5086
Comment:
|
7397
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
= The Transparent Remote File-System Access Method = An alternative to the explicit transfer of files from one machine to another is to attach the remote filesystem to the local machine such that all programs can access it as if it was just another local partition. There are several solutions to this problem, the classical examples are NFS and AFS. At the ETH we are using both of them extensively. Unfortunately NFS has security issues which prevent it from being used in an open environment, and AFS requires special (complex) software on the client side and fundamental changes in the setup of servers. We therefore currently recommend '''Samba''' for remote filesystem attachment. Samba is a free implementation of the Microsoft File Sharing Protocol (SMB). We are running it on all our Unix servers. This enables Windows computers to access files on the Unix machines as if they were on a normal Windows server. Linux is also able to access Samba and mount it just like any other file system. SMB does not encrypt the data it transfers (unlike SSH) but it uses a special method for password authentication which protects the privacy of the password. |
#rev 2018-10-15 bonaccos ## page was renamed from Services/FileAccess/FileSystemAccess <<TableOfContents()>> |
Line 4: | Line 5: |
<<TableOfContents(3)>> | == Accessing Samba shares from Linux == === Overview === Recent Linux Kernels contain the userspace filesystem FUSE. This allows you to use all sorts of new an inovative ways for mounting remote fileystems with normal user privileges. Samples are the "gnome userspace virtual filesystem" and "sshfs" based on SSH. |
Line 6: | Line 9: |
== The Samba Password == Samba (SMB) uses a fundamentally different way to handle passwords than Unix. This has the advantage that passwords do not cross the net unencrypted, but it has the big disadvantage that we have to maintain a separate password database for Samba. We have setup our system so that the Samba password gets changed at the same time as the unix password. If your samba password does not work, please contact support@ee.ethz.ch . |
All graphical desktop file managers must use FUSE based solutions to access remote SMB/CIFS filesystems because they are running with normal user privileges. |
Line 9: | Line 11: |
First, note, that all the information below assumes that you have Windows NT, 2000 or XP installed. With this out of the way you just open the '''start''' menu, select '''Run ...''' and type: | '''In all cases, the share will be mounted in:''' {{{ /run/user/$UID/gvfs/smb-share:server=X,share=Y }}} in order to be able to access from the command line.<<BR>> As documented in [[Workstations/FindYourData]] the share `//itet-stor.ee.ethz.ch/$USER` is a good place to find all your accessible CIFS resources. Technical this share is an implementation of a "Distributed File System (DFS)" root for your account. Unfortunately not all desktop file managers can handle this special kind of a share. With the KDE file managers Konqueror and Dolphin you can't use this share (see [[Services/FileAccess/CIFSLinux#KDE_Konqueror.2CDolphin|Konqueror, Dolphin]]). === Protocol configuration === Recent Debian releases limit the maximum protocol version of Samba to a lower version than commonly offered by modern Windows servers. This is easily remedied by creating a minimal Samba configuration with the following string of commands: {{{#!highlight bash mkdir ~/.smb && echo -e '[global]\client max protocol = SMB3' > ~/.smb/smb.conf }}} === Command Line === ==== gvfs-mount ==== You can also connect to a Samba share on the command line. After you run that command, you can browse the share in Nautilus. |
Line 12: | Line 31: |
net use * \\homes.ee.ethz.ch\login * /user:login | pmuster@testclient:~> gvfs-mount smb://itet-stor.ee.ethz.ch/pmuster Password required for share pmuster on itet-stor.ee.ethz.ch User [pmuster]: pmuster Domain [WORKGROUP]: d Password: ******** |
Line 14: | Line 37: |
Replace ''login'' with your Tardis login name and press return. Now a pop-up will ask for your login name (again) and your (samba)password. Once you have entered them, an explorer will open which shows the content of your Tardis home directory. You can now use the same syntax to access the Tardis home directly from within applications. You can also create a shortcut on the desktop which points to this address to make access even simpler. Note that if you use the same user-name and (samba)password on Windows as you use on Tardis, then windows will not ask you again for your password when mounting the Tardis home. | |
Line 16: | Line 38: |
== Using Samba from Linux (only on self-managed machines, as you need to be root) == From Linux you can use the normal '''mount''' command for mounting Samba shares: |
To unmount a share on the command line, just add the {{{-u}}} flag: {{{ pmuster@testclient:~> gvfs-mount -u smb://itet-stor.ee.ethz.ch/pmuster }}} ==== smbclient ==== smbclient is something like an interactive shell to the file server and also a good troubleshooting tool for connection problems. To connect your personal DFS root share enter: {{{ pmuster@testclient:~$ smbclient -W d //itet-stor.ee.ethz.ch/pmuster Enter pmuster's password: Domain=[D] OS=[Windows 6.1] Server=[Samba 4.2.10-Debian] smb: \> smb: \> ls . D 0 Thu Oct 13 15:27:09 2016 .. D 0 Thu Nov 24 04:55:59 2016 home D 0 Thu Oct 13 15:27:09 2016 project01 D 0 Thu Oct 13 15.27:09 2016 47929224 blocks of size 1024. 37295664 blocks available smb: \> cd home smb: \home\> smb: \home\> ls . D 0 Thu Nov 24 09:35:24 2016 .. DA 0 Thu Nov 24 08:17:38 2016 public_html D 0 Wed Feb 3 15:34:27 2016 Desktop D 0 Mon May 23 14:57:56 2016 Downloads D 0 Mon May 23 14:50:26 2016 .... 1536000 blocks of size 1024. 1340637 blocks available smb: \home\> exit pmuster@testclient:~$ }}} With the command `help` you get a list of all available commands inside the shell. ==== root mount ==== You can also mount your Samba home area with CIFS. This method is only available on computers where you have root access (i.e. this does not work on Linux workstations managed by us). '''If the command returns an error message saying "wrong fs type", make sure the packages "cifs-utils" and "keyutils" are installed.''' |
Line 21: | Line 79: |
# mkdir /tardis-home # mount -t smbfs -o user=lanserc,name=homes.ee.ethz.ch \\\\homes.ee.ethz.ch\\lanserc /tardis-home |
# mkdir /itet-stor # mount -t cifs -o user=<nethz_login>,domain=d //itet-stor.ee.ethz.ch/<nethz_login> /itet-stor |
Line 24: | Line 82: |
When you execute the command you will be asked for your (samba)password and then your home will be available under '''/tardis-home'''. Because mounting generally requires root access, the whole process is a bit tedious because you have to become root first. There is shortcut though. You can add an appropriate line to the '''/etc/fstab''' file which will allow users to mount your Tardis home with '''mount /tardis-home''': | |
Line 26: | Line 83: |
=== Desktop File Managers === ==== Gnome Nautilus ==== Select on the left side '''Connect to network''' and enter the name of the share in the '''Server Address''' field, e.g. as `smb://itet-stor.ee.ethz.ch/pmuster`. Enter the details as given in the screenshot below. {{attachment:nautilus.png}} ==== Cinnamon Nemo ==== Open the {{{Connect to Server}}} application and enter the details similar to the screenshot below. {{attachment:nemo.png}} ==== KDE Konqueror,Dolphin ==== As mentioned above Konqueror and Dolphin can't be used to access smb resources over `\\itet-stor\username`. Open your Konqueror or Dolphin Filemanager/Webbrowser. As location, use `smb://server/share` followed by `<Enter>`. Type your username and password in the following dialog box. ===== ID home share ===== '''{{{ Location: smb://nas-nethz-users.ethz.ch/share-<?>-$/username Username: d\yourNethzUsername Password: yourPrivatePassword }}}''' The '''share-<?>-$''' part of the location is dependant on the first character in your username. If your username is '''kpelle''', this part of the location must be changed to '''share-k-$'''. ===== D-ITET home share ===== '''{{{ Location: smb://nas-itet-01/itet_isg_homes_<nn>/username Username: d\username Password: yourPrivatePassword }}}''' The homes are distributed over multiple `itet_isg_homes_<nn>` shares, to see the number to use you can look at the NFS path of your home: |
|
Line 27: | Line 121: |
[...] //homes.ee.ethz.ch/ smbfs username=lanserc,user,noauto [...] |
pmuster@testclient:~$ ssh login.ee.ethz.ch "df ." pmu@login.ee.ethz.ch's password: Filesystem 1K-blocks Used Available Use% Mounted on nas-itet-01.ethz.ch:/sco_itet_005/itet_isg_homes_03/pmuster 1536000 195072 1340928 13% /home/pmuster pmuster@testclient:~$ |
Line 31: | Line 127: |
In the man page '''smbmount''' you can find more information about this. | So the location for pmuster's home is: smb://nas-itet-01/itet_isg_homes_03/pmuster. |
Line 33: | Line 129: |
== Using CIFS to connect to Samba shares == You can also mount your Samba home area with CIFS: |
===== D-ITET project share ===== '''{{{ Location: smb://itetnas<nn>.ee.ethz.ch/project Username: d\username Password: yourPrivatePassword }}}''' Again the NFS path of the project home is needed: {{{ pmuster@testclient:~$ ssh login.ee.ethz.ch "df /home/mare" Filesystem 1K-blocks Used Available Use% Mounted on itetnas02:/usr/itetnas02/data-project-01/mare 3170549760 620497920 2539297792 20% /home/mare pmuster@testclient:~$ }}} So the location for the mare project home is: `smb://itetnas02.ee.ethz.ch/mare`. |
Line 36: | Line 144: |
=== Troubleshooting === Depending on the way of accessing a Samba share, error messages similar to the following might appear: * '''gvsf-mount''': `Error mounting location: Failed to mount Windows share: Connection timed out` * '''nautilus''': `Unhandled error message: Failed to mount Windows share: Connection timed out` * '''smbclient''': `protocol negotiation failed: NT_STATUS_CONNECTION_RESET` This indicates a failed protocol negotiation between the Samba server and your client in case the protocol version offerd by the server is higher than the client accepts. To fix this apply the protocol configuration mentioned above. '''smbclient''' accepts the parameter "-m" to set the protocol level directly without the need to apply the protocol configuration: |
|
Line 37: | Line 155: |
$ sudo su # mount -t cifs -o user=lanserc,name=homes.ee.ethz.ch \\\\homes.ee.ethz.ch\\lanserc /tardis-home |
pmuster@testclient:~$ smbclient -W d -m SMB3 //itet-stor.ee.ethz.ch/pmuster |
Line 40: | Line 157: |
Recent Linux Kernels contain the userspace filesystem [[http://fuse.sourceforge.net/|FUSE]]. This allows you to use all sorts of new an inovative ways for mounting remote fileystems ... for example you can mount a file system via an ssh connection without needing root privileges: | |
Line 42: | Line 158: |
{{{ $ mkdir ~/tardis-home $ sshfs lanserc@login.ee.ethz.ch: ~/tardis-home }}} But please note, that you can't do sshfs on homes.ee.ethz.ch - use login.ee.ethz.ch instead! You can also unmount it again by typing: {{{ $ fusermount -u ~/tardis-home }}} '''Please note that sshfs is not officially supported by the ISG.EE''' == Windows Network Drive == You can access your home directory on Tardis by mounting {{{\\homes.ee.ethz.ch\username}}} as network drive on your Windows box (replace {{{username}}} with '''your''' Tardis username). Also specify your username in the box "Connect as". You will be asked to supply your Tardis password when mounting your home directory. Tardis uses [[http://www.samba.org/|Samba]] to export your home directory. Our Samba setup uses encrypted passwords which are kept in a separate user database that is ''NOT'' synchronized with your Unix password. The password can not be longer than 8 characters. If you cannot mount your Tardis directory, chances are that we must update your entry in the Samba database. Send eMail to support@ee.ethz.ch . You can change the samba password with {{{smbpasswd -r tardis}}}. |
---- [[CategoryEDUC]] |
Contents
Accessing Samba shares from Linux
Overview
Recent Linux Kernels contain the userspace filesystem FUSE. This allows you to use all sorts of new an inovative ways for mounting remote fileystems with normal user privileges. Samples are the "gnome userspace virtual filesystem" and "sshfs" based on SSH.
All graphical desktop file managers must use FUSE based solutions to access remote SMB/CIFS filesystems because they are running with normal user privileges.
In all cases, the share will be mounted in:
/run/user/$UID/gvfs/smb-share:server=X,share=Y
in order to be able to access from the command line.
As documented in Workstations/FindYourData the share //itet-stor.ee.ethz.ch/$USER is a good place to find all your accessible CIFS resources. Technical this share is an implementation of a "Distributed File System (DFS)" root for your account. Unfortunately not all desktop file managers can handle this special kind of a share. With the KDE file managers Konqueror and Dolphin you can't use this share (see Konqueror, Dolphin).
Protocol configuration
Recent Debian releases limit the maximum protocol version of Samba to a lower version than commonly offered by modern Windows servers. This is easily remedied by creating a minimal Samba configuration with the following string of commands:
1 mkdir ~/.smb && echo -e '[global]\client max protocol = SMB3' > ~/.smb/smb.conf
Command Line
gvfs-mount
You can also connect to a Samba share on the command line. After you run that command, you can browse the share in Nautilus.
pmuster@testclient:~> gvfs-mount smb://itet-stor.ee.ethz.ch/pmuster Password required for share pmuster on itet-stor.ee.ethz.ch User [pmuster]: pmuster Domain [WORKGROUP]: d Password: ********
To unmount a share on the command line, just add the -u flag:
pmuster@testclient:~> gvfs-mount -u smb://itet-stor.ee.ethz.ch/pmuster
smbclient
smbclient is something like an interactive shell to the file server and also a good troubleshooting tool for connection problems. To connect your personal DFS root share enter:
pmuster@testclient:~$ smbclient -W d //itet-stor.ee.ethz.ch/pmuster Enter pmuster's password: Domain=[D] OS=[Windows 6.1] Server=[Samba 4.2.10-Debian] smb: \> smb: \> ls . D 0 Thu Oct 13 15:27:09 2016 .. D 0 Thu Nov 24 04:55:59 2016 home D 0 Thu Oct 13 15:27:09 2016 project01 D 0 Thu Oct 13 15.27:09 2016 47929224 blocks of size 1024. 37295664 blocks available smb: \> cd home smb: \home\> smb: \home\> ls . D 0 Thu Nov 24 09:35:24 2016 .. DA 0 Thu Nov 24 08:17:38 2016 public_html D 0 Wed Feb 3 15:34:27 2016 Desktop D 0 Mon May 23 14:57:56 2016 Downloads D 0 Mon May 23 14:50:26 2016 .... 1536000 blocks of size 1024. 1340637 blocks available smb: \home\> exit pmuster@testclient:~$
With the command help you get a list of all available commands inside the shell.
root mount
You can also mount your Samba home area with CIFS. This method is only available on computers where you have root access (i.e. this does not work on Linux workstations managed by us). If the command returns an error message saying "wrong fs type", make sure the packages "cifs-utils" and "keyutils" are installed.
$ sudo su # mkdir /itet-stor # mount -t cifs -o user=<nethz_login>,domain=d //itet-stor.ee.ethz.ch/<nethz_login> /itet-stor
Desktop File Managers
Gnome Nautilus
Select on the left side Connect to network and enter the name of the share in the Server Address field, e.g. as smb://itet-stor.ee.ethz.ch/pmuster.
Enter the details as given in the screenshot below.
Cinnamon Nemo
Open the Connect to Server application and enter the details similar to the screenshot below.
KDE Konqueror,Dolphin
As mentioned above Konqueror and Dolphin can't be used to access smb resources over \\itet-stor\username.
Open your Konqueror or Dolphin Filemanager/Webbrowser.
As location, use smb://server/share followed by <Enter>. Type your username and password in the following dialog box.
ID home share
Location: smb://nas-nethz-users.ethz.ch/share-<?>-$/username
Username: d\yourNethzUsername
Password: yourPrivatePassword
The share-<?>-$ part of the location is dependant on the first character in your username. If your username is kpelle, this part of the location must be changed to share-k-$.
D-ITET home share
Location: smb://nas-itet-01/itet_isg_homes_<nn>/username
Username: d\username
Password: yourPrivatePassword
The homes are distributed over multiple itet_isg_homes_<nn> shares, to see the number to use you can look at the NFS path of your home:
pmuster@testclient:~$ ssh login.ee.ethz.ch "df ." pmu@login.ee.ethz.ch's password: Filesystem 1K-blocks Used Available Use% Mounted on nas-itet-01.ethz.ch:/sco_itet_005/itet_isg_homes_03/pmuster 1536000 195072 1340928 13% /home/pmuster pmuster@testclient:~$
So the location for pmuster's home is: smb://nas-itet-01/itet_isg_homes_03/pmuster.
D-ITET project share
Location: smb://itetnas<nn>.ee.ethz.ch/project
Username: d\username
Password: yourPrivatePassword
Again the NFS path of the project home is needed:
pmuster@testclient:~$ ssh login.ee.ethz.ch "df /home/mare" Filesystem 1K-blocks Used Available Use% Mounted on itetnas02:/usr/itetnas02/data-project-01/mare 3170549760 620497920 2539297792 20% /home/mare pmuster@testclient:~$
So the location for the mare project home is: smb://itetnas02.ee.ethz.ch/mare.
Troubleshooting
Depending on the way of accessing a Samba share, error messages similar to the following might appear:
gvsf-mount: Error mounting location: Failed to mount Windows share: Connection timed out
nautilus: Unhandled error message: Failed to mount Windows share: Connection timed out
smbclient: protocol negotiation failed: NT_STATUS_CONNECTION_RESET
This indicates a failed protocol negotiation between the Samba server and your client in case the protocol version offerd by the server is higher than the client accepts. To fix this apply the protocol configuration mentioned above.
smbclient accepts the parameter "-m" to set the protocol level directly without the need to apply the protocol configuration:
pmuster@testclient:~$ smbclient -W d -m SMB3 //itet-stor.ee.ethz.ch/pmuster