Difference between revisions of "File shares"
Line 146: | Line 146: | ||
The above example will only mount when called. You want it to mount on boot. However, a simple issue is present - you must authenticate to mount. Thus, you need to have some credential stash. Modify the options to this: | The above example will only mount when called. You want it to mount on boot. However, a simple issue is present - you must authenticate to mount. Thus, you need to have some credential stash. Modify the options to this: | ||
− | <pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/ | + | <pre style="white-space: pre;">//fs01mixedsmb.wurnet.nl/DBL-STANDARD_HOMEDIR$/username /mnt/mdrive cifs credentials=/home/localuser/.smbpassword,user,username=username,domain=wur,uid=localuser,gid=localuser 0 0</pre> |
Then you can make the credential file. Set it 600 so that only you or root may read or write. | Then you can make the credential file. Set it 600 so that only you or root may read or write. | ||
Line 155: | Line 155: | ||
<code>chmod 600 ~/.smbpassword</code> | <code>chmod 600 ~/.smbpassword</code> | ||
− | |||
=== Automatically mounting when users login (pam_mount) === | === Automatically mounting when users login (pam_mount) === |
Latest revision as of 14:31, 25 February 2020
Contents
Mounting Home Directories - CIFS
As WUR has moved to a new home directory storage method, the path to finding it is much simpler:
Write yourself an /etc/fstab entry that looks like this:
//fs01mixedsmb.wurnet.nl/DBL-STANDARD_HOMEDIR$/myuser /mnt/mdrive cifs noauto,user,username=myuser,domain=wur,uid=mylocaluser,gid=mylocalgroup 0 0
(Replace myuser with your own WUR account name, and mylocaluser/mylocalgroup with the account/group you have locally)
Now you can simply:
mount /mnt/mdrive
And after entering your password, you have access to your M drive share.
Caveats
This may occasionally not work on the first try, as the hostname WURNET.NL points to multiple machines. You may need to do this repeatedly to get a stable connection.
Mounting dfs-root
With ntlmssp authentication
Please add this line to your /etc/fstab
//WURNET.NL/dfs-root/ /mnt/dfs-root cifs rw,credentials=/<path_to>/.creds,sec=ntlmssp,vers=3.0,noauto,nofail,uid=<local_user>,gid=<local_group> 0 0
Make sure your credentials file .creds contains your wur-user password.
username=<wur_user> password=<wur_password> domain=WUR
If you do not specify the paasword you will receive the error:
mount error(13): Permission denied
With kerberos authentication
The dfs-root share uses Kerberos authentication. We will explain how to setup the kerberos client, obtain a token and finally mount this share.
1. Installing the kerberos client
#RedHat/Centos yum install krb5.libs krb5.workstation #Ubuntu sudo apt-get install krb5-user
2. Configuration for WURNET
sudo vim /etc/krb5.conf
includedir /etc/krb5.conf.d/ #only for red hat and centos, drop this line for ubuntu [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt default_realm = WURNET.NL kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true default_ccache_name = KEYRING:persistent:%{uid} [realms] WURNET.NL = { kdc = wurdc1.wurnet.nl admin_server = wurdc1.wurnet.nl kdc = wurdc2.wurnet.nl kdc = wurdc1.wurnet.nl kdc = wurdc3.wurnet.nl } [domain_realm] wurnet.nl = WURNET.NL .wurnet.nl = WURNET.NL
3. Configure the Kerberos session keys
sudo vim /etc/request-key.d/cifs.spnego.conf create cifs.spnego * * /usr/sbin/cifs.upcall -t %k
This file will most probably already exist. Make sure you are using the '-t' flag!
4. Edit /etc/fstab
//WURNET.NL/dfs-root/ /mnt/dfs-root cifs rw,credentials=/<local_path>/.creds,sec=krb5,vers=3.0,noauto,nofail,uid=<local_user>,gid=<local_user> 0 0
<local_path> is the path on your local machine to the credential file which we will create in the next step.
5. Create the Kerberos credential file
vim /<local_path>/.creds
username=<WUR_user> password= domain=WUR
Please leave the field for password really empty!
6. Acquire a Kerberos key with your credentials
sudo kinit <WUR_user>@WURNET.NL
Now you will be asked to provide your password.
7. Check key properties
sudo klist
Valid starting Expires Service principal 11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6133.wurnet.nl@WURNET.NL renew until 18-02-20 12:06:55 11-02-20 12:07:35 11-02-20 22:06:59 cifs/scomp6000.wurnet.nl@WURNET.NL
renew until 18-02-20 12:06:55
11-02-20 12:07:16 11-02-20 22:06:59 cifs/scomp6004.wurnet.nl@WURNET.NL
renew until 18-02-20 12:06:55
11-02-20 12:06:59 11-02-20 22:06:59 krbtgt/WURNET.NL@WURNET.NL
renew until 18-02-20 12:06:55
8. Now you can mount the drive
sudo mkdir /mnt/dfs-root/ sudo chmod 755 /mnt/dfs-root sudo mount /mnt/dfs-root/
The easiest way to gather information about available CIFS shares is using smbclient. On Ubuntu, you need the pacakge 'smbclient' to provide this.
Usage:
smbclient -L <server> -U username
This will show you all the mounts available to you on that machine.
To test the mount:
sudo mount //server/share -ousername=username,domain=wur /tmp/smb
This will hold until you unmount it.
Automatically mounting at boot (/etc/fstab)
The above example will only mount when called. You want it to mount on boot. However, a simple issue is present - you must authenticate to mount. Thus, you need to have some credential stash. Modify the options to this:
//fs01mixedsmb.wurnet.nl/DBL-STANDARD_HOMEDIR$/username /mnt/mdrive cifs credentials=/home/localuser/.smbpassword,user,username=username,domain=wur,uid=localuser,gid=localuser 0 0
Then you can make the credential file. Set it 600 so that only you or root may read or write.
echo username=username > ~/.smbpassword
echo password=mypassword >> ~/.smbpassword
chmod 600 ~/.smbpassword
Automatically mounting when users login (pam_mount)
apt-get install libpam-mount cifs-utils
Create or edit pam_mount.conf.xml in /etc/security
<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"> <!-- See pam_mount.conf(5) for a description. --> <pam_mount> <!-- debug should come before everything else, since this file is still processed in a single pass from top-to-bottom --> <debug enable="0" /> <!-- Volume definitions --> <!-- pam_mount parameters: General tunables --> <luserconf name=".pam_mount.conf.xml" /> <!-- Note that commenting out mntoptions will give you the defaults. You will need to explicitly initialize it with the empty string to reset the defaults to nothing. --> <mntoptions allow="*" /> <!-- <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" /> <mntoptions deny="suid,dev" /> <mntoptions allow="*" /> <mntoptions deny="*" /> --> <mntoptions require="nosuid,nodev" /> <logout wait="0" hup="0" term="0" kill="0" /> <!-- pam_mount parameters: Volume-related --> <mkmountpoint enable="1" remove="true" /> </pam_mount>
Create a .pam_mount.conf.xml file in each users home directory.
<pam_mount> <volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/M" path="Homes/%(USER)" server="WURNET.NL" fstype="cifs" /> <volume options="domain=WUR,nodev,nosuid" user="*" mountpoint="~/W" path="DFS-Root" server="WURNET.NL" fstype="cifs" /> </pam_mount>
And then create the directories in the users homedir.
mkdir ~/M
mkdir ~/W
You can use skel to automatically put it in users home dir when creating a new user. If you want this then place the .pam_mount.conf.xml file in /etc/skel/ and create the M and W directory in /etc/skel
What is the DFS-Root
DFS is Microsoft's Distributed File System. The purpose of a distributed file system is that the user can access files without knowing on which server the files are locates. The root of a distributed files system is called the DFS-Root. In the DFS-Root are virtual directories which are actual 'links' to shares on some servers.
Most modern CIFS implementations are able to handle DFS properly, thus a config like:
//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur 0 0
Should work.
With newer versions of smbclient it could happen that it needs a version specified in the mount options because the default version is not working. Then try it with version 1.0
//WURNET.NL/DFS-Root /mnt/wdrive cifs noauto,user,username=username,domain=wur,vers=1.0 0 0