Access to GWDG Fileservers

There are are two file servers available for users with a GWDG account: The Unix Home, which you can see if you log into a Unix machine via ssh - the personal homepage is located here as well - and the file area in the Active Directory (short: AD), which you usually see as integrated drive “P” as you log in.

Access to the Unix home

With Mac OS X, you have several possibilities to access your GWDG Unix Home: access with an SFTP client, and use of the home directory as a network drive via AFP and SMB (Samba). Both methods have advantages and disadvantages.

Access via SFTP

The connection via SFTP has some significant advantages:

  • SFTP is a protocol similar to FTP, only here, all traffic is encrypted, making it the most secure connection. The data encryption is especially important when accessed from external networks (e.g. a DSL access).
  • The SFTP connection should always work, because access via SFTP is not usually blocked by any intervening firewalls.
  • A connection should be possible from every network and requires no VPN connection.
  • SFTP clients usually allow pausing and resuming of uploads and downloads.

Fugu

The program Fugu is a graphic client for SFTP. The current version of Fugu can be downloaded at heise.de for example. The usage is very simple: After starting Fugu, a GWDG computer with ssh access must be specified, e.g. login.gwdg.de, and the login of a user account. After clicking on “Connect”, the password of the account must be typed in. Fugu then opens the file list of the Unix home directory. In this way, files can be easily moved or copied via drag & drop.

Cyberduck

The program Cyberduck is another graphical client for SFTP. The current version can be downloaded at https://cyberduck.io/.

Mount as a Network Drive via SMB

A different - and often more convenient - option is to set up the home directory as a network drive on the desktop. It then can be accessed like any other external drive via the Samba protocol (SMB). The authentication with the account password is encrypted here, too, but usually the transferred files are not. Therefore you should not transmit sensitive information such as passwords or e-mails with the following methods.

Depending on the location of the computer, access via SMB can be blocked by intervening firewalls. For example, this is the case when trying to access from external networks (e.g. a DSL network). In these cases, a SFTP or VPN connection (mentioned above) has to be used. Setting up the connection via SMB works as follows:

In the Finder menu, click “Go To” → “Connect to Server” (or Apple + k). Now enter the URL

smb://username@samba.gwdg.de/username (replace “username” with your GWDG account name)

You will be prompted to enter your password. After entering the password, your home directory should appear as a network drive on the desktop.

Note: It may be useful to add the drive as a startup object to automatically mount it on startup, especially if you are in the university network often. To do this, click “Users” → “Login Items” in the system settings. Here the network drive can be added either via the plus sign or drag and drop. If you add your password to the keyring, it is not neccessary to enter your password with every mount.

Access to the AD Home

Access to the personal file area in the Windows Active Directory (AD) works exclusively via Samba. This means you need an internal IP (e.g. via VPN). Setting up the connection works much the same as with the Unix home, only with a different URL. In the Finder menu, click “Go To” → “Connect to Server” (or Apple + k). Now enter the URL

smb://username@winfs-uni.top.gwdg.de/username$ (replace “username” with your GWDG username and pay attention to the dollar sign at the very end)

In the next step, you have to identify yourself with your GWDG account.

The AD home directory should appear as a network drive on your desktop. As already described for the Unix home, this can be added as a startup item.

Troubleshooting

Why does the connection to the AD home directory fail?

Sometimes, for unknown reasons, there are problems connecting to the AD drive with Mac OS X. The connection attempt is aborted with a “Connection Failed” message. The reasons for this are not yet known, but should you ever urgently need your data on the AD, there are three options.

Manual Mount

You can manually mount the AD Home to a folder of your choice. In our example we create the mnt folder in the user directory.

  • Make sure that you are in the university network (e.g. via VPN).
  • Open the Terminal (Applications → Utilities → Terminal)
  • Type sudo mkdir /mnt and confirm with Enter to create the mnt folder
  • Then type: sudo mount -t smbfs //username@winfs-uni.top.gwdg.de/username /mnt and press Enter
  • Enter your password and press Enter.

Now you have your AD home folder mounted at /mnt

Access through Terminal Server

With the RDC program (the old one was included with Office:mac 2011 and the actual version (Microsoft Remote Desktop) is available for download in the App Store, you can connect to the GWDG terminal server on which the AD Home is automatically mounted as the P drive. For this, please proceed as follows:

  • Install and open the program.
  • Click RDV → Settings → Drives on the menu bar to mount, for example, the folder “Documents”, so you can transfer the data to your own Mac comfortably.
  • Then connect to wints1.top.gwdg.de and log in with your user data. The user name must be preceded by the domain (gwdg\)!

On the server, you can now find your own documents directory as well as the AD Home as the P drive, and you can move/copy your files. This is certainly not a permanent solution, but if you need it, it works from anywhere.

Connection via script

An unorthodox but often helpful and suitable method for frequent access is the connection script. To use it, open the Apple Script Editor (in Utilities) and enter the following:

mount volume "smb://benutzername@winfs-uni.top.gwdg.de/benutzername$“

Run the script for a test. If it works, save it (File → Save As) as the file format “program”. The saved program can now be run on demand and even used as a login item (see above).