This section describes enhancements and changes in Novell CIFS, beginning with the initial release Novell Open Enterprise Server (OES) 2015.
Beginning with OES 2015, Active Directory (AD) users and groups can natively access the Novell Storage System (NSS) file system through CIFS.
Additionally, if AD users install the NFARM Windows Explorer extension, they can then administer NSS resources on OES servers using Windows Explorer just as they would administer NTFS resources on Windows servers.
For example, if their trustee assignments allow, they can provision trustee assignments on NSS volumes for other Active Directory users.
Active Directory users authenticate using Kerberos through Novell CIFS for access to NSS resources.
The SMB changes introduced in OES 2015 require some implementation planning on your part. For more information, see Planning for SMB Changes in OES 2015 and later in the OES 2015 SP1: Novell CIFS for Linux Administration Guide.
SMB v2 (SMB 2.002) Verb Compliance: Clients can now communicate with OES using the SMB v2 (SMB 2.002) protocol.
SMB V2 (SMB 2.002) has the following advantages:
Reduced network traffic: Achieved through using a lower number of verbs (19 verbs v/s 100+ in SMB v1).
Performance improvement: Depends on overall system performance and other parameters.
Increased security: Achieved through using Kerberos for Active Directory, NLTM SSP for eDirectory user authentication, and HMAC-SHA256 for signing.
NOTE:When you upgrade from OES 11 SP2 to OES 2015, the SMB protocol default is set to SMB V2 (SMB 2.002).
Direct Hosting of SMB Over TCP/IP: OES 2015 supports direct-hosted "NetBIOS-less" SMB traffic over port 445 (TCP). For more information about the advantages of NetBIOS-less traffic, refer to this Microsoft Knowledge Base article.
NOTE:Support for CIFS/SMB v1 with NetBIOS over TCP/IP (port 139) continues and any client using CIFS/SMB v1 on port 139 can communicate to the OES 2015 server.
Filter CIFS Connections: You can filter connections based on the directory service hosting the client or user:
For more information, see Monitoring Connections in the OES 2015 SP1: Novell CIFS for Linux Administration Guide.
Synchronize Users Quotas in DST: You can synchronize users quotas from the primary volume to the secondary volume of a DST shadow volume pair:
For more information, see Synchronizing Users Quotas in the OES 2015 SP1: Novell CIFS for Linux Administration Guide.
Change Notifications: You can enable or disable the file server to send file system change notifications to clients:
For more information, see Enabling or Disabling File System Change Notifications to the Clients in the OES 2015 SP1: Novell CIFS for Linux Administration Guide.
Enumeration of Shares Over a nulluser Session: You can enable or disable enumeration (obtaining a list) of shares over nulluser (anonymous) sessions which are typically established by the client in the background.
For more information, see Enabling or Disabling Enumeration of Shares Over Null Session in the OES 2015 SP1: Novell CIFS for Linux Administration Guide.
SMB Version Switching: You can switch between SMB protocol versions. (The default for OES 2015 is SMB v2.)
For more information, see Toggling between SMB Versions in the OES 2015 SP1: Novell CIFS for Linux Administration Guide.
Obsolete novcifs Commands: Starting with OES 2015, the following command options are no longer available:
-Rp FILE-PATH
--vol-stats
--rights
--path=FILE-PATH
--resync=VOLUME-NAME
In OES versions older than OES 2015, the CIFS warning and error messages were logged in three files: /var/log/messages, /var/log/cifs/cifs.log, and /var/log/warn.
Beginning with OES 2015, the CIFS warning and error messages will only be logged in the /var/log/messages and /var/log/cifs/cifs.log files. However, information and debug messages will continue to be logged in the /var/log/messages and /var/log/cifs/cifs.log files, if enabled.
You can identify the error and warning messages logged in the /var/log/messages and /var/log/cifs/cifs.log files by the strings ERROR and WARNING, respectively.
Examples:
Mar 12 12:36:21 acme CIFS[30213] :WARNING: ENTRY: Auditing interface not initialized. Mar 12 12:36:21 acme CIFS[30213] : ERROR: AUTH: Failed to fetch domain admin SID from NIT, error: -27.
For more information about CIFS log files, see Configuration and Log Files in the OES 2015 SP1: Novell CIFS for Linux Administration Guide.
eDirectory users can now authenticate through CIFS to NSS resources through NTLM v2 using extended security (NTLMSSP).
Extended security is enabled by default at the server level.