS", almost all modern operating systems support the protocols either out-of-the-box, or with minimal additional effort.
  • Microsoft owns the intellectual rights to the more recent versions of SMB/CIFS, but they allow others to implement their own versions, and have in recent years published the specs.
  • Beginning with Windows Vista, Microsoft introduced SMB2. It is a significant re-write and simplification. Windows Vista and Windows 7 still communicate with older Windows clients and servers--and with non-Microsoft clients and servers--via SMB1.
  • Currently, no non-Microsoft products support SMB2 in production-ready form, though samba.org is working on it.

Samba.org's Samba service

  • The ubiquity and universality of the SMB/CIFS protocols are partially, if not largely thanks to samba.org. Their open-source Samba software suite runs on virtually all UNIX and Linux variants (even on Windows under Cygwin).
  • Samba supports most versions and services of the SMB protocols, including Workgroups, NT domains (client and server), and Active Directory (client and server).
  • A Samba package compiled specifically for [Open]Solaris is available through the stock [Open]Solaris repository. The server service is configured and managed almost identically to Samba variants compiled for other operating systems (e.g. Linux).

OpenSolaris' native ZFS CIFS/SMB service

  • OpenSolaris ships with its own CIFS/SMB server built-in to the kernel, managed natively through the ZFS interfaces.
  • The OpenSolaris CIFS/SMB service is managed very differently than Samba. While arguably more robust, there is little knowledge carry-over for those familiar with Samba on other platforms.
  • You may configure OpenSolaris to use either samba.org's Samba server, or the native ZFS CIFS/SMB server; but not both at the same time. (Although conceivably possible to use both at the same time, it would at minimum require using non-standard ports.)
  • You can change between using Samba and ZFS CIFS/SMB relatively easily, by disabling and enabling the corresponding services. However, setting up both to support a similar server configuration (from a client's perspective) is difficult and time-consuming depending on the complexity of configured services. For sanity's sake, I would advise choosing one and staying with it.

ZFS CIFS/SMB vs. Samba

  • ZFS-native CIFS/SMB
    • Pros
      • Is built-in to the kernel, therefore has the potential to perform better (whether or not it actually does in real-world use).
      • Requires no additional packages or services to be installed.
      • No files to manually edit in order to configure.
      • Tightly integrated with ZFS and the ZFS ACL security model.
      • Only one security model to worry about (ZFS ACLs).
    • Cons
      • Not as old, proven, or widely deployed as Samba.
      • Specific to OpenSolaris, knowledge not readily transferable (unless it [along with ZFS] catches on as a viable Samba competitor in broader OS community).
      • Currently no GUI to manage, all terminal commands.
      • If you don't like the ZFS ACL model, you are largely out of luck for controlling access and security.
      • The ZFS ACL model, while conceptually simple and similar to the Windows NTFS ACL model, is exceedingly complex and notoriously difficult to implement in practice. Furthermore, it is very difficult to predict how the ACLs will behave in a mixed client OS model. Since ZFS ACLs and the built-in CIFS/SMB service are so tightly integrated, this significant shortcoming of the ZFS ACL model is also reflects poorly on the built-in CIFS/SMB service.
  • Samba.org's Samba services
    • Pros
      • Widely adopted worldwide on many operating systems.
      • About as solid and debugged as software gets.
      • transferable skills: Samba is configured and managed the same way on Solaris as it is on Linux, BSD, etc.
      • Third-party GUIs are available to manage on most OSes, though the granularity available through them may not be sufficient for all use cases.
      • Has it's own fairly simple and easy to configure security model (which could also be viewed as a con depending on use case), which can be used without using the ZFS ACL model. (Instead it loosely relies on the legacy *nix file permission model, which ZFS also supports.)
      • Even if OpenSolaris (and ZFS+CIFS/SMB) development were to suddenly stop, Samba development will continue on; so even if you are stuck with an aging OpenSolaris server, you could likely at least enjoy the latest SMB/CIFS file and print sharing services.
    • Cons
      • "Old-school" *nix-style management interface--to make changes, you must edit a configuration file, then restart the service. (Which could also be considered a "pro", as the file can be self-documenting and more user-friendly than a terminal command interface.)
      • Overlay security model could conceivably conflict with ZFS ACLs (unless you don't use ZFS ACLs).

Conclusions and recommendation

OpenSolaris' ZFS CIFS/SMB service and ACL model have a long way to go before being easily manageable and thus ready for prime-time. The time may come (possibly even with version 2010.03 but highly unlikely) that the built-in service and ACL model cause less hair-pulling than Samba. But that time is not now. And fortunately, by going with Samba you aren't necessarily preventing the option of switching later.

In short: Go with Samba!

This work is licensed by James R. "Jim" Collier in 2010 under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.