Ubuntu DFS smbclient cifs gvfs

From richud.com
Jump to navigation Jump to search


Work Domain

Prerequisites

Assuming Ubuntu 12.04

cifs-utils = basic cifs mount

sudo apt-get install cifs-utils

smbclient

To view the shares

U logon

W (accounts) domain (NOT same as Domain= which is domain the server is in, not account)

$ smbclient -L //xxxxxxxxxx -U xxxx -W XXX
Enter xxxx's password: 
Domain=[XXX] OS=[Windows Server 2008 R2 Standard 7601 Service Pack 1] Server=[Windows Server 2008 R2 Standard 6.1]

	Sharename       Type      Comment
	---------       ----      -------
	simon           Disk      
	john            Disk      
	ADMIN$          Disk      Remote Admin
	admin-col       Printer   HP 4700
	C$              Disk      Default share
<SNIP>

To get a dir style interface you need to put a share suffix, i.e

  • Note,you must put some share after the server //xxx.xx.xx.xx e.g. //xxx.xx.xx.xx/root/ otherwise nothing will be show.
$ smbclient //xxx.xx.xx.xx/root/ -U xxxx -W XXX
Enter xxxx's password: 
Domain=[EEE] OS=[Windows Server (R) 2008 Enterprise 6002 Service Pack 2] Server=[Windows Server (R) 2008 Enterprise 6.0]
smb: \> ls
  .                                   D        0  Sun Jun 17 20:03:46 2012
  ..                                  D        0  Sun Jun 17 20:03:46 2012
  BackupStore2                        D        0  Thu May 17 20:00:05 2012
  Departments                         D        0  Tue May 22 13:58:56 2012
  Manager                             D        0  Fri Oct 29 14:28:44 2010
  Profiles                            D        0  Fri Oct 29 14:28:44 2010

		34985 blocks of size 2097152. 25972 blocks available
smb: \> quit

Spaces need quotes in an odd way;

smb: \Departments\> cd xxx yyy\
cd \Departments\xxx\: NT_STATUS_OBJECT_NAME_NOT_FOUND
smb: \Departments\> cd "xxx yyy"\
smb: \Departments\xxx yyy\>

gvfs

This is what nautilus uses.

WORKGROUP (DOMAIN) needs to be in CAPS (can be DDD or FQDN DDD.xx.xx.xx)

$ gvfs-mount smb://xxx.xx.xx.xx/root/
Password required for share root on xxx.xx.xx.xx
User [aaaa]: xxxx
Domain [WORKGROUP]: DDD
Password: 
  • Note, whatever you enter for [WORKGROUP] doesn't always make the account relative to it, (as smbclient can manage with W option (above).) On accounts that exist in one domain and not the other it seems to be ok but when same account exists in both it seems not to work

i.e. if you specify credentials DDD\xxxx (and if EEE\xxxx and DDD\xxxx both exist) , it seems to carry on using EEE\xxxx

cifs

FINISH THIS SECTION

via terminal

  • Note, by default it connects as UID/GID 0 which is root, you will need to change this otherwise you will get access denied errors as it creates structure with root only access. Append ,gid=uuu,uid=uuu to your options line, where uuu is your login name and group name (probably the same). Alternatively you can force full access to everything by appending ,file_mode=0777,dir_mode=0777 instead.
  • Note, quotes around spaces
  • Note, domain = the domain that the account is in, not what the server you are connecting to is a member of.
  • Note, domain can be in any case but MUST NOT be FQDN, i.e. DDD or ddd but NOT ddd.dd.dd.dd, either in the credentials file or on command line.
  • Note, DONT be tempted to mount under /media/ as gvfs will start going mental and creating dozens of new mounts for each folder under DFS. Use /mnt and create bookmarks instead. (In Nautilus)

Make sure the target folder (mount point) exist, create it with sudo and it is fine to leave it with root only permissions (default)

$ sudo mount -t cifs "//xxx.xx.xx.xx/root/" /mnt/xxx.xx.xx.xx -o user=xxxx,pass="yyy yyyy",dom=DDD,gid=uuu,uid=uuu


OR using a credentials file containing

  • Note, don't need quotes around spaces, and user/pass/dom are now written in full words.
username=xxxx
password=yyy yyyy
domain=DDD
$ sudo mount -t cifs "//xxx.xx.xx.xx/root/" /mnt/xxx.xx.xx.xx -o credentials=/home/xxxx/.smbcreds,gid=uuu,uid=uuu

via /etc/fstab

  • Note, Make sure the target folder exist, create it with sudo and it is fine to leave it with root only permissions (default)
  • Note conversely to credentials on the command line, quoted spaces need replacing with \040, i.e. user=xxxx,pass="yyy yyyy",dom=DDD becomes user=xxxx,pass=yyy\040yyyy,dom=DDD
//xxx.xx.xx.xx/root/ /mnt/xxx.xx.xx.xx/ cifs credentials=/home/xxxx/.smbcreds,gid=uuu,uid=uuu
#OR
//xxx.xx.xx.xx/root/ /mnt/xxx.xx.xx.xx/ cifs user=xxxx,pass=yyy\040yyyy,dom=DDD,gid=uuu,uid=uuu

Local Workgroup

Prerequisites

Assuming Ubuntu 12.04

cifs-utils = basic cifs mount via IP only

winbind = hostname resolution

sudo apt-get install cifs-utils winbind


For this example im using my Belkin wireless router (F5D8235-4 v1000) running my own custom firmware that shares out any USB stick in it. (standard firmware does this too)

smbtree

On local network, will show shares etc,

  • Note, -N stops using password (assume user guest?) which is needed for router.

(Voyager is an automounted USB stick on the router.)

$ smbtree -N
WORKGROUP
	\\TESTPC      		
BELKIN
	\\BELKIN N+      		BELKIN N+
		\\BELKIN N+\ADMIN$         	IPC Service ("BELKIN N+")
		\\BELKIN N+\IPC$           	IPC Service ("BELKIN N+")
		\\BELKIN N+\Voyager

smbclient

  • Note, Spaces must be in quotes, not replaced with %20
$ smbclient -L "//BELKIN N+/" -N
Domain=[BELKIN] OS=[Unix] Server=[Samba 3.0.2]

	Sharename       Type      Comment
	---------       ----      -------
	Voyager         Disk      
	IPC$            IPC       IPC Service ("BELKIN N+")
	ADMIN$          IPC       IPC Service ("BELKIN N+")
Domain=[BELKIN] OS=[Unix] Server=[Samba 3.0.2]

	Server               Comment
	---------            -------
	BELKIN N+            BELKIN N+

	Workgroup            Master
	---------            -------
	BELKIN               BELKIN N+
	WORKGROUP            TESTPC

Spaces to %20 = fail

$ smbclient -L //BELKIN%20N+/Voyager/ -N
Connection to BELKIN%20N+ failed (Error NT_STATUS_BAD_NETWORK_NAME)

gvfs

  • Note, gvfs mounts in your home/.gvfs directory, this is what Nautilus uses.
  • Note, gvfs can either replace spaces with %20 or quote whole URL
$ gvfs-mount smb://belkin%20N+/Voyager
#or
$ gvfs-mount "smb://belkin N+/Voyager"
$ tree ~/.gvfs/ | head -6
/home/xxxx/.gvfs/
└── voyager on belkin n+
    ├── apc.php
    ├── bios
    │   ├── bios.cfg
    │   ├── bios.lst

gvfs smb version override

This can set options for GVFS samba mounting to follow when used as a user in Nautilus smb:// type mounts, overriding the system smb.conf

Create this file and path (/home/USERNAME/.smb/smb.conf)

~/.smb/smb.conf

This would set your mounts on your client to force to max negotiation speed to server at CIFS aka SMB1 aka NT1) and not SMB2 for example. (Commented out option for a higher negotiation protocol, max SMB2 , Win7 revision.)

client max protocol = NT1
#client max protocol = SMB2_10

cifs

winbind, nsswitch.conf

  • Note, cifs needs winbind to work, else it wont be able to resolve the names to IP's (you can use ip's instead and negate winbind)
  • Install winbind and fix the line like this in /etc/nsswitch.conf - I had problems putting wins first in the past (cant remember what/why now), seems to work best at the end so it is the last lookup method.
hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4 wins

ping is easiest way to see if it now works, to add a space you need to use quotes, other methods don't work. case doesn't matter.

Initially

$ ping "Belkin n+"
ping: unknown host Belkin n+

Now

$ ping Belkin\040n+
ping: unknown host Belkin040n+
$ ping Belkin%20n+
ping: unknown host Belkin%20n+
$ ping "Belkin n+"
PING Belkin n+ (192.168.2.1) 56(84) bytes of data.
^C64 bytes from 192.168.2.1: icmp_req=1 ttl=64 time=0.436 ms

mount via terminal

$ sudo mkdir /media/Belkin
$ sudo mount -t cifs "//BELKIN N+/Voyager/" /media/Belkin -o guest
$ tree /media/Belkin | head -6
/media/Belkin
├── apc.php
├── bios
│   ├── bios.cfg
│   ├── bios.lst
│   ├── DQ965GF.IMA.gz

mount via /etc/fstab

Add this line to auto mount. Spaces need to be in octal, other characters can also be too.

  • Note, to test run "sudo mount -a" after editing, however you need to have manually made /media/Belkin if so. If rebooted, the dir will be made automatically.
//BELKIN\040N+/Voyager/ /media/Belkin cifs guest 0 0
#or even somewhat cryptically to stop the average nosey poker looking in your fstab
//\102\105\114\113\111\116\040\116\053/\126\157\171\141\147\145\162/ /media/Belkin cifs guest 0 0

AD password change

smbpasswd -r <domain-server> -U <user name>


Troubleshooting

Do you get this?

The folder contents could not be displayed.
Sorry, could not display all the contents of "XXX XXXXXXXX": Invalid argument
ls: reading directory xxxxx: Object is remote

Make sure you have the correct search domains set to your windows domain name(s) for all parts of the DFS servers it traverses over, this should come from DHCP option 15. You can add these into network manager or directly (but not permanently if using Ubuntu > 12.10) in /etc/resolv.conf. Unmount and remount the shares for this to have any effect. [There is no obvious error in wireshark if this is the problem, but if you look on a machine it works on it will be connecting differently to non FQDN servers, probably the root ones]

example resolv.conf from 12.10

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search xxx.xx.xx.xx
search yyy.xx.xx.xx
search xx.xx.xx

Comments

blog comments powered by Disqus