Samba
This page is part of the Linux Disk Management pages.
References
- http://en.opensuse.org/SDB:Access_to_Windows_Shares
- See local documentation at /usr/share/doc/packages/samba/htmldocs (requires package samba documentation)
Packages
In Ubuntu, install the packages samba and smbfs.
Samba Client
Linux
- To mount a samba share in Linux (see [1]):
mkdir -p /windows/winshare
mount -t cifs //winmachine/testshare /windows/winshare
mount -t cifs -o username=user,password=secret //winmachine/testshare /windows/winshare
sudo mount -t cifs -o username=baddreams,uid=1000,gid=124 //phoenix/D$ /net/phoenix/d
- Better always specify option sec=[lanman,ntlm,ntlmv2] to avoid pernission denied error (see bug 1113395):
sudo mount -t cifs -o username=baddreams,uid=1000,gid=124,sec=ntlm //phoenix/D$ /net/phoenix/d
- Or make it an entry in /etc/fstab. Note that gid=124 refers to group sambashare.
//mnemosyne/backup /net/mnemosyne/backuprw cifs username=backup,uid=999,gid=124
- Share with passwords
- There are 4 possibilities to give the password: by the command-line, by env. var
PASSWD
, by a credential file or interactively. - TIP! To pass the password via env. var
PASSWD
, first make sure that file /etc/sudoers contains the following:
Defaults env_keep += "PASSWD"
- Then the password can be passed to
mount
as follows:
stty -echo
read -p "password for user $USER@$SHARE? " PASSWD
stty echo
echo
export PASSWD
sudo mount -t cifs noperm,iocharset=utf8,uid=$(id u),forceuid,gid=$(id g),forcegid,username=$USER $SHARE /smb
Windows
Use the net use
command to mount network samba share.
net use G: \\localserver\beq06659 /USER:WORKGROUP\beq06659 # Better specify domain name to override any corporate domain
CAREFUL CORPORATE USER If you get the following error message although you are giving the correct password, you might need to specify the user DOMAIN as well (as specified in /etc/samba/smb.conf).
The specified network password is not correct.
Samba Server
Installation
(From [2])
- Install Samba
sudo apt-get install samba smbfs
- Edit the configuration file /etc/samba/smb.conf
- Uncomment the line security = user, and add link to smbusers file
security = user
username map = /etc/samba/smbusers # ... does not seems mandatory though
- Add the user
sudo smbpasswd -a beq06659
- Create the user mapping file that maps samba user to linux user in file /etc/samba/smbusers:
<linuxuser>="<sambauser>"
- Uncomment the section corresponding to the shares you want to enable:
[homes]
comment = Home Directories
browseable = no
[c]
comment = Windows Drive C
browseable = yes
path = /win/c
printable = no
guest ok = no
read only = yes
create mask = 0644
directory mask = 0755
[d]
comment = Windows Drive D
browseable = yes
path = /win/d
printable = no
guest ok = no
read only = yes
create mask = 0644
directory mask = 0755
- Don't forget to open the ports on your firewall !!!
- Restart the samba daemon
sudo /etc/init.d/smbd restart
Server Firewall Settings
The following ports must be opened ([3], [4]):
Service | Port | Prot | Description |
---|---|---|---|
netbios-ns | 137 | UDP | NetBIOS Name Service |
netbios-dgm | 138 | UDP | NetBIOS Datagram Service |
netbios-ssn | 139 | TCP | NetBIOS Session Service |
microsoft-ds | 445 | TCP | Microsoft Directory Service |
As advised here, port 135/tcp[1] is better left closed (was already exploited by worms), without causing defect.
Reference: [5].
The idea is to open up the samba shares to all computers on a private network (by restricting network interfaces).
- Edit /etc/samba/smb.conf. Set interfaces to lo and
interfaces = lo eth1
bind interfaces only = true
- Make sure that security is set to share (not user), and that guest account is enabled:
security = share
...
guest account = nobody
- Create a share accessible to guest users:
[Guest Share]
comment = Guest access share
path = /path/to/dir/to/share
browseable = yes
read only = yes
guest ok = yes
- Test that configuration is good with testparm:
testparm
- Restart samba:
sudo /etc/init.d/samba reload
Mount as User
To mount a samba share as a regular user (i.e. without sudo), the following conditions must be met:
/bin/mount
,/bin/umount
,/sbin/mount.cifs
,/sbin/umount.cifs
must be setuid (sudo chmod +s ...
)- share point must be owned by the user (
chown username mountpoint
).- May be optional, but does not hurt, set group of mount point to sambashare, and verify that the user is in that group
- mount spec in fstab must contain the option user (or users to let any user unmount).
- It seems that option suid should be present as well, but does not seem to do anything good to me.
//mnemosyne/public /net/mnemosyne/publicrw cifs noauto,users,guest 0 0 //mnemosyne/public /net/mnemosyne/public cifs noauto,users,ro,guest,suid 0 0
Troubleshooting
mount error(13): Permission denied
- We have the following error when mounting a share with
sudo mount -t cifs //mnemosyne/movies /mnt/any -o rw,username=movies
mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
- dmesg:
[20662.908952] CIFS VFS: Send error in SessSetup = -13 [20662.909123] CIFS VFS: cifs_mount failed w/return code = -13
- The fix is to add option sec=lanman (or sec=ntlm, or sec=ntlmv2).
- This is apparently due to /proc/fs/cifs/SecurityFlags being set to 0x81 instead of 0x07 in previous version of Ubuntu. See bug 1113395 and https://www.kernel.org/doc/readme/fs-cifs-README.
sudo mount -t cifs //mnemosyne/movies /mnt/any -o rw,username=movies,sec=ntlm
mount error(5): Input/output error
- Solution: Use the server IP address instead of server name:
sudo mount -v -t cifs -o noperm,iocharset=utf8,credentials=/etc/auto.smb.st.peetersm //docs.zav.st.com/MinaShare /mnt/any
# mount error(5): Input/output error
# Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
sudo mount -v -t cifs -o noperm,iocharset=utf8,credentials=/etc/auto.smb.st.peetersm //10.136.3.100/MinaShare /mnt/any
Troubleshooting tips
- Try using IP address instead of name.
- Try mount
-verbose
option. - Try network mapper in Nautilus application. This may give a different error code or more detailed error.
- Try a samba client in user-land (like gigolo or smbfs) to see if problem is in the kernel.
References
- ↑ DCE RPC, i.e. Distributed Computing Environment and Remote Procedure Call