https://lug.wur.nl/api.php?action=feedcontributions&user=Staig001&feedformat=atomLUG - User contributions [en]2024-03-28T14:26:51ZUser contributionsMediaWiki 1.34.1https://lug.wur.nl/index.php?title=File_shares&diff=466File shares2020-02-14T09:20:42Z<p>Staig001: </p>
<hr />
<div>=== Mounting Home Directories - CIFS ===<br />
As WUR has moved to a new home directory storage method, the path to finding it is much simpler:<br />
<br />
Write yourself an /etc/fstab entry that looks like this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/DBL-STANDARD_HOMEDIR$/myuser /mnt/mdrive cifs noauto,user,username=myuser,domain=wur,uid=mylocaluser,gid=mylocalgroup 0 0</pre><br />
<br />
(Replace myuser with your own WUR account name, and mylocaluser/mylocalgroup with the account/group you have locally)<br />
<br />
Now you can simply:<br />
<br />
<code>mount /mnt/mdrive</code><br />
<br />
And after entering your password, you have access to your M drive share.<br />
<br />
==== Caveats ====<br />
<br />
This may occasionally not work on the first try, as the hostname WURNET.NL points to multiple machines. You may need to do this repeatedly to get a stable connection.<br />
<br />
=== Mounting dfs-root ===<br />
<br />
==== With ntlmssp authentication ====<br />
Please add this line to your /etc/fstab<br />
<br />
<code>//WURNET.NL/dfs-root/ /mnt/dfs-root cifs rw,credentials=/<path_to>/.creds,sec=ntlmssp,vers=3.0,noauto,nofail,uid=<local_user>,gid=<local_group> 0 0</code><br />
<br />
Make sure your credentials file .creds contains your wur-user password.<br />
<br />
username=<wur_user><br />
password=<wur_password><br />
domain=WUR<br />
<br />
If you do not specify the paasword you will receive the error:<br />
<br />
<code>mount error(13): Permission denied</code><br />
<br />
==== With kerberos authentication ====<br />
The dfs-root share uses Kerberos authentication. We will explain how to setup the kerberos client, obtain a token and finally mount this share.<br />
<br />
1. Installing the kerberos client<br />
#RedHat/Centos <br />
yum install krb5.libs krb5.workstation<br />
#Ubuntu <br />
sudo apt-get install krb5-user<br />
<br />
2. Configuration for WURNET<br />
sudo vim /etc/krb5.conf<br />
<br />
includedir /etc/krb5.conf.d/ #only for red hat and centos, drop this line for ubuntu<br />
<br />
[logging]<br />
default = FILE:/var/log/krb5libs.log<br />
kdc = FILE:/var/log/krb5kdc.log<br />
admin_server = FILE:/var/log/kadmind.log<br />
<br />
[libdefaults]<br />
dns_lookup_realm = false<br />
ticket_lifetime = 24h<br />
renew_lifetime = 7d<br />
forwardable = true<br />
rdns = false<br />
pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt<br />
default_realm = WURNET.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
default_ccache_name = KEYRING:persistent:%{uid}<br />
<br />
[realms]<br />
WURNET.NL = {<br />
kdc = wurdc1.wurnet.nl<br />
admin_server = wurdc1.wurnet.nl<br />
kdc = wurdc2.wurnet.nl<br />
kdc = wurdc1.wurnet.nl<br />
kdc = wurdc3.wurnet.nl<br />
}<br />
<br />
[domain_realm]<br />
wurnet.nl = WURNET.NL<br />
.wurnet.nl = WURNET.NL<br />
<br />
3. Configure the Kerberos session keys<br />
sudo vim /etc/request-key.d/cifs.spnego.conf<br />
<br />
create cifs.spnego * * /usr/sbin/cifs.upcall -t %k<br />
<br />
This file will most probably already exist. Make sure you are using the '-t' flag!<br />
<br />
4. Edit /etc/fstab<br />
//WURNET.NL/dfs-root/ /mnt/dfs-root cifs rw,credentials=/<local_path>/.creds,sec=krb5,vers=3.0,noauto,nofail,uid=<local_user>,gid=<local_user> 0 0<br />
<br />
<local_path> is the path on your local machine to the credential file which we will create in the next step.<br />
<br />
5. Create the Kerberos credential file <br />
vim /<local_path>/.creds<br />
<br />
username=<WUR_user><br />
password=<br />
domain=WUR<br />
<br />
Please leave the field for password really empty!<br />
<br />
6. Acquire a Kerberos key with your credentials<br />
sudo kinit <WUR_user>@WURNET.NL<br />
<br />
Now you will be asked to provide your password.<br />
<br />
7. Check key properties<br />
sudo klist<br />
<br />
Valid starting Expires Service principal<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6133.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6000.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:16 11-02-20 22:06:59 cifs/scomp6004.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:06:59 11-02-20 22:06:59 krbtgt/WURNET.NL@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
<br />
8. Now you can mount the drive<br />
sudo mkdir /mnt/dfs-root/<br />
sudo chmod 755 /mnt/dfs-root<br />
sudo mount /mnt/dfs-root/<br />
<br />
<br />
=== Other Shares ===<br />
<br />
The easiest way to gather information about available CIFS shares is using smbclient. On Ubuntu, you need the pacakge 'smbclient' to provide this.<br />
<br />
Usage:<br />
<br />
<code>smbclient -L <server> -U username</code><br />
<br />
This will show you all the mounts available to you on that machine.<br />
<br />
To test the mount:<br />
<br />
<code>sudo mount //server/share -ousername=username,domain=wur /tmp/smb</code><br />
<br />
This will hold until you unmount it. <br />
<br />
=== Automatically mounting at boot (/etc/fstab) ===<br />
<br />
The above example will only mount when called. You want it to mount on boot. However, a simple issue is present - you must authenticate to mount. Thus, you need to have some credential stash. Modify the options to this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/Homes/username /mnt/mdrive cifs credentials=/home/localuser/.smbpassword,user,username=username,domain=wur,uid=localuser,gid=localuser 0 0</pre><br />
<br />
Then you can make the credential file. Set it 600 so that only you or root may read or write.<br />
<br />
<code>echo username=username > ~/.smbpassword</code><br />
<br />
<code>echo password=mypassword >> ~/.smbpassword</code><br />
<br />
<code>chmod 600 ~/.smbpassword</code><br />
<br />
<br />
=== Automatically mounting when users login (pam_mount) ===<br />
<br />
<code>apt-get install libpam-mount cifs-utils</code><br />
<br />
Create or edit pam_mount.conf.xml in /etc/security <br />
<pre><br />
<nowiki><br />
<?xml version="1.0" encoding="utf-8" ?><br />
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"><br />
<!--<br />
See pam_mount.conf(5) for a description.<br />
--><br />
<br />
<pam_mount><br />
<br />
<!-- debug should come before everything else,<br />
since this file is still processed in a single pass<br />
from top-to-bottom --><br />
<br />
<debug enable="0" /><br />
<br />
<!-- Volume definitions --><br />
<br />
<br />
<!-- pam_mount parameters: General tunables --><br />
<br />
<luserconf name=".pam_mount.conf.xml" /><br />
<br />
<!-- Note that commenting out mntoptions will give you the defaults.<br />
You will need to explicitly initialize it with the empty string<br />
to reset the defaults to nothing. --><br />
<mntoptions allow="*" /><br />
<!--<br />
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" /><br />
<mntoptions deny="suid,dev" /><br />
<mntoptions allow="*" /><br />
<mntoptions deny="*" /><br />
--><br />
<mntoptions require="nosuid,nodev" /><br />
<br />
<logout wait="0" hup="0" term="0" kill="0" /><br />
<br />
<!-- pam_mount parameters: Volume-related --><br />
<br />
<mkmountpoint enable="1" remove="true" /><br />
<br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
Create a .pam_mount.conf.xml file in each users home directory. <br />
<br />
<pre><br />
<nowiki> <br />
<pam_mount><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/M" path="Homes/%(USER)" server="WURNET.NL" fstype="cifs" /><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/W" path="DFS-Root" server="WURNET.NL" fstype="cifs" /><br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
And then create the directories in the users homedir.<br />
<br />
<code>mkdir ~/M</code><br />
<br />
<code>mkdir ~/W</code><br />
<br />
You can use skel to automatically put it in users home dir when creating a new user. If you want this then place the .pam_mount.conf.xml file in /etc/skel/ and create the M and W directory in /etc/skel<br />
<br />
=== What is the DFS-Root ===<br />
<br />
DFS is Microsoft's Distributed File System. The purpose of a distributed file system is that the user can access files without knowing on which server the files are locates. The root of a distributed files system is called the DFS-Root. In the DFS-Root are virtual directories which are actual 'links' to shares on some servers.<br />
<br />
Most modern CIFS implementations are able to handle DFS properly, thus a config like:<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur 0 0</nowiki><br />
<br />
Should work.<br />
<br />
With newer versions of smbclient it could happen that it needs a version specified in the mount options because the default version is not working. Then try it with version 1.0<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur,vers=1.0 0 0</nowiki></div>Staig001https://lug.wur.nl/index.php?title=File_shares&diff=465File shares2020-02-11T11:21:24Z<p>Staig001: </p>
<hr />
<div>=== Mounting Home Directories - CIFS ===<br />
As WUR has moved to a new home directory storage method, the path to finding it is much simpler:<br />
<br />
Write yourself an /etc/fstab entry that looks like this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/DBL-STANDARD_HOMEDIR$/myuser /mnt/mdrive cifs noauto,user,username=myuser,domain=wur,uid=mylocaluser,gid=mylocalgroup 0 0</pre><br />
<br />
(Replace myuser with your own WUR account name, and mylocaluser/mylocalgroup with the account/group you have locally)<br />
<br />
Now you can simply:<br />
<br />
<code>mount /mnt/mdrive</code><br />
<br />
And after entering your password, you have access to your M drive share.<br />
<br />
==== Caveats ====<br />
<br />
This may occasionally not work on the first try, as the hostname WURNET.NL points to multiple machines. You may need to do this repeatedly to get a stable connection.<br />
<br />
=== Mounting dfs-root ===<br />
The dfs-root share uses Kerberos authentication. We will explain how to setup the kerberos client, obtain a token and finally mount this share.<br />
<br />
1. Installing the kerberos client<br />
#RedHat/Centos <br />
yum install krb5.libs krb5.workstation<br />
#Ubuntu <br />
sudo apt-get install krb5-user<br />
<br />
2. Configuration for WURNET<br />
sudo vim /etc/krb5.conf<br />
<br />
includedir /etc/krb5.conf.d/ #only for red hat and centos, drop this line for ubuntu<br />
<br />
[logging]<br />
default = FILE:/var/log/krb5libs.log<br />
kdc = FILE:/var/log/krb5kdc.log<br />
admin_server = FILE:/var/log/kadmind.log<br />
<br />
[libdefaults]<br />
dns_lookup_realm = false<br />
ticket_lifetime = 24h<br />
renew_lifetime = 7d<br />
forwardable = true<br />
rdns = false<br />
pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt<br />
default_realm = WURNET.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
default_ccache_name = KEYRING:persistent:%{uid}<br />
<br />
[realms]<br />
WURNET.NL = {<br />
kdc = wurdc1.wurnet.nl<br />
admin_server = wurdc1.wurnet.nl<br />
kdc = wurdc2.wurnet.nl<br />
kdc = wurdc1.wurnet.nl<br />
kdc = wurdc3.wurnet.nl<br />
}<br />
<br />
[domain_realm]<br />
wurnet.nl = WURNET.NL<br />
.wurnet.nl = WURNET.NL<br />
<br />
3. Configure the Kerberos session keys<br />
sudo vim /etc/request-key.d/cifs.spnego.conf<br />
<br />
create cifs.spnego * * /usr/sbin/cifs.upcall -t %k<br />
<br />
This file will most probably already exist. Make sure you are using the '-t' flag!<br />
<br />
4. Edit /etc/fstab<br />
//WURNET.NL/dfs-root/ /mnt/dfs-root cifs rw,credentials=/<local_path>/.creds,sec=krb5,vers=3.0,noauto,nofail,uid=<local_user>,gid=<local_user> 0 0<br />
<br />
<local_path> is the path on your local machine to the credential file which we will create in the next step.<br />
<br />
5. Create the Kerberos credential file <br />
vim /<local_path>/.creds<br />
<br />
username=<WUR_user><br />
password=<br />
domain=WUR<br />
<br />
Please leave the field for password really empty!<br />
<br />
6. Acquire a Kerberos key with your credentials<br />
sudo kinit <WUR_user>@WURNET.NL<br />
<br />
Now you will be asked to provide your password.<br />
<br />
7. Check key properties<br />
sudo klist<br />
<br />
Valid starting Expires Service principal<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6133.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6000.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:16 11-02-20 22:06:59 cifs/scomp6004.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:06:59 11-02-20 22:06:59 krbtgt/WURNET.NL@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
<br />
8. Now you can mount the drive<br />
sudo mkdir /mnt/dfs-root/<br />
sudo chmod 755 /mnt/dfs-root<br />
sudo mount /mnt/dfs-root/<br />
<br />
<br />
=== Other Shares ===<br />
<br />
The easiest way to gather information about available CIFS shares is using smbclient. On Ubuntu, you need the pacakge 'smbclient' to provide this.<br />
<br />
Usage:<br />
<br />
<code>smbclient -L <server> -U username</code><br />
<br />
This will show you all the mounts available to you on that machine.<br />
<br />
To test the mount:<br />
<br />
<code>sudo mount //server/share -ousername=username,domain=wur /tmp/smb</code><br />
<br />
This will hold until you unmount it. <br />
<br />
=== Automatically mounting at boot (/etc/fstab) ===<br />
<br />
The above example will only mount when called. You want it to mount on boot. However, a simple issue is present - you must authenticate to mount. Thus, you need to have some credential stash. Modify the options to this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/Homes/username /mnt/mdrive cifs credentials=/home/localuser/.smbpassword,user,username=username,domain=wur,uid=localuser,gid=localuser 0 0</pre><br />
<br />
Then you can make the credential file. Set it 600 so that only you or root may read or write.<br />
<br />
<code>echo username=username > ~/.smbpassword</code><br />
<br />
<code>echo password=mypassword >> ~/.smbpassword</code><br />
<br />
<code>chmod 600 ~/.smbpassword</code><br />
<br />
<br />
=== Automatically mounting when users login (pam_mount) ===<br />
<br />
<code>apt-get install libpam-mount cifs-utils</code><br />
<br />
Create or edit pam_mount.conf.xml in /etc/security <br />
<pre><br />
<nowiki><br />
<?xml version="1.0" encoding="utf-8" ?><br />
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"><br />
<!--<br />
See pam_mount.conf(5) for a description.<br />
--><br />
<br />
<pam_mount><br />
<br />
<!-- debug should come before everything else,<br />
since this file is still processed in a single pass<br />
from top-to-bottom --><br />
<br />
<debug enable="0" /><br />
<br />
<!-- Volume definitions --><br />
<br />
<br />
<!-- pam_mount parameters: General tunables --><br />
<br />
<luserconf name=".pam_mount.conf.xml" /><br />
<br />
<!-- Note that commenting out mntoptions will give you the defaults.<br />
You will need to explicitly initialize it with the empty string<br />
to reset the defaults to nothing. --><br />
<mntoptions allow="*" /><br />
<!--<br />
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" /><br />
<mntoptions deny="suid,dev" /><br />
<mntoptions allow="*" /><br />
<mntoptions deny="*" /><br />
--><br />
<mntoptions require="nosuid,nodev" /><br />
<br />
<logout wait="0" hup="0" term="0" kill="0" /><br />
<br />
<!-- pam_mount parameters: Volume-related --><br />
<br />
<mkmountpoint enable="1" remove="true" /><br />
<br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
Create a .pam_mount.conf.xml file in each users home directory. <br />
<br />
<pre><br />
<nowiki> <br />
<pam_mount><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/M" path="Homes/%(USER)" server="WURNET.NL" fstype="cifs" /><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/W" path="DFS-Root" server="WURNET.NL" fstype="cifs" /><br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
And then create the directories in the users homedir.<br />
<br />
<code>mkdir ~/M</code><br />
<br />
<code>mkdir ~/W</code><br />
<br />
You can use skel to automatically put it in users home dir when creating a new user. If you want this then place the .pam_mount.conf.xml file in /etc/skel/ and create the M and W directory in /etc/skel<br />
<br />
=== What is the DFS-Root ===<br />
<br />
DFS is Microsoft's Distributed File System. The purpose of a distributed file system is that the user can access files without knowing on which server the files are locates. The root of a distributed files system is called the DFS-Root. In the DFS-Root are virtual directories which are actual 'links' to shares on some servers.<br />
<br />
Most modern CIFS implementations are able to handle DFS properly, thus a config like:<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur 0 0</nowiki><br />
<br />
Should work.<br />
<br />
With newer versions of smbclient it could happen that it needs a version specified in the mount options because the default version is not working. Then try it with version 1.0<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur,vers=1.0 0 0</nowiki></div>Staig001https://lug.wur.nl/index.php?title=File_shares&diff=464File shares2020-02-11T11:20:27Z<p>Staig001: </p>
<hr />
<div>=== Mounting Home Directories - CIFS ===<br />
As WUR has moved to a new home directory storage method, the path to finding it is much simpler:<br />
<br />
Write yourself an /etc/fstab entry that looks like this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/DBL-STANDARD_HOMEDIR$/myuser /mnt/mdrive cifs noauto,user,username=myuser,domain=wur,uid=mylocaluser,gid=mylocalgroup 0 0</pre><br />
<br />
(Replace myuser with your own WUR account name, and mylocaluser/mylocalgroup with the account/group you have locally)<br />
<br />
Now you can simply:<br />
<br />
<code>mount /mnt/mdrive</code><br />
<br />
And after entering your password, you have access to your M drive share.<br />
<br />
==== Caveats ====<br />
<br />
This may occasionally not work on the first try, as the hostname WURNET.NL points to multiple machines. You may need to do this repeatedly to get a stable connection.<br />
<br />
=== Mounting dfs-root ===<br />
The dfs-root share uses Kerberos authentication. We will explain how to setup the kerberos client, obtain a token and finally mount this share.<br />
<br />
1. Installing the kerberos client<br />
#RedHat/Centos <br />
yum install krb5.libs krb5.workstation<br />
#Ubuntu <br />
sudo apt-get install krb5-user<br />
<br />
2. Configuration for WURNET<br />
sudo vim /etc/krb5.conf<br />
<br />
includedir /etc/krb5.conf.d/ #only for red hat and centos, drop this line for ubuntu<br />
<br />
[logging]<br />
default = FILE:/var/log/krb5libs.log<br />
kdc = FILE:/var/log/krb5kdc.log<br />
admin_server = FILE:/var/log/kadmind.log<br />
<br />
[libdefaults]<br />
dns_lookup_realm = false<br />
ticket_lifetime = 24h<br />
renew_lifetime = 7d<br />
forwardable = true<br />
rdns = false<br />
pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt<br />
default_realm = WURNET.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
default_ccache_name = KEYRING:persistent:%{uid}<br />
<br />
[realms]<br />
WURNET.NL = {<br />
kdc = wurdc1.wurnet.nl<br />
admin_server = wurdc1.wurnet.nl<br />
kdc = wurdc2.wurnet.nl<br />
kdc = wurdc1.wurnet.nl<br />
kdc = wurdc3.wurnet.nl<br />
}<br />
<br />
[domain_realm]<br />
wurnet.nl = WURNET.NL<br />
.wurnet.nl = WURNET.NL<br />
<br />
3. Configure the Kerberos session keys<br />
sudo vim /etc/request-key.d/cifs.spnego.conf<br />
<br />
create cifs.spnego * * /usr/sbin/cifs.upcall -t %k<br />
<br />
This file will most probably already exist. Make sure you are using the '-t' flag!<br />
<br />
4. Edit /etc/fstab<br />
//WURNET.NL/dfs-root/ /mnt/dfs-root cifs rw,credentials=/<local_path>/.creds,sec=krb5,vers=3.0,noauto,nofail,uid=<local_user>,gid=<local_user> 0 0<br />
<br />
<local_path> is the path on your local machine to the credential file which we will create in the next step.<br />
<br />
5. Create the Kerberos credential file <br />
vim /<local_path>/.creds<br />
<br />
username=<WUR_user><br />
password=<br />
domain=WUR<br />
<br />
Please leave the field for password really empty!<br />
<br />
6. Acquirea Kerberos key with your credentials<br />
sudo kinit sikke025@WURNET.NL<br />
<br />
Now you will be asked to provide your password.<br />
<br />
7. Check key properties<br />
sudo klist<br />
<br />
Valid starting Expires Service principal<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6133.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6000.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:16 11-02-20 22:06:59 cifs/scomp6004.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:06:59 11-02-20 22:06:59 krbtgt/WURNET.NL@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
<br />
8. Now you can mount the drive<br />
sudo mkdir /mnt/dfs-root/<br />
sudo chmod 755 /mnt/dfs-root<br />
sudo mount /mnt/dfs-root/<br />
<br />
<br />
=== Other Shares ===<br />
<br />
The easiest way to gather information about available CIFS shares is using smbclient. On Ubuntu, you need the pacakge 'smbclient' to provide this.<br />
<br />
Usage:<br />
<br />
<code>smbclient -L <server> -U username</code><br />
<br />
This will show you all the mounts available to you on that machine.<br />
<br />
To test the mount:<br />
<br />
<code>sudo mount //server/share -ousername=username,domain=wur /tmp/smb</code><br />
<br />
This will hold until you unmount it. <br />
<br />
=== Automatically mounting at boot (/etc/fstab) ===<br />
<br />
The above example will only mount when called. You want it to mount on boot. However, a simple issue is present - you must authenticate to mount. Thus, you need to have some credential stash. Modify the options to this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/Homes/username /mnt/mdrive cifs credentials=/home/localuser/.smbpassword,user,username=username,domain=wur,uid=localuser,gid=localuser 0 0</pre><br />
<br />
Then you can make the credential file. Set it 600 so that only you or root may read or write.<br />
<br />
<code>echo username=username > ~/.smbpassword</code><br />
<br />
<code>echo password=mypassword >> ~/.smbpassword</code><br />
<br />
<code>chmod 600 ~/.smbpassword</code><br />
<br />
<br />
=== Automatically mounting when users login (pam_mount) ===<br />
<br />
<code>apt-get install libpam-mount cifs-utils</code><br />
<br />
Create or edit pam_mount.conf.xml in /etc/security <br />
<pre><br />
<nowiki><br />
<?xml version="1.0" encoding="utf-8" ?><br />
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"><br />
<!--<br />
See pam_mount.conf(5) for a description.<br />
--><br />
<br />
<pam_mount><br />
<br />
<!-- debug should come before everything else,<br />
since this file is still processed in a single pass<br />
from top-to-bottom --><br />
<br />
<debug enable="0" /><br />
<br />
<!-- Volume definitions --><br />
<br />
<br />
<!-- pam_mount parameters: General tunables --><br />
<br />
<luserconf name=".pam_mount.conf.xml" /><br />
<br />
<!-- Note that commenting out mntoptions will give you the defaults.<br />
You will need to explicitly initialize it with the empty string<br />
to reset the defaults to nothing. --><br />
<mntoptions allow="*" /><br />
<!--<br />
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" /><br />
<mntoptions deny="suid,dev" /><br />
<mntoptions allow="*" /><br />
<mntoptions deny="*" /><br />
--><br />
<mntoptions require="nosuid,nodev" /><br />
<br />
<logout wait="0" hup="0" term="0" kill="0" /><br />
<br />
<!-- pam_mount parameters: Volume-related --><br />
<br />
<mkmountpoint enable="1" remove="true" /><br />
<br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
Create a .pam_mount.conf.xml file in each users home directory. <br />
<br />
<pre><br />
<nowiki> <br />
<pam_mount><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/M" path="Homes/%(USER)" server="WURNET.NL" fstype="cifs" /><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/W" path="DFS-Root" server="WURNET.NL" fstype="cifs" /><br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
And then create the directories in the users homedir.<br />
<br />
<code>mkdir ~/M</code><br />
<br />
<code>mkdir ~/W</code><br />
<br />
You can use skel to automatically put it in users home dir when creating a new user. If you want this then place the .pam_mount.conf.xml file in /etc/skel/ and create the M and W directory in /etc/skel<br />
<br />
=== What is the DFS-Root ===<br />
<br />
DFS is Microsoft's Distributed File System. The purpose of a distributed file system is that the user can access files without knowing on which server the files are locates. The root of a distributed files system is called the DFS-Root. In the DFS-Root are virtual directories which are actual 'links' to shares on some servers.<br />
<br />
Most modern CIFS implementations are able to handle DFS properly, thus a config like:<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur 0 0</nowiki><br />
<br />
Should work.<br />
<br />
With newer versions of smbclient it could happen that it needs a version specified in the mount options because the default version is not working. Then try it with version 1.0<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur,vers=1.0 0 0</nowiki></div>Staig001https://lug.wur.nl/index.php?title=File_shares&diff=463File shares2020-02-11T11:19:53Z<p>Staig001: </p>
<hr />
<div>=== Mounting Home Directories - CIFS ===<br />
As WUR has moved to a new home directory storage method, the path to finding it is much simpler:<br />
<br />
Write yourself an /etc/fstab entry that looks like this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/DBL-STANDARD_HOMEDIR$/myuser /mnt/mdrive cifs noauto,user,username=myuser,domain=wur,uid=mylocaluser,gid=mylocalgroup 0 0</pre><br />
<br />
(Replace myuser with your own WUR account name, and mylocaluser/mylocalgroup with the account/group you have locally)<br />
<br />
Now you can simply:<br />
<br />
<code>mount /mnt/mdrive</code><br />
<br />
And after entering your password, you have access to your M drive share.<br />
<br />
==== Caveats ====<br />
<br />
This may occasionally not work on the first try, as the hostname WURNET.NL points to multiple machines. You may need to do this repeatedly to get a stable connection.<br />
<br />
=== Mounting dfs-root ===<br />
The dfs-root share uses Kerberos authentication. We will explain how to setup the kerberos client, obtain a token and finally mount this share.<br />
<br />
1. Installing the kerberos client<br />
#RedHat/Centos <br />
yum install krb5.libs krb5.workstation<br />
#Ubuntu <br />
sudo apt-get install krb5-user<br />
<br />
2. Configuration for WURNET<br />
sudo vim /etc/krb5.conf<br />
<br />
includedir /etc/krb5.conf.d/ #only for red hat and centos, drop this line for ubuntu<br />
<br />
[logging]<br />
default = FILE:/var/log/krb5libs.log<br />
kdc = FILE:/var/log/krb5kdc.log<br />
admin_server = FILE:/var/log/kadmind.log<br />
<br />
[libdefaults]<br />
dns_lookup_realm = false<br />
ticket_lifetime = 24h<br />
renew_lifetime = 7d<br />
forwardable = true<br />
rdns = false<br />
pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt<br />
default_realm = WURNET.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
default_ccache_name = KEYRING:persistent:%{uid}<br />
<br />
[realms]<br />
WURNET.NL = {<br />
kdc = wurdc1.wurnet.nl<br />
admin_server = wurdc1.wurnet.nl<br />
kdc = wurdc2.wurnet.nl<br />
kdc = wurdc1.wurnet.nl<br />
kdc = wurdc3.wurnet.nl<br />
}<br />
<br />
[domain_realm]<br />
wurnet.nl = WURNET.NL<br />
.wurnet.nl = WURNET.NL<br />
<br />
3. Configure the Kerberos session keys<br />
sudo vim /etc/request-key.d/cifs.spnego.conf<br />
<br />
create cifs.spnego * * /usr/sbin/cifs.upcall -t %k<br />
<br />
This file will most probably already exist. Make sure you are using the '-t' flag!<br />
<br />
4. Edit /etc/fstab<br />
//WURNET.NL/dfs-root/ /mnt/dfs-root cifs rw,credentials=/<local_path>/.creds,sec=krb5,vers=3.0,noauto,nofail,uid=<local_user>,gid=<local_user> 0 0</code><br />
<br />
<local_path> is the path on your local machine to the credential file which we will create in the next step.<br />
<br />
5. Create the Kerberos credential file <br />
vim /<local_path>/.creds<br />
<br />
username=<WUR_user><br />
password=<br />
domain=WUR<br />
<br />
Please leave the field for password really empty!<br />
<br />
6. Acquirea Kerberos key with your credentials<br />
sudo kinit sikke025@WURNET.NL<br />
<br />
Now you will be asked to provide your password.<br />
<br />
7. Check key properties<br />
sudo klist<br />
<br />
Valid starting Expires Service principal<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6133.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6000.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:16 11-02-20 22:06:59 cifs/scomp6004.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:06:59 11-02-20 22:06:59 krbtgt/WURNET.NL@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
<br />
8. Now you can mount the drive<br />
sudo mkdir /mnt/dfs-root/<br />
sudo chmod 755 /mnt/dfs-root<br />
sudo mount /mnt/dfs-root/<br />
<br />
<br />
=== Other Shares ===<br />
<br />
The easiest way to gather information about available CIFS shares is using smbclient. On Ubuntu, you need the pacakge 'smbclient' to provide this.<br />
<br />
Usage:<br />
<br />
<code>smbclient -L <server> -U username</code><br />
<br />
This will show you all the mounts available to you on that machine.<br />
<br />
To test the mount:<br />
<br />
<code>sudo mount //server/share -ousername=username,domain=wur /tmp/smb</code><br />
<br />
This will hold until you unmount it. <br />
<br />
=== Automatically mounting at boot (/etc/fstab) ===<br />
<br />
The above example will only mount when called. You want it to mount on boot. However, a simple issue is present - you must authenticate to mount. Thus, you need to have some credential stash. Modify the options to this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/Homes/username /mnt/mdrive cifs credentials=/home/localuser/.smbpassword,user,username=username,domain=wur,uid=localuser,gid=localuser 0 0</pre><br />
<br />
Then you can make the credential file. Set it 600 so that only you or root may read or write.<br />
<br />
<code>echo username=username > ~/.smbpassword</code><br />
<br />
<code>echo password=mypassword >> ~/.smbpassword</code><br />
<br />
<code>chmod 600 ~/.smbpassword</code><br />
<br />
<br />
=== Automatically mounting when users login (pam_mount) ===<br />
<br />
<code>apt-get install libpam-mount cifs-utils</code><br />
<br />
Create or edit pam_mount.conf.xml in /etc/security <br />
<pre><br />
<nowiki><br />
<?xml version="1.0" encoding="utf-8" ?><br />
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"><br />
<!--<br />
See pam_mount.conf(5) for a description.<br />
--><br />
<br />
<pam_mount><br />
<br />
<!-- debug should come before everything else,<br />
since this file is still processed in a single pass<br />
from top-to-bottom --><br />
<br />
<debug enable="0" /><br />
<br />
<!-- Volume definitions --><br />
<br />
<br />
<!-- pam_mount parameters: General tunables --><br />
<br />
<luserconf name=".pam_mount.conf.xml" /><br />
<br />
<!-- Note that commenting out mntoptions will give you the defaults.<br />
You will need to explicitly initialize it with the empty string<br />
to reset the defaults to nothing. --><br />
<mntoptions allow="*" /><br />
<!--<br />
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" /><br />
<mntoptions deny="suid,dev" /><br />
<mntoptions allow="*" /><br />
<mntoptions deny="*" /><br />
--><br />
<mntoptions require="nosuid,nodev" /><br />
<br />
<logout wait="0" hup="0" term="0" kill="0" /><br />
<br />
<!-- pam_mount parameters: Volume-related --><br />
<br />
<mkmountpoint enable="1" remove="true" /><br />
<br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
Create a .pam_mount.conf.xml file in each users home directory. <br />
<br />
<pre><br />
<nowiki> <br />
<pam_mount><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/M" path="Homes/%(USER)" server="WURNET.NL" fstype="cifs" /><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/W" path="DFS-Root" server="WURNET.NL" fstype="cifs" /><br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
And then create the directories in the users homedir.<br />
<br />
<code>mkdir ~/M</code><br />
<br />
<code>mkdir ~/W</code><br />
<br />
You can use skel to automatically put it in users home dir when creating a new user. If you want this then place the .pam_mount.conf.xml file in /etc/skel/ and create the M and W directory in /etc/skel<br />
<br />
=== What is the DFS-Root ===<br />
<br />
DFS is Microsoft's Distributed File System. The purpose of a distributed file system is that the user can access files without knowing on which server the files are locates. The root of a distributed files system is called the DFS-Root. In the DFS-Root are virtual directories which are actual 'links' to shares on some servers.<br />
<br />
Most modern CIFS implementations are able to handle DFS properly, thus a config like:<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur 0 0</nowiki><br />
<br />
Should work.<br />
<br />
With newer versions of smbclient it could happen that it needs a version specified in the mount options because the default version is not working. Then try it with version 1.0<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur,vers=1.0 0 0</nowiki></div>Staig001https://lug.wur.nl/index.php?title=File_shares&diff=462File shares2020-02-11T11:17:56Z<p>Staig001: </p>
<hr />
<div>=== Mounting Home Directories - CIFS ===<br />
As WUR has moved to a new home directory storage method, the path to finding it is much simpler:<br />
<br />
Write yourself an /etc/fstab entry that looks like this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/DBL-STANDARD_HOMEDIR$/myuser /mnt/mdrive cifs noauto,user,username=myuser,domain=wur,uid=mylocaluser,gid=mylocalgroup 0 0</pre><br />
<br />
(Replace myuser with your own WUR account name, and mylocaluser/mylocalgroup with the account/group you have locally)<br />
<br />
Now you can simply:<br />
<br />
<code>mount /mnt/mdrive</code><br />
<br />
And after entering your password, you have access to your M drive share.<br />
<br />
==== Caveats ====<br />
<br />
This may occasionally not work on the first try, as the hostname WURNET.NL points to multiple machines. You may need to do this repeatedly to get a stable connection.<br />
<br />
=== Mounting dfs-root ===<br />
The dfs-root share uses Kerberos authentication. We will explain how to setup the kerberos client, obtain a token and finally mount this share.<br />
<br />
1. Installing the kerberos client<br />
#RedHat/Centos <br />
yum install krb5.libs krb5.workstation<br />
#Ubuntu <br />
sudo apt-get install krb5-user<br />
<br />
2. Configuration for WURNET<br />
sudo vim /etc/krb5.conf<br />
<br />
includedir /etc/krb5.conf.d/ #only for red hat and centos, drop this line for ubuntu<br />
<br />
[logging]<br />
default = FILE:/var/log/krb5libs.log<br />
kdc = FILE:/var/log/krb5kdc.log<br />
admin_server = FILE:/var/log/kadmind.log<br />
<br />
[libdefaults]<br />
dns_lookup_realm = false<br />
ticket_lifetime = 24h<br />
renew_lifetime = 7d<br />
forwardable = true<br />
rdns = false<br />
pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt<br />
default_realm = WURNET.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
default_ccache_name = KEYRING:persistent:%{uid}<br />
<br />
[realms]<br />
WURNET.NL = {<br />
kdc = wurdc1.wurnet.nl<br />
admin_server = wurdc1.wurnet.nl<br />
kdc = wurdc2.wurnet.nl<br />
kdc = wurdc1.wurnet.nl<br />
kdc = wurdc3.wurnet.nl<br />
}<br />
<br />
[domain_realm]<br />
wurnet.nl = WURNET.NL<br />
.wurnet.nl = WURNET.NL<br />
<br />
3. Configure the Kerberos session keys<br />
<code>sudo vim /etc/request-key.d/cifs.spnego.conf<br />
create cifs.spnego * * /usr/sbin/cifs.upcall -t %k<br />
</code><br />
This file will most probably already exist. Make sure you are using the '-t' flag!<br />
<br />
4. Edit /etc/fstab<br />
<code>//WURNET.NL/dfs-root/ /mnt/dfs-root cifs rw,credentials=/<local_path>/.creds,sec=krb5,vers=3.0,noauto,nofail,uid=<local_user>,gid=<local_user> 0 0</code><br />
<local_path> is the path on your local machine to the credential file which we will create in the next step.<br />
5. Create the Kerberos credential file <br />
<code>vim /<local_path>/.creds<br />
<br />
username=<WUR_user><br />
password=<br />
domain=WUR<br />
<br />
</code><br />
Please leave the field for password really empty!<br />
<br />
6. Acquirea Kerberos key with your credentials<br />
<code><br />
sudo kinit sikke025@WURNET.NL<br />
</code><br />
Now you will be asked to provide your password.<br />
<br />
7. Check key properties<br />
<code><br />
sudo klist<br />
<br />
Valid starting Expires Service principal<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6133.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6000.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:16 11-02-20 22:06:59 cifs/scomp6004.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:06:59 11-02-20 22:06:59 krbtgt/WURNET.NL@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
<br />
</code><br />
<br />
8. Now you can mount the drive<br />
<br />
<code><br />
sudo mkdir /mnt/dfs-root/<br />
sudo chmod 755 /mnt/dfs-root<br />
sudo mount /mnt/dfs-root/<br />
</code><br />
<br />
<br />
=== Other Shares ===<br />
<br />
The easiest way to gather information about available CIFS shares is using smbclient. On Ubuntu, you need the pacakge 'smbclient' to provide this.<br />
<br />
Usage:<br />
<br />
<code>smbclient -L <server> -U username</code><br />
<br />
This will show you all the mounts available to you on that machine.<br />
<br />
To test the mount:<br />
<br />
<code>sudo mount //server/share -ousername=username,domain=wur /tmp/smb</code><br />
<br />
This will hold until you unmount it. <br />
<br />
=== Automatically mounting at boot (/etc/fstab) ===<br />
<br />
The above example will only mount when called. You want it to mount on boot. However, a simple issue is present - you must authenticate to mount. Thus, you need to have some credential stash. Modify the options to this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/Homes/username /mnt/mdrive cifs credentials=/home/localuser/.smbpassword,user,username=username,domain=wur,uid=localuser,gid=localuser 0 0</pre><br />
<br />
Then you can make the credential file. Set it 600 so that only you or root may read or write.<br />
<br />
<code>echo username=username > ~/.smbpassword</code><br />
<br />
<code>echo password=mypassword >> ~/.smbpassword</code><br />
<br />
<code>chmod 600 ~/.smbpassword</code><br />
<br />
<br />
=== Automatically mounting when users login (pam_mount) ===<br />
<br />
<code>apt-get install libpam-mount cifs-utils</code><br />
<br />
Create or edit pam_mount.conf.xml in /etc/security <br />
<pre><br />
<nowiki><br />
<?xml version="1.0" encoding="utf-8" ?><br />
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"><br />
<!--<br />
See pam_mount.conf(5) for a description.<br />
--><br />
<br />
<pam_mount><br />
<br />
<!-- debug should come before everything else,<br />
since this file is still processed in a single pass<br />
from top-to-bottom --><br />
<br />
<debug enable="0" /><br />
<br />
<!-- Volume definitions --><br />
<br />
<br />
<!-- pam_mount parameters: General tunables --><br />
<br />
<luserconf name=".pam_mount.conf.xml" /><br />
<br />
<!-- Note that commenting out mntoptions will give you the defaults.<br />
You will need to explicitly initialize it with the empty string<br />
to reset the defaults to nothing. --><br />
<mntoptions allow="*" /><br />
<!--<br />
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" /><br />
<mntoptions deny="suid,dev" /><br />
<mntoptions allow="*" /><br />
<mntoptions deny="*" /><br />
--><br />
<mntoptions require="nosuid,nodev" /><br />
<br />
<logout wait="0" hup="0" term="0" kill="0" /><br />
<br />
<!-- pam_mount parameters: Volume-related --><br />
<br />
<mkmountpoint enable="1" remove="true" /><br />
<br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
Create a .pam_mount.conf.xml file in each users home directory. <br />
<br />
<pre><br />
<nowiki> <br />
<pam_mount><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/M" path="Homes/%(USER)" server="WURNET.NL" fstype="cifs" /><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/W" path="DFS-Root" server="WURNET.NL" fstype="cifs" /><br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
And then create the directories in the users homedir.<br />
<br />
<code>mkdir ~/M</code><br />
<br />
<code>mkdir ~/W</code><br />
<br />
You can use skel to automatically put it in users home dir when creating a new user. If you want this then place the .pam_mount.conf.xml file in /etc/skel/ and create the M and W directory in /etc/skel<br />
<br />
=== What is the DFS-Root ===<br />
<br />
DFS is Microsoft's Distributed File System. The purpose of a distributed file system is that the user can access files without knowing on which server the files are locates. The root of a distributed files system is called the DFS-Root. In the DFS-Root are virtual directories which are actual 'links' to shares on some servers.<br />
<br />
Most modern CIFS implementations are able to handle DFS properly, thus a config like:<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur 0 0</nowiki><br />
<br />
Should work.<br />
<br />
With newer versions of smbclient it could happen that it needs a version specified in the mount options because the default version is not working. Then try it with version 1.0<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur,vers=1.0 0 0</nowiki></div>Staig001https://lug.wur.nl/index.php?title=File_shares&diff=461File shares2020-02-11T11:16:26Z<p>Staig001: </p>
<hr />
<div>=== Mounting Home Directories - CIFS ===<br />
As WUR has moved to a new home directory storage method, the path to finding it is much simpler:<br />
<br />
Write yourself an /etc/fstab entry that looks like this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/DBL-STANDARD_HOMEDIR$/myuser /mnt/mdrive cifs noauto,user,username=myuser,domain=wur,uid=mylocaluser,gid=mylocalgroup 0 0</pre><br />
<br />
(Replace myuser with your own WUR account name, and mylocaluser/mylocalgroup with the account/group you have locally)<br />
<br />
Now you can simply:<br />
<br />
<code>mount /mnt/mdrive</code><br />
<br />
And after entering your password, you have access to your M drive share.<br />
<br />
==== Caveats ====<br />
<br />
This may occasionally not work on the first try, as the hostname WURNET.NL points to multiple machines. You may need to do this repeatedly to get a stable connection.<br />
<br />
=== Mounting dfs-root ===<br />
The dfs-root share uses Kerberos authentication. We will explain how to setup the kerberos client, obtain a token and finally mount this share.<br />
<br />
1. Installing the kerberos client<br />
RedHat/Centos <br />
<code>yum install krb5.libs krb5.workstation</code><br />
Ubuntu <br />
<code>sudo apt-get install krb5-user</code><br />
<br />
2. Configuration for WURNET<br />
<code>sudo vim /etc/krb5.conf<br />
<br />
includedir /etc/krb5.conf.d/ #only for red hat and centos, drop this line for ubuntu<br />
<br />
[logging]<br />
default = FILE:/var/log/krb5libs.log<br />
kdc = FILE:/var/log/krb5kdc.log<br />
admin_server = FILE:/var/log/kadmind.log<br />
<br />
[libdefaults]<br />
dns_lookup_realm = false<br />
ticket_lifetime = 24h<br />
renew_lifetime = 7d<br />
forwardable = true<br />
rdns = false<br />
pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt<br />
default_realm = WURNET.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
default_ccache_name = KEYRING:persistent:%{uid}<br />
<br />
[realms]<br />
WURNET.NL = {<br />
kdc = wurdc1.wurnet.nl<br />
admin_server = wurdc1.wurnet.nl<br />
kdc = wurdc2.wurnet.nl<br />
kdc = wurdc1.wurnet.nl<br />
kdc = wurdc3.wurnet.nl<br />
}<br />
<br />
[domain_realm]<br />
wurnet.nl = WURNET.NL<br />
.wurnet.nl = WURNET.NL<br />
<br />
</code><br />
<br />
3. Configure the Kerberos session keys<br />
<code>sudo vim /etc/request-key.d/cifs.spnego.conf<br />
create cifs.spnego * * /usr/sbin/cifs.upcall -t %k<br />
</code><br />
This file will most probably already exist. Make sure you are using the '-t' flag!<br />
<br />
4. Edit /etc/fstab<br />
<code>//WURNET.NL/dfs-root/ /mnt/dfs-root cifs rw,credentials=/<local_path>/.creds,sec=krb5,vers=3.0,noauto,nofail,uid=<local_user>,gid=<local_user> 0 0</code><br />
<local_path> is the path on your local machine to the credential file which we will create in the next step.<br />
5. Create the Kerberos credential file <br />
<code>vim /<local_path>/.creds<br />
<br />
username=<WUR_user><br />
password=<br />
domain=WUR<br />
<br />
</code><br />
Please leave the field for password really empty!<br />
<br />
6. Acquirea Kerberos key with your credentials<br />
<code><br />
sudo kinit sikke025@WURNET.NL<br />
</code><br />
Now you will be asked to provide your password.<br />
<br />
7. Check key properties<br />
<code><br />
sudo klist<br />
<br />
Valid starting Expires Service principal<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6133.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6000.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:16 11-02-20 22:06:59 cifs/scomp6004.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:06:59 11-02-20 22:06:59 krbtgt/WURNET.NL@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
<br />
</code><br />
<br />
8. Now you can mount the drive<br />
<br />
<code><br />
sudo mkdir /mnt/dfs-root/<br />
sudo chmod 755 /mnt/dfs-root<br />
sudo mount /mnt/dfs-root/<br />
</code><br />
<br />
<br />
=== Other Shares ===<br />
<br />
The easiest way to gather information about available CIFS shares is using smbclient. On Ubuntu, you need the pacakge 'smbclient' to provide this.<br />
<br />
Usage:<br />
<br />
<code>smbclient -L <server> -U username</code><br />
<br />
This will show you all the mounts available to you on that machine.<br />
<br />
To test the mount:<br />
<br />
<code>sudo mount //server/share -ousername=username,domain=wur /tmp/smb</code><br />
<br />
This will hold until you unmount it. <br />
<br />
=== Automatically mounting at boot (/etc/fstab) ===<br />
<br />
The above example will only mount when called. You want it to mount on boot. However, a simple issue is present - you must authenticate to mount. Thus, you need to have some credential stash. Modify the options to this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/Homes/username /mnt/mdrive cifs credentials=/home/localuser/.smbpassword,user,username=username,domain=wur,uid=localuser,gid=localuser 0 0</pre><br />
<br />
Then you can make the credential file. Set it 600 so that only you or root may read or write.<br />
<br />
<code>echo username=username > ~/.smbpassword</code><br />
<br />
<code>echo password=mypassword >> ~/.smbpassword</code><br />
<br />
<code>chmod 600 ~/.smbpassword</code><br />
<br />
<br />
=== Automatically mounting when users login (pam_mount) ===<br />
<br />
<code>apt-get install libpam-mount cifs-utils</code><br />
<br />
Create or edit pam_mount.conf.xml in /etc/security <br />
<pre><br />
<nowiki><br />
<?xml version="1.0" encoding="utf-8" ?><br />
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"><br />
<!--<br />
See pam_mount.conf(5) for a description.<br />
--><br />
<br />
<pam_mount><br />
<br />
<!-- debug should come before everything else,<br />
since this file is still processed in a single pass<br />
from top-to-bottom --><br />
<br />
<debug enable="0" /><br />
<br />
<!-- Volume definitions --><br />
<br />
<br />
<!-- pam_mount parameters: General tunables --><br />
<br />
<luserconf name=".pam_mount.conf.xml" /><br />
<br />
<!-- Note that commenting out mntoptions will give you the defaults.<br />
You will need to explicitly initialize it with the empty string<br />
to reset the defaults to nothing. --><br />
<mntoptions allow="*" /><br />
<!--<br />
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" /><br />
<mntoptions deny="suid,dev" /><br />
<mntoptions allow="*" /><br />
<mntoptions deny="*" /><br />
--><br />
<mntoptions require="nosuid,nodev" /><br />
<br />
<logout wait="0" hup="0" term="0" kill="0" /><br />
<br />
<!-- pam_mount parameters: Volume-related --><br />
<br />
<mkmountpoint enable="1" remove="true" /><br />
<br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
Create a .pam_mount.conf.xml file in each users home directory. <br />
<br />
<pre><br />
<nowiki> <br />
<pam_mount><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/M" path="Homes/%(USER)" server="WURNET.NL" fstype="cifs" /><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/W" path="DFS-Root" server="WURNET.NL" fstype="cifs" /><br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
And then create the directories in the users homedir.<br />
<br />
<code>mkdir ~/M</code><br />
<br />
<code>mkdir ~/W</code><br />
<br />
You can use skel to automatically put it in users home dir when creating a new user. If you want this then place the .pam_mount.conf.xml file in /etc/skel/ and create the M and W directory in /etc/skel<br />
<br />
=== What is the DFS-Root ===<br />
<br />
DFS is Microsoft's Distributed File System. The purpose of a distributed file system is that the user can access files without knowing on which server the files are locates. The root of a distributed files system is called the DFS-Root. In the DFS-Root are virtual directories which are actual 'links' to shares on some servers.<br />
<br />
Most modern CIFS implementations are able to handle DFS properly, thus a config like:<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur 0 0</nowiki><br />
<br />
Should work.<br />
<br />
With newer versions of smbclient it could happen that it needs a version specified in the mount options because the default version is not working. Then try it with version 1.0<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur,vers=1.0 0 0</nowiki></div>Staig001https://lug.wur.nl/index.php?title=File_shares&diff=460File shares2020-02-11T11:15:50Z<p>Staig001: </p>
<hr />
<div>=== Mounting Home Directories - CIFS ===<br />
As WUR has moved to a new home directory storage method, the path to finding it is much simpler:<br />
<br />
Write yourself an /etc/fstab entry that looks like this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/DBL-STANDARD_HOMEDIR$/myuser /mnt/mdrive cifs noauto,user,username=myuser,domain=wur,uid=mylocaluser,gid=mylocalgroup 0 0</pre><br />
<br />
(Replace myuser with your own WUR account name, and mylocaluser/mylocalgroup with the account/group you have locally)<br />
<br />
Now you can simply:<br />
<br />
<code>mount /mnt/mdrive</code><br />
<br />
And after entering your password, you have access to your M drive share.<br />
<br />
==== Caveats ====<br />
<br />
This may occasionally not work on the first try, as the hostname WURNET.NL points to multiple machines. You may need to do this repeatedly to get a stable connection.<br />
<br />
=== Mounting dfs-root ===<br />
The dfs-root share uses Kerberos authentication. We will explain how to setup the kerberos client, obtain a token and finally mount this share.<br />
<br />
1. Installing the kerberos client<br />
<br />
(RedHat/Centos) <br />
<br />
<code>yum install krb5.libs krb5.workstation</code><br />
<br />
(Ubuntu) <br />
<br />
<code>sudo apt-get install krb5-user</code><br />
<br />
2. Configuration for WURNET<br />
<code>sudo vim /etc/krb5.conf<br />
<br />
includedir /etc/krb5.conf.d/ #only for red hat and centos, drop this line for ubuntu<br />
<br />
[logging]<br />
default = FILE:/var/log/krb5libs.log<br />
kdc = FILE:/var/log/krb5kdc.log<br />
admin_server = FILE:/var/log/kadmind.log<br />
<br />
[libdefaults]<br />
dns_lookup_realm = false<br />
ticket_lifetime = 24h<br />
renew_lifetime = 7d<br />
forwardable = true<br />
rdns = false<br />
pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt<br />
default_realm = WURNET.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
default_ccache_name = KEYRING:persistent:%{uid}<br />
<br />
[realms]<br />
WURNET.NL = {<br />
kdc = wurdc1.wurnet.nl<br />
admin_server = wurdc1.wurnet.nl<br />
kdc = wurdc2.wurnet.nl<br />
kdc = wurdc1.wurnet.nl<br />
kdc = wurdc3.wurnet.nl<br />
}<br />
<br />
[domain_realm]<br />
wurnet.nl = WURNET.NL<br />
.wurnet.nl = WURNET.NL<br />
<br />
</code><br />
<br />
3. Configure the Kerberos session keys<br />
<code>sudo vim /etc/request-key.d/cifs.spnego.conf<br />
create cifs.spnego * * /usr/sbin/cifs.upcall -t %k<br />
</code><br />
This file will most probably already exist. Make sure you are using the '-t' flag!<br />
<br />
4. Edit /etc/fstab<br />
<code>//WURNET.NL/dfs-root/ /mnt/dfs-root cifs rw,credentials=/<local_path>/.creds,sec=krb5,vers=3.0,noauto,nofail,uid=<local_user>,gid=<local_user> 0 0</code><br />
<local_path> is the path on your local machine to the credential file which we will create in the next step.<br />
5. Create the Kerberos credential file <br />
<code>vim /<local_path>/.creds<br />
<br />
username=<WUR_user><br />
password=<br />
domain=WUR<br />
<br />
</code><br />
Please leave the field for password really empty!<br />
<br />
6. Acquirea Kerberos key with your credentials<br />
<code><br />
sudo kinit sikke025@WURNET.NL<br />
</code><br />
Now you will be asked to provide your password.<br />
<br />
7. Check key properties<br />
<code><br />
sudo klist<br />
<br />
Valid starting Expires Service principal<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6133.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6000.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:07:16 11-02-20 22:06:59 cifs/scomp6004.wurnet.nl@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
11-02-20 12:06:59 11-02-20 22:06:59 krbtgt/WURNET.NL@WURNET.NL<br />
renew until 18-02-20 12:06:55<br />
<br />
</code><br />
<br />
8. Now you can mount the drive<br />
<br />
<code><br />
sudo mkdir /mnt/dfs-root/<br />
sudo chmod 755 /mnt/dfs-root<br />
sudo mount /mnt/dfs-root/<br />
</code><br />
<br />
<br />
=== Other Shares ===<br />
<br />
The easiest way to gather information about available CIFS shares is using smbclient. On Ubuntu, you need the pacakge 'smbclient' to provide this.<br />
<br />
Usage:<br />
<br />
<code>smbclient -L <server> -U username</code><br />
<br />
This will show you all the mounts available to you on that machine.<br />
<br />
To test the mount:<br />
<br />
<code>sudo mount //server/share -ousername=username,domain=wur /tmp/smb</code><br />
<br />
This will hold until you unmount it. <br />
<br />
=== Automatically mounting at boot (/etc/fstab) ===<br />
<br />
The above example will only mount when called. You want it to mount on boot. However, a simple issue is present - you must authenticate to mount. Thus, you need to have some credential stash. Modify the options to this:<br />
<br />
<pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/Homes/username /mnt/mdrive cifs credentials=/home/localuser/.smbpassword,user,username=username,domain=wur,uid=localuser,gid=localuser 0 0</pre><br />
<br />
Then you can make the credential file. Set it 600 so that only you or root may read or write.<br />
<br />
<code>echo username=username > ~/.smbpassword</code><br />
<br />
<code>echo password=mypassword >> ~/.smbpassword</code><br />
<br />
<code>chmod 600 ~/.smbpassword</code><br />
<br />
<br />
=== Automatically mounting when users login (pam_mount) ===<br />
<br />
<code>apt-get install libpam-mount cifs-utils</code><br />
<br />
Create or edit pam_mount.conf.xml in /etc/security <br />
<pre><br />
<nowiki><br />
<?xml version="1.0" encoding="utf-8" ?><br />
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"><br />
<!--<br />
See pam_mount.conf(5) for a description.<br />
--><br />
<br />
<pam_mount><br />
<br />
<!-- debug should come before everything else,<br />
since this file is still processed in a single pass<br />
from top-to-bottom --><br />
<br />
<debug enable="0" /><br />
<br />
<!-- Volume definitions --><br />
<br />
<br />
<!-- pam_mount parameters: General tunables --><br />
<br />
<luserconf name=".pam_mount.conf.xml" /><br />
<br />
<!-- Note that commenting out mntoptions will give you the defaults.<br />
You will need to explicitly initialize it with the empty string<br />
to reset the defaults to nothing. --><br />
<mntoptions allow="*" /><br />
<!--<br />
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" /><br />
<mntoptions deny="suid,dev" /><br />
<mntoptions allow="*" /><br />
<mntoptions deny="*" /><br />
--><br />
<mntoptions require="nosuid,nodev" /><br />
<br />
<logout wait="0" hup="0" term="0" kill="0" /><br />
<br />
<!-- pam_mount parameters: Volume-related --><br />
<br />
<mkmountpoint enable="1" remove="true" /><br />
<br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
Create a .pam_mount.conf.xml file in each users home directory. <br />
<br />
<pre><br />
<nowiki> <br />
<pam_mount><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/M" path="Homes/%(USER)" server="WURNET.NL" fstype="cifs" /><br />
<volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/W" path="DFS-Root" server="WURNET.NL" fstype="cifs" /><br />
</pam_mount><br />
</nowiki><br />
</pre><br />
<br />
And then create the directories in the users homedir.<br />
<br />
<code>mkdir ~/M</code><br />
<br />
<code>mkdir ~/W</code><br />
<br />
You can use skel to automatically put it in users home dir when creating a new user. If you want this then place the .pam_mount.conf.xml file in /etc/skel/ and create the M and W directory in /etc/skel<br />
<br />
=== What is the DFS-Root ===<br />
<br />
DFS is Microsoft's Distributed File System. The purpose of a distributed file system is that the user can access files without knowing on which server the files are locates. The root of a distributed files system is called the DFS-Root. In the DFS-Root are virtual directories which are actual 'links' to shares on some servers.<br />
<br />
Most modern CIFS implementations are able to handle DFS properly, thus a config like:<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur 0 0</nowiki><br />
<br />
Should work.<br />
<br />
With newer versions of smbclient it could happen that it needs a version specified in the mount options because the default version is not working. Then try it with version 1.0<br />
<br />
<nowiki>//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur,vers=1.0 0 0</nowiki></div>Staig001