Samba CIFS Filesystems under linux - hints and tips
===============================================================================
Mounting...
===============================================================================
Simply
mount.cifs //hostname/data /mnt/point \
-o dir_mode=0700,file_mode=0600,username=s357751
mounting from win98
http://pserver.samba.org/samba/ftp/cifs-cvs/linux-cifs-client-guide.pdf
mount -t cifs //tcp-name/share /mnt/point \
-o user=username,servern=NETBIOSNAME,sec=lanman
tcp-name _must_ be the ip address (like 192.168.x.x) of the Win98 machine.
share is the share name on the Win98 machine.
/mnt/point is the mount point in the Linux system.
username is an authorised user.
NETBIOSNAME _must_ be capitalised, and is the NETBIOS name of the Win98
machine.
Specifying "sec=lanman" in the mount options allows the client to send
weaker lanman hashes to the server. Older servers such as Windows 98 require
this.
You can also use the now deprecisted...
mount -t smbfs //tcp-name/share /mnt/point -o credentials=/path/to/file
where /path/to/file is the name of a file containing username and password.
See 'man mount' and 'man smbmount' for further details.
FYI: My experience with the CIFS mounting of Win98 shares is that the inode
count is incorrect. This leads to problems when the share is accessed
remotely.
-------------------------------------------------------------------------------
Less simply...
Used for Griffith CIFS shares...
Ensure these packages are installed (ubuntu)...
smbclient cifs-utils python3-smbc
Then mount using...
mount -vo vers=3.0,username={remote_user},domain={workgroup},
uid={local_uid},gid={local_gid}
//{ip_address}/{remote_path} /{mount_point}
-------------------------------------------------------------------------------
Direct mounts (user level)
Example...
mkdir t
smbmount //helpdesk/dump t -o username=joe
...
smbumount t
See man page on smbmount for more options...
NOTE: this command can mount exports contining both spaces and/or "$" chars.
While the other methods below can't.
You can make smbmount and smbumount SUID to allow user mounts
chmod u+s /usr/bin/smbmnt /usr/bin/smbumount
Though I do not specifically recommented this.
This seem to have some protection to only allow a user to mount to a directory
the user owns.
WARNING: a mounted directory permissions is defined by the current "umask"
at the time of the mount. This can be overridden with the fmask, and dmask
options...
smbmount //helpdesk/dump t -o fmask=600,dmask=700
It is also recomended you specify the uid to set file owerships
smbmount //helpdesk/dump t -o uid=anthony,fmask=600,dmask=700
If you are having problems with
1033: session setup failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed
try adding a workgroup to the options
workgroup=DOMAIN
-------------------------------------------------------------------------------
Mounting (root level)
To mount a samba filesystem (also called a CIFS or common internet file
system) you use a mount command like this...
mount -t smbfs //machine/share_dir /mnt
You can also specify the password like this...
mount -t smbfs -o password=foobar //machine/share_dir /mnt
WARNING this fails for any name with a space in its exported name.
though you can mount exports ending in "$"
If a username is required you can specify it with...
mount -t smbfs -o user=ItsMe,password=foobar //machine/share_dir /mnt
However sambe will authomatically try your local UNIX username to mount the
aprtition, so you will not need to supply it is your UNIX name and Windows
login name are the same.
-------------------------------------------------------------------------------
Auto Mounting (via autofs)
To the /etc/auto.misc file add the mount such as..
misc fstype=smbfs,ro,passwd=qwer1234,users,uid=160,gid=10 ://thing/misc
The Quoting mechnism used by the automounter, and "mount" itself, makes life
more difficult. That is winodw exports with spaces or "$" in the mount name,
will either not be allowed (for security), or just gets mis-interperted.
Probably also will not work for spaces in passwords or usernames either. :-(
-------------------------------------------------------------------------------
Mounting (from /etc/fstab)
NOTES:
From Sage-AU mail list...
> I've just applied the patches to smbmount and the linux kernel mentioned
> here: , and then mounted the
> filesystem using the options they give, which are:
> codepage=unicode,iocharset=iso8859-1,unicode
I fiddled around with various options, and eventually had it working.
But I found an interesting interaction (a.k.a. bug) which may have
prevented me finding the solution before.
Here's the actual line I was using in /etc/fstab (with username and
password obfuscated, naturally) when it wasn't working:
//server/D$ /mnt/smb/server/D smbfs defaults,rw,noauto,user=xxxxxxxx,password=xxxxxxxx,codepage=unicode,iocharset=utf8,unicode
And the corresponding line from /proc/mounts:
//server/D$ /mnt/smb/server/D smbfs rw,file_mode=0755,dir_mode=0755 0 0
Now, removing the "noauto" (which caused an error in /var/log/kern.log):
//server/D$ /mnt/smb/server/D smbfs defaults,rw,noauto,user=xxxxxxxx,password=xxxxxxxx,codepage=unicode,iocharset=utf8,unicode
And the corresponding line from /proc/mounts:
//server/D$ /mnt/smb/server/D smbfs rw,file_mode=0755,dir_mode=0755,iocharset=utf8,codepage=unicode 0 0
So the "noauto" stopped the codepage and iocharset options working, but
didn't stop the username and password, which also came after "noauto.
*shrug*
Anyway, I have it working now with codepage=unicode,iocharset=utf8,unicode.
Tim Bell -- bhat@trinity.unimelb.edu.au -- System Administrator
===============================================================================
Importing
===============================================================================
Locating CIFS / Window Shares / Samba Exports
See scripts nmbfind smbfind (in archives/local)
and cifs_find (in bin/admin)
nmblookup \* # List machine IP's which are online
nmblookup -T -A {ip_addr} # Get machines local "name"
nslookup {ip_addr} # Convert IP to domain name and visa-versa
findsmb # simular to "nmblookup \*" but cleaner
smbclient -N -L {hostname} # List shares and other machines work groups known
# to this machine. Also lists the machine
# "comment" or verbose name.
Get SID for the domain -U% is equivelent to -N but not 'anonymous'
rpcclient -U% {hostname} -c lsaquery
Unknown...
Convert a workgroup into a list of machines
-------------------------------------------------------------------------------
Collecting information
smbclient -N -L {name} List of shares and services
smbclient -k Connect using current kerberos auth!
smbclient -P Use the machines password!
smbclient -L server -U {DOMAIN}/{user}%{password}
If you get the error
Error returning browse list: NT_STATUS_ACCESS_DENIED
You need a kerberos ticket or a username/password
Accessing a share using a ftp-like interface
smbclient -U {username}%{password} -W {domain} \
//{server}/SYSVOL/
dir
cd sub-dir
more file view the file
get file download file from share
put file save file on share
volume What are we connected to
exit
Print stdin to a print service (No prompt -c omplies -N)
cat file |\
smbclient -U {username}%{password} -W {domain} -c 'print -'
print local_file send this file to printer service
queue what files are queued!
DFS
showconnect report the current active connection (for DFS)
===============================================================================
Exporting
===============================================================================
Default Home Export
If you just turn on the default samba configuration (/etc/samba/smb.conf)
the file systems are exported with the following configuration...
=======8<--------
[homes]
comment = Home Directories
browseable = no
read only = no
create mode = 0750
=======8<--------
What this means is that it exports each persons home directory as that persons
login name with that persons login password.
For example on machine "server" the home of "user" is exported as
//server/user
and has a password of that users login password.
You can also do the same this with //server/homes
in which case the password will decide what is mounted.
-------------------------------------------------------------------------------
Samba for win2000
I have configured Samba as PDC for win 2k clients. Im getting error when
I try to change Domain membership of Win 2k client.
"The specified domain either does not exist or could not be contacted".
To fix...
Make sure you have in the global section
preferred master = True
domain master = True
wins support = Yes
domain logons = Yes
The last ensures that Samba registers #1C which is used to find
domain controllers under some circumstances, and its absence may prevent
nmbd from responding to GETDC mailslot broadcasts sent by Win2K clients.
Also check for the smbd and nmbd daemons if they are running.
You need the latest (2.2.3a or better) version of samba to handle win2K
===============================================================================