Samba CIFS Filesystems under linux - hints and tips

===============================================================================
Mounting...
===============================================================================

Simply

    mount.cifs //hostname/data /mnt/point \
          -o dir_mode=0700,file_mode=0600,username=s357751

mounting from win98

    http://pserver.samba.org/samba/ftp/cifs-cvs/linux-cifs-client-guide.pdf

    mount -t cifs //tcp-name/share /mnt/point \
          -o user=username,servern=NETBIOSNAME,sec=lanman


  tcp-name _must_ be the ip address (like 192.168.x.x) of the Win98 machine.
  share is the share name on the Win98 machine.
  /mnt/point is the mount point in the Linux system.
  username is an authorised user.

  NETBIOSNAME _must_ be capitalised, and is the NETBIOS name of the Win98
  machine.

  Specifying "sec=lanman" in the mount options allows the client to send
  weaker lanman hashes to the server. Older servers such as Windows 98 require
  this.

  You can also use the now deprecisted...
    mount -t smbfs //tcp-name/share /mnt/point -o credentials=/path/to/file

  where /path/to/file is the name of a file containing username and password.
  See 'man mount' and 'man smbmount' for further details.

  FYI: My experience with the CIFS mounting of Win98 shares is that the inode
  count is incorrect. This leads to problems when the share is accessed
  remotely.

-------------------------------------------------------------------------------
Less simply...

Used for Griffith CIFS shares...

  Ensure these packages are installed (ubuntu)...
    smbclient cifs-utils python3-smbc

  Then mount using...
    mount -vo vers=3.0,username={remote_user},domain={workgroup},
              uid={local_uid},gid={local_gid}
          //{ip_address}/{remote_path}  /{mount_point}


-------------------------------------------------------------------------------
Direct mounts  (user level)

Example...
   mkdir t
   smbmount //helpdesk/dump t  -o username=joe
   ...
   smbumount t

See man page on smbmount for more options...

NOTE: this command can mount exports contining both spaces and/or "$" chars.
While the other methods below can't.

You can make smbmount and smbumount SUID to allow user mounts
   chmod u+s /usr/bin/smbmnt /usr/bin/smbumount
Though I do not specifically recommented this.

This seem to have some protection to only allow a user to mount to a directory
the user owns.

WARNING: a mounted directory permissions is defined by the current "umask"
at the time of the mount. This can be overridden with the fmask, and dmask
options...
   smbmount //helpdesk/dump t  -o fmask=600,dmask=700

It is also recomended you specify the uid to set file owerships
   smbmount //helpdesk/dump t  -o uid=anthony,fmask=600,dmask=700

If you are having problems with
   1033: session setup failed: ERRDOS - ERRnoaccess (Access denied.)
   SMB connection failed
try adding a workgroup to the options
   workgroup=DOMAIN

-------------------------------------------------------------------------------
Mounting (root level)

To mount a samba filesystem (also called a CIFS or common internet file
system) you use a mount command like this...

    mount -t smbfs //machine/share_dir /mnt

You can also specify the password like this...

    mount -t smbfs -o password=foobar //machine/share_dir /mnt

WARNING this fails for any name with a space in its exported name.
though you can mount exports ending in "$"

If a username is required you can specify it with...
    mount -t smbfs -o user=ItsMe,password=foobar //machine/share_dir /mnt

However sambe will authomatically try your local UNIX username to mount the
aprtition, so you will not need to supply it is your UNIX name and Windows
login name are the same.

-------------------------------------------------------------------------------
Auto Mounting  (via autofs)

To the  /etc/auto.misc file add the mount such as..

misc fstype=smbfs,ro,passwd=qwer1234,users,uid=160,gid=10  ://thing/misc

The Quoting mechnism used by the automounter, and "mount" itself, makes life
more difficult. That is winodw exports with spaces or "$" in the mount name,
will either not be allowed (for security), or just gets mis-interperted.

Probably also will not work for spaces in passwords or usernames either. :-(

-------------------------------------------------------------------------------
Mounting (from /etc/fstab)

NOTES:

From Sage-AU mail list...
> I've just applied the patches to smbmount and the linux kernel mentioned
> here: <http://www.hojdpunkten.ac.se/054/samba/>, and then mounted the
> filesystem using the options they give, which are:
>     codepage=unicode,iocharset=iso8859-1,unicode

I fiddled around with various options, and eventually had it working.
But I found an interesting interaction (a.k.a. bug) which may have
prevented me finding the solution before.

Here's the actual line I was using in /etc/fstab (with username and
password obfuscated, naturally) when it wasn't working:
    //server/D$ /mnt/smb/server/D smbfs defaults,rw,noauto,user=xxxxxxxx,password=xxxxxxxx,codepage=unicode,iocharset=utf8,unicode

And the corresponding line from /proc/mounts:
    //server/D$ /mnt/smb/server/D smbfs rw,file_mode=0755,dir_mode=0755 0 0

Now, removing the "noauto" (which caused an error in /var/log/kern.log):
    //server/D$ /mnt/smb/server/D smbfs defaults,rw,noauto,user=xxxxxxxx,password=xxxxxxxx,codepage=unicode,iocharset=utf8,unicode

And the corresponding line from /proc/mounts:
    //server/D$ /mnt/smb/server/D smbfs rw,file_mode=0755,dir_mode=0755,iocharset=utf8,codepage=unicode 0 0

So the "noauto" stopped the codepage and iocharset options working, but
didn't stop the username and password, which also came after "noauto.
*shrug*

Anyway, I have it working now with codepage=unicode,iocharset=utf8,unicode.

Tim Bell  --  bhat@trinity.unimelb.edu.au  --  System Administrator

===============================================================================
Importing
===============================================================================
Locating CIFS / Window Shares / Samba Exports
  See scripts   nmbfind  smbfind (in archives/local)
          and  cifs_find   (in bin/admin)

nmblookup \*                  # List machine IP's which are online

nmblookup -T -A  {ip_addr}    # Get machines local "name"

nslookup {ip_addr}            # Convert IP to domain name and visa-versa

findsmb                       # simular to  "nmblookup \*" but cleaner

smbclient -N -L {hostname}    # List shares and other machines work groups known
                              # to this machine. Also lists the machine
                              # "comment" or verbose name.

Get SID for the domain   -U% is equivelent to -N but not 'anonymous'
  rpcclient -U% {hostname} -c lsaquery


Unknown...
  Convert a workgroup into a list of machines

-------------------------------------------------------------------------------
Collecting information

  smbclient -N -L  {name}       List of shares and services
  smbclient -k                  Connect using current kerberos auth!
  smbclient -P                  Use the machines password!
  smbclient -L server -U {DOMAIN}/{user}%{password}

If you get the error
   Error returning browse list: NT_STATUS_ACCESS_DENIED
You need a kerberos ticket or a username/password

Accessing a share using a ftp-like interface

  smbclient -U {username}%{password} -W {domain} \
            //{server}/SYSVOL/
    dir
    cd  sub-dir
    more  file         view the file
    get   file         download file from share
    put   file         save file on share
    volume             What are we connected to
    exit

Print stdin to a print service  (No prompt  -c omplies -N)

  cat file |\
    smbclient -U {username}%{password} -W {domain} -c 'print -'

  print local_file          send this file to printer service
  queue                     what files are queued!


DFS

  showconnect            report the current active connection (for DFS)


===============================================================================
Exporting
===============================================================================
Default Home Export

If you just turn on the default samba configuration (/etc/samba/smb.conf)
the file systems are exported with the following configuration...

=======8<--------
[homes]
   comment = Home Directories
   browseable = no
   read only = no
   create mode = 0750
=======8<--------

What this means is that it exports each persons home directory as that persons
login name with that persons login password.

For example on machine "server" the home of "user" is exported as
   //server/user
and has a password of that users login password.

You can also do the same this with    //server/homes
in which case the password will decide what is mounted.

-------------------------------------------------------------------------------
Samba for win2000

I have configured Samba as PDC for win 2k clients. Im getting error when
I try to change Domain membership of Win 2k client.
   "The specified domain either does not exist or could not be contacted".

To fix...
Make sure you have in the global section

  preferred master = True
  domain master = True
  wins support = Yes
  domain logons = Yes

The last ensures that Samba registers <DOMAIN>#1C which is used to find
domain controllers under some circumstances, and its absence may prevent
nmbd from responding to GETDC mailslot broadcasts sent by Win2K clients.

Also check for the smbd and nmbd daemons if they are running.

You need the latest (2.2.3a or better) version of samba to handle win2K

===============================================================================