start of change

smbcd Daemon

Edit online

Purpose

Processes General Security Services API (GSSAPI) authentication requests for Server Message Block (SMB) client file system.

Syntax

/usr/sbin/smbcd

Description

The SMB client file system in the AIX® operating system requires Kerberos-based GSSAPI to start the user-authenticated session by using the SMB protocol version 2.1. In the AIX operating system, the GSSAPI is provided by a Userspace Library in the IBM® Network Authentication Service (NAS) version 1.16.1.0, or later fileset. This fileset is included in AIX Expansion Pack.

The smbcd daemon authenticates the SMB client file system to the required Kerberos-based GSSAPI and later deletes the established authentication context for the SMB client file system based on the type of request. The SMB client file system sends requests to the SMB server to access the remote shares (files and directories) during the mount or unmount operations and to reauthenticate an existing session at regular intervals or after a session expiry.

When the smbc.rte fileset is installed, the smbcd daemon is configured to operate with the System Resource Controller (SRC) master program. The SRC commands can stop and start the smbcd daemon. The smbcd daemon is started automatically when the logical partition starts. If the smbcd daemon is killed, the SRC master program restarts the smbcd daemon automatically. If the smbcd daemon is not running, you cannot authenticate or reauthenticate the session with the SMB server. All further attempts to access files in the SMB client file system in an unauthenticated session fails. You can start the smbcd daemon directly by running the startsrc command.

When the smbcd daemon starts, the smbcd daemon parses the /etc/smbc/smbctune.conf file and updates the kernel with the latest values of the tunable parameters from the file. Thus, the tunable parameter values are preserved between system restart operations.

You can determine the number of concurrent authentications that can be performed by using the smbc_max_concurrent_mount tunable parameter in the smbctune command. You can query the smbcd daemon status to determine the basic information such as the process ID, state, and subsystem.

Files

/var/adm/smbc/unixsock
UNIX socket file that is used for inter-process communication between the smbcd daemon and the smbclient kernel extension.
/var/adm/smbc/smbcgssd_krb5cc
Directory that contains the cache files of Kerberos credentials for various users.
/var/locks/LCK..smbcd
Lock file for the smbcd daemon. The lock operation ensures that the smbcd daemon does not run multiple times on repeated invocation.
end of change