Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
en:services:storage_services:file_service:smb_dienstprogramme:start [2020/03/18 08:51] – [persistent mount using a credentials file and fstab] bnachtwen:services:storage_services:file_service:smb_dienstprogramme:start [2020/03/18 11:29] (current) bnachtw
Line 1: Line 1:
 +====== SMB/CIFS Utilities =====
 +
 +===== CIFS/SMB =====
 +
 +The Common Internet File System (CIFS) offers the possibility to map network drives on Windows workstations; the corresponding network protocol was formerly called Server Message Block (SMB). UNIX/Linux operating systems usually come with some utilities which help to make use of CIFS on these platforms, too:
 +
 +===== smbclient =====
 +
 +The ''smbclient'' program is a command line tool e.g. for
 +
 +  * listing network shares and network printers offered by windows servers,
 +  * listing directory contents,
 +  * or file transfer.
 +
 +In the following, ''lmuelle8'' will be used as an example for a valid GWDG user account name, and ''winfs-uni.top.gwdg.de'' will serve as an example for a Windows CIFS/SMB server. Since Windows servers are typically part of the Active Directory, a domain has also to be specified. ''GWDG'' is usually correct; employees of the Max-Planck-Institute (MPI) for Biophysical Chemistry have to use ''MBPC'', employees of the MPI fuer Experimentelle Medizin ''MPEM''.
 +
 +==== Listing network shares ====
 +
 +<file>
 +smbclient -L winfs-uni.top.gwdg.de -W GWDG -U lmuelle8
 +Password:
 +</file> 
 +\\
 +Although the password could be given directly on the command line, this should be avoided for security reasons; it is better to be prompted for the password. The output of the command has been omitted because it is very long.
 +
 +==== Listing directory contents ====
 +
 +<file>
 +smbclient //winfs-uni.top.gwdg.de/lmuelle8$ -W GWDG -U lmuelle8
 +Password: 
 +Domain=[GWDG] OS=[Windows Server 2008 R2 Enterprise 7601 Service Pack 1] Server=[Windows Server 2008 R2 Enterprise 6.1]
 +smb: \> dir
 +  .                                  DR        0  Mon May 23 11:52:52 2011
 +  ..                                 DR        0  Mon May 23 11:52:52 2011
 +  $RECYCLE.BIN                      DHS        0  Tue May  3 08:51:59 2011
 +  Eigene Bilder                     DAR        0  Wed Jun 30 05:24:50 2010
 +  Eigene Musik                      DAR        0  Wed Jun 30 05:24:50 2010
 +  IO.SYS                           AHSR        0  Thu Feb  8 11:15:26 2001
 +  MSDOS.SYS                        AHSR        0  Thu Feb  8 11:15:26 2001
 +  My Music                           DR        0  Tue May  3 08:51:59 2011
 +  My Pictures                        DR        0  Tue May  3 08:51:59 2011
 +  My Videos                          DR        0  Tue May  3 08:51:59 2011
 +  WINDOWS                                    0  Tue May  3 08:51:49 2011
 +  _AdminsOnly                       DAH        0  Wed Jun 30 05:24:46 2010
 +  _GWDGsys                           DA        0  Wed Jun 30 05:24:48 2010
 +
 + 65535 blocks of size 33554432. 18580 blocks available
 +smb: \> quit
 +</file>
 +\\
 +These directory entries didn't change for years, but that's life ...
 +
 +Please notice the trailing %%$%% symbol within the name of the network share %%//winfs-uni.top.gwdg.de/lmuelle8$%%. It has to be appended because all shares on Windows/CIFS servers exporting user data are hidden and thus require a %%$%% on access.
 +
 +==== File transfer ====
 +
 +<file>
 +smbclient //winfs-uni.top.gwdg.de/lmuelle8$ -W GWDG -U lmuelle8
 +Password: 
 +Domain=[GWDG] OS=[Windows Server 2008 R2 Enterprise 7601 Service Pack 1] Server=[Windows Server 2008 R2 Enterprise 6.1]
 +smb: \> put example.doc
 +putting file example.doc as \example.doc (2142.8 kb/s) (average 2142.9 kb/s)
 +smb: \> cd "My Music"
 +smb: \My Music\> get laughter.mp3
 +getting file \My Music\laughter.mp3 of size 3953876 as laughter.mp3 (16223.6 kb/s) (average 16223.6 kb/s)
 +smb: \My Music\> quit
 +</file>
 +\\
 +As demonstrated, ''put'' sends files to the remote host, while ''get'' fetches them.
 +
 +==== Further help ====
 +
 +Help is available via manual page (''man smblient'') or the online ''help'' command which can be typed at the ''smb:'' prompt.
 +
 +===== SMB/CIFS mount =====
 +
 +==== General remarks ====
 +
 +On FreeBSD or Linux systems, e.g., it is possible to mount a Windows network share into the local directory tree. Here, it is important to realize that it is inevitable to establish a user mapping while mounting the share. Thus on the one hand the user credentials on the remote Windows server as well as a local user name have to be specified. On the FreeBSD/Linux client, all files seem to belong to the specified local user, whereas in reality they belong to the user whose credentials were used when accessing the share. Both user names may be equal but they do not have to be.
 +
 +Example user, server and share names are as described above within the context of ''smbclient''.
 +
 +Please look at the manual pages on your system for further help if the examples below won't help.
 +
 +==== FreeBSD example ====
 +
 +<file>
 +mount_smbfs -U lmuelle8 -I winfs-uni.top.gwdg.de -W GWDG -u 1001 -g 20 //lmuelle8@winfs-uni/lmuelle8$ /import/lmuelle8
 +Password:
 +</file>
 +\\
 +
 +The password could be given in the command line, but should not for security reasons. Meaning of the arguments is:
 +
 +  * ''-U lmuelle8'' -- user account name to authenticate with
 +  * ''-I winfs-uni.top.gwdg.de'' -- host name or ip address of server
 +  * ''-W GWDG'' -- active directory domain
 +  * ''-u 1001'' -- local user number
 +  * ''-g 20'' -- local  group number
 +  * ''%%//lmuelle8@winfs-uni/lmuelle8$%%'' -- %%//name of remote user@netbios server name/network share name%%
 +  * ''%%/import/lmuelle8%%'' -- local directory to mount on
 +
 +==== Linux example ====
 +
 +<file>
 +mount.cifs -o domain=GWDG,user=lmuelle8,uid=1001,gid=100 //winfs-uni.top.gwdg.de/lmuelle8$ /import/lmuelle8
 +Password:
 +</file>
 +\\
 +
 +The password could be given in the command line, but should not for security reasons. Meaning of the arguments is:
 +
 +  * ''-o domain=GWDG,user=lmuelle8,uid=1001,gid=100'' -- active directory domain, user account name to authenticate with, local user number, local group number
 +  * ''%%//winfs-uni.top.gwdg.de/lmuelle8$%%'' -- %%//host name or ip address of server/network share name%%
 +  * ''%%/import/lmuelle8%%'' -- local directory to mount on
 +
 +==== persistent mount using a credentials file and fstab ====
 +The mount.cifs command mentioned before works properly if you want to mount the share at once. For a persistent mounting the effort specifying the userid, domain, share URI and mountpoint and always entering the password may be not really comfortable. So you may want to mount the CIFS shares as you do with NFS by adding a line to the ''/etc/fstab''.
 +  # cat /etc/fstab  | grep cifs
 +  //winfs-uni.top.gwdg.de/lmuelle8$  /import/lmuelle8 cifs domain=GWDG,user=lmuelle8,uid=1001,gid=100,file_mode=0664 0 0
 +
 +This skips out the mount command with all the options, but still requires to enter the password. If it's ok to store the password in your linux system, you can use a credential file instead of giving username, domain and password. Such a file looks like this (taking the example from above):
 +  # cat /etc/smbpasswd
 +  domain=GWDG
 +  username=lmuelle8
 +  password=<User's Password in plain text>
 +  
 +The line in the fstab file then looks like this:
 +
 +  # cat /etc/fstab  | grep cifs
 +  //winfs-uni.top.gwdg.de/lmuelle8$  /import/lmuelle8 cifs credentials=/etc/smbpasswd,uid=1001,gid=100,file_mode=0640 0 0
 +  
 +if you want to mount different shares you can use the same credential file for each, if you need different credentials for different shares just setup different credential files, e.g.
 +
 +  # cat /etc/fstab  | grep cifs
 +  //winfs-uni.top.gwdg.de/lmuelle8$   /import/lmuelle8  cifs credentials=/home/lmuelle8/.smb-lmuelle8,uid=1001,gid=100,file_mode=0640 0 0
 +  //wfs-test.top.gwdg.de/workgroup$   /import/workgroup cifs credentials=/etc/smbworkgroup,uid=1001,gid=1000,file_mode=0664 0 0
 +  
 +<WRAP center round important 90%>
 +As the credentials file contains a plain text password, it should be strictly protected from other users accessing it. so please do set the access rights to 600 by
 +  chmod 600 <path to credentials file>
 +</WRAP>