Differences between revisions 3 and 80 (spanning 77 versions)
Revision 3 as of 2009-11-12 11:30:27
Size: 5086
Editor: toki
Comment:
Revision 80 as of 2020-09-10 12:40:01
Size: 7397
Editor: bonaccos
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= The Transparent Remote File-System Access Method =
An alternative to the explicit transfer of files from one machine to another is to attach the remote filesystem to the local machine such that all programs can access it as if it was just another local partition. There are several solutions to this problem, the classical examples are NFS and AFS. At the ETH we are using both of them extensively. Unfortunately NFS has security issues which prevent it from being used in an open environment, and AFS requires special (complex) software on the client side and fundamental changes in the setup of servers. We therefore currently recommend '''Samba''' for remote filesystem attachment. Samba is a free implementation of the Microsoft File Sharing Protocol (SMB). We are running it on all our Unix servers. This enables Windows computers to access files on the Unix machines as if they were on a normal Windows server. Linux is also able to access Samba and mount it just like any other file system. SMB does not encrypt the data it transfers (unlike SSH) but it uses a special method for password authentication which protects the privacy of the password.
#rev 2018-10-15 bonaccos
## page was renamed from Services/FileAccess/FileSystemAccess
<<TableOfContents()>>
Line 4: Line 5:
<<TableOfContents(3)>> == Accessing Samba shares from Linux ==
=== Overview ===
Recent Linux Kernels contain the userspace filesystem FUSE. This allows you to use all sorts of new an inovative ways for mounting remote fileystems with normal user privileges. Samples are the "gnome userspace virtual filesystem" and "sshfs" based on SSH.
Line 6: Line 9:
== The Samba Password ==
Samba (SMB) uses a fundamentally different way to handle passwords than Unix. This has the advantage that passwords do not cross the net unencrypted, but it has the big disadvantage that we have to maintain a separate password database for Samba. We have setup our system so that the Samba password gets changed at the same time as the unix password. If your samba password does not work, please contact support@ee.ethz.ch .
All graphical desktop file managers must use FUSE based solutions to access remote SMB/CIFS filesystems because they are running with normal user privileges.
Line 9: Line 11:
First, note, that all the information below assumes that you have Windows NT, 2000 or XP installed. With this out of the way you just open the '''start''' menu, select '''Run ...''' and type: '''In all cases, the share will be mounted in:'''
{{{
  /run/user/$UID/gvfs/smb-share:server=X,share=Y
}}}

in order to be able to access from the command line.<<BR>>

As documented in [[Workstations/FindYourData]] the share `//itet-stor.ee.ethz.ch/$USER` is a good place to find all your accessible CIFS resources. Technical this share is an implementation of a "Distributed File System (DFS)" root for your account. Unfortunately not all desktop file managers can handle this special kind of a share. With the KDE file managers Konqueror and Dolphin you can't use this share (see [[Services/FileAccess/CIFSLinux#KDE_Konqueror.2CDolphin|Konqueror, Dolphin]]).

=== Protocol configuration ===
Recent Debian releases limit the maximum protocol version of Samba to a lower version than commonly offered by modern Windows servers. This is easily remedied by creating a minimal Samba configuration with the following string of commands:
{{{#!highlight bash
mkdir ~/.smb && echo -e '[global]\client max protocol = SMB3' > ~/.smb/smb.conf
}}}

=== Command Line ===
==== gvfs-mount ====
You can also connect to a Samba share on the command line. After you run that command, you can browse the share in Nautilus.
Line 12: Line 31:
 net use * \\homes.ee.ethz.ch\login * /user:login pmuster@testclient:~> gvfs-mount smb://itet-stor.ee.ethz.ch/pmuster
Password required for share pmuster on itet-stor.ee.ethz.ch
User [pmuster]: pmuster
Domain [WORKGROUP]: d
Password: ********
Line 14: Line 37:
Replace ''login'' with your Tardis login name and press return. Now a pop-up will ask for your login name (again) and your (samba)password. Once you have entered them, an explorer will open which shows the content of your Tardis home directory. You can now use the same syntax to access the Tardis home directly from within applications. You can also create a shortcut on the desktop which points to this address to make access even simpler. Note that if you use the same user-name and (samba)password on Windows as you use on Tardis, then windows will not ask you again for your password when mounting the Tardis home.
Line 16: Line 38:
== Using Samba from Linux (only on self-managed machines, as you need to be root) ==
From Linux you can use the normal '''mount''' command for mounting Samba shares:
To unmount a share on the command line, just add the {{{-u}}} flag:

{{{
pmuster@testclient:~> gvfs-mount -u smb://itet-stor.ee.ethz.ch/pmuster
}}}

==== smbclient ====
smbclient is something like an interactive shell to the file server and also a good troubleshooting tool for connection problems. To connect your personal DFS root share enter:
{{{
pmuster@testclient:~$ smbclient -W d //itet-stor.ee.ethz.ch/pmuster
Enter pmuster's password:
Domain=[D] OS=[Windows 6.1] Server=[Samba 4.2.10-Debian]
smb: \>
smb: \> ls
  . D 0 Thu Oct 13 15:27:09 2016
  .. D 0 Thu Nov 24 04:55:59 2016
  home D 0 Thu Oct 13 15:27:09 2016
  project01 D 0 Thu Oct 13 15.27:09 2016

  47929224 blocks of size 1024. 37295664 blocks available
smb: \> cd home
smb: \home\>
smb: \home\> ls
  . D 0 Thu Nov 24 09:35:24 2016
  .. DA 0 Thu Nov 24 08:17:38 2016
  public_html D 0 Wed Feb 3 15:34:27 2016
  Desktop D 0 Mon May 23 14:57:56 2016
  Downloads D 0 Mon May 23 14:50:26 2016
  ....

  1536000 blocks of size 1024. 1340637 blocks available
smb: \home\> exit
pmuster@testclient:~$
}}}
With the command `help` you get a list of all available commands inside the shell.

==== root mount ====
You can also mount your Samba home area with CIFS. This method is only available on computers where you have root access (i.e. this does not work on Linux workstations managed by us). '''If the command returns an error message saying "wrong fs type", make sure the packages "cifs-utils" and "keyutils" are installed.'''
Line 21: Line 79:
# mkdir /tardis-home
# mount -t smbfs -o user=lanserc,name=homes.ee.ethz.ch \\\\homes.ee.ethz.ch\\lanserc /tardis-home
# mkdir /itet-stor
# mount -t cifs -o user=<nethz_login>,domain=d //itet-stor.ee.ethz.ch/<nethz_login> /itet-stor
Line 24: Line 82:
When you execute the command you will be asked for your (samba)password and then your home will be available under '''/tardis-home'''. Because mounting generally requires root access, the whole process is a bit tedious because you have to become root first. There is shortcut though. You can add an appropriate line to the '''/etc/fstab''' file which will allow users to mount your Tardis home with '''mount /tardis-home''':
Line 26: Line 83:
=== Desktop File Managers ===

==== Gnome Nautilus ====
Select on the left side '''Connect to network''' and enter the name of the share in the '''Server Address''' field, e.g. as `smb://itet-stor.ee.ethz.ch/pmuster`.

Enter the details as given in the screenshot below.

{{attachment:nautilus.png}}

==== Cinnamon Nemo ====
Open the {{{Connect to Server}}} application and enter the details similar to the screenshot below.

{{attachment:nemo.png}}

==== KDE Konqueror,Dolphin ====
As mentioned above Konqueror and Dolphin can't be used to access smb resources over `\\itet-stor\username`.

Open your Konqueror or Dolphin Filemanager/Webbrowser.

As location, use `smb://server/share` followed by `<Enter>`. Type your username and password in the following dialog box.

===== ID home share =====
'''{{{
Location: smb://nas-nethz-users.ethz.ch/share-<?>-$/username
Username: d\yourNethzUsername
Password: yourPrivatePassword
}}}'''

The '''share-<?>-$''' part of the location is dependant on the first character in your username. If your username is '''kpelle''', this part of the location must be changed to '''share-k-$'''.

===== D-ITET home share =====
'''{{{
Location: smb://nas-itet-01/itet_isg_homes_<nn>/username
Username: d\username
Password: yourPrivatePassword
}}}'''
The homes are distributed over multiple `itet_isg_homes_<nn>` shares, to see the number to use you can look at the NFS path of your home:
Line 27: Line 121:
[...]
//homes.ee.ethz.ch/ smbfs username=lanserc,user,noauto
[...]
pmuster@testclient:~$ ssh login.ee.ethz.ch "df ."
pmu@login.ee.ethz.ch's password:
Filesystem 1K-blocks Used Available Use% Mounted on
nas-itet-01.ethz.ch:/sco_itet_005/itet_isg_homes_03/pmuster 1536000 195072 1340928 13% /home/pmuster
pmuster@testclient:~$
Line 31: Line 127:
In the man page '''smbmount''' you can find more information about this. So the location for pmuster's home is: smb://nas-itet-01/itet_isg_homes_03/pmuster.
Line 33: Line 129:
== Using CIFS to connect to Samba shares ==
You can also mount your Samba home area with CIFS:
===== D-ITET project share =====
'''{{{
Location: smb://itetnas<nn>.ee.ethz.ch/project
Username: d\username
Password: yourPrivatePassword
}}}'''
Again the NFS path of the project home is needed:
{{{
pmuster@testclient:~$ ssh login.ee.ethz.ch "df /home/mare"
Filesystem 1K-blocks Used Available Use% Mounted on
itetnas02:/usr/itetnas02/data-project-01/mare 3170549760 620497920 2539297792 20% /home/mare
pmuster@testclient:~$
}}}
So the location for the mare project home is: `smb://itetnas02.ee.ethz.ch/mare`.
Line 36: Line 144:
=== Troubleshooting ===
Depending on the way of accessing a Samba share, error messages similar to the following might appear:

 * '''gvsf-mount''': `Error mounting location: Failed to mount Windows share: Connection timed out`
 * '''nautilus''': `Unhandled error message: Failed to mount Windows share: Connection timed out`
 * '''smbclient''': `protocol negotiation failed: NT_STATUS_CONNECTION_RESET`

This indicates a failed protocol negotiation between the Samba server and your client in case the protocol version offerd by the server is higher than the client accepts. To fix this apply the protocol configuration mentioned above.

'''smbclient''' accepts the parameter "-m" to set the protocol level directly without the need to apply the protocol configuration:
Line 37: Line 155:
$ sudo su
# mount -t cifs -o user=lanserc,name=homes.ee.ethz.ch \\\\homes.ee.ethz.ch\\lanserc /tardis-home
pmuster@testclient:~$ smbclient -W d -m SMB3 //itet-stor.ee.ethz.ch/pmuster
Line 40: Line 157:
Recent Linux Kernels contain the userspace filesystem [[http://fuse.sourceforge.net/|FUSE]]. This allows you to use all sorts of new an inovative ways for mounting remote fileystems ... for example you can mount a file system via an ssh connection without needing root privileges:
Line 42: Line 158:
{{{
$ mkdir ~/tardis-home
$ sshfs lanserc@login.ee.ethz.ch: ~/tardis-home
}}}
But please note, that you can't do sshfs on homes.ee.ethz.ch - use login.ee.ethz.ch instead!

You can also unmount it again by typing:

{{{
$ fusermount -u ~/tardis-home
}}}
'''Please note that sshfs is not officially supported by the ISG.EE'''

== Windows Network Drive ==
You can access your home directory on Tardis by mounting {{{\\homes.ee.ethz.ch\username}}} as network drive on your Windows box (replace {{{username}}} with '''your''' Tardis username). Also specify your username in the box "Connect as". You will be asked to supply your Tardis password when mounting your home directory.

Tardis uses [[http://www.samba.org/|Samba]] to export your home directory. Our Samba setup uses encrypted passwords which are kept in a separate user database that is ''NOT'' synchronized with your Unix password. The password can not be longer than 8 characters. If you cannot mount your Tardis directory, chances are that we must update your entry in the Samba database. Send eMail to support@ee.ethz.ch . You can change the samba password with {{{smbpasswd -r tardis}}}.
----
[[CategoryEDUC]]

Accessing Samba shares from Linux

Overview

Recent Linux Kernels contain the userspace filesystem FUSE. This allows you to use all sorts of new an inovative ways for mounting remote fileystems with normal user privileges. Samples are the "gnome userspace virtual filesystem" and "sshfs" based on SSH.

All graphical desktop file managers must use FUSE based solutions to access remote SMB/CIFS filesystems because they are running with normal user privileges.

In all cases, the share will be mounted in:

  /run/user/$UID/gvfs/smb-share:server=X,share=Y

in order to be able to access from the command line.

As documented in Workstations/FindYourData the share //itet-stor.ee.ethz.ch/$USER is a good place to find all your accessible CIFS resources. Technical this share is an implementation of a "Distributed File System (DFS)" root for your account. Unfortunately not all desktop file managers can handle this special kind of a share. With the KDE file managers Konqueror and Dolphin you can't use this share (see Konqueror, Dolphin).

Protocol configuration

Recent Debian releases limit the maximum protocol version of Samba to a lower version than commonly offered by modern Windows servers. This is easily remedied by creating a minimal Samba configuration with the following string of commands:

   1 mkdir ~/.smb && echo -e '[global]\client max protocol = SMB3' > ~/.smb/smb.conf

Command Line

gvfs-mount

You can also connect to a Samba share on the command line. After you run that command, you can browse the share in Nautilus.

pmuster@testclient:~> gvfs-mount smb://itet-stor.ee.ethz.ch/pmuster
Password required for share pmuster on itet-stor.ee.ethz.ch
User [pmuster]: pmuster
Domain [WORKGROUP]: d
Password: ********

To unmount a share on the command line, just add the -u flag:

pmuster@testclient:~> gvfs-mount -u smb://itet-stor.ee.ethz.ch/pmuster

smbclient

smbclient is something like an interactive shell to the file server and also a good troubleshooting tool for connection problems. To connect your personal DFS root share enter:

pmuster@testclient:~$ smbclient -W d //itet-stor.ee.ethz.ch/pmuster
Enter pmuster's password: 
Domain=[D] OS=[Windows 6.1] Server=[Samba 4.2.10-Debian]
smb: \>
smb: \> ls
  .                                   D        0  Thu Oct 13 15:27:09 2016
  ..                                  D        0  Thu Nov 24 04:55:59 2016
  home                                D        0  Thu Oct 13 15:27:09 2016
  project01                           D        0  Thu Oct 13 15.27:09 2016

                47929224 blocks of size 1024. 37295664 blocks available
smb: \> cd home
smb: \home\>
smb: \home\> ls
  .                                   D        0  Thu Nov 24 09:35:24 2016
  ..                                 DA        0  Thu Nov 24 08:17:38 2016
  public_html                         D        0  Wed Feb  3 15:34:27 2016
  Desktop                             D        0  Mon May 23 14:57:56 2016
  Downloads                           D        0  Mon May 23 14:50:26 2016
  ....

                1536000 blocks of size 1024. 1340637 blocks available
smb: \home\> exit
pmuster@testclient:~$ 

With the command help you get a list of all available commands inside the shell.

root mount

You can also mount your Samba home area with CIFS. This method is only available on computers where you have root access (i.e. this does not work on Linux workstations managed by us). If the command returns an error message saying "wrong fs type", make sure the packages "cifs-utils" and "keyutils" are installed.

$ sudo su
# mkdir /itet-stor
# mount -t cifs -o user=<nethz_login>,domain=d //itet-stor.ee.ethz.ch/<nethz_login>  /itet-stor

Desktop File Managers

Gnome Nautilus

Select on the left side Connect to network and enter the name of the share in the Server Address field, e.g. as smb://itet-stor.ee.ethz.ch/pmuster.

Enter the details as given in the screenshot below.

nautilus.png

Cinnamon Nemo

Open the Connect to Server application and enter the details similar to the screenshot below.

nemo.png

KDE Konqueror,Dolphin

As mentioned above Konqueror and Dolphin can't be used to access smb resources over \\itet-stor\username.

Open your Konqueror or Dolphin Filemanager/Webbrowser.

As location, use smb://server/share followed by <Enter>. Type your username and password in the following dialog box.

ID home share

Location:   smb://nas-nethz-users.ethz.ch/share-<?>-$/username
Username:   d\yourNethzUsername
Password:   yourPrivatePassword

The share-<?>-$ part of the location is dependant on the first character in your username. If your username is kpelle, this part of the location must be changed to share-k-$.

D-ITET home share

Location:   smb://nas-itet-01/itet_isg_homes_<nn>/username
Username:   d\username
Password:   yourPrivatePassword

The homes are distributed over multiple itet_isg_homes_<nn> shares, to see the number to use you can look at the NFS path of your home:

pmuster@testclient:~$ ssh login.ee.ethz.ch "df ."
pmu@login.ee.ethz.ch's password: 
Filesystem                                                  1K-blocks   Used Available Use% Mounted on
nas-itet-01.ethz.ch:/sco_itet_005/itet_isg_homes_03/pmuster   1536000 195072   1340928  13% /home/pmuster
pmuster@testclient:~$

So the location for pmuster's home is: smb://nas-itet-01/itet_isg_homes_03/pmuster.

D-ITET project share

Location:   smb://itetnas<nn>.ee.ethz.ch/project
Username:   d\username
Password:   yourPrivatePassword

Again the NFS path of the project home is needed:

pmuster@testclient:~$ ssh login.ee.ethz.ch "df /home/mare"
Filesystem                                     1K-blocks      Used  Available Use% Mounted on
itetnas02:/usr/itetnas02/data-project-01/mare 3170549760 620497920 2539297792  20% /home/mare
pmuster@testclient:~$

So the location for the mare project home is: smb://itetnas02.ee.ethz.ch/mare.

Troubleshooting

Depending on the way of accessing a Samba share, error messages similar to the following might appear:

  • gvsf-mount: Error mounting location: Failed to mount Windows share: Connection timed out

  • nautilus: Unhandled error message: Failed to mount Windows share: Connection timed out

  • smbclient: protocol negotiation failed: NT_STATUS_CONNECTION_RESET

This indicates a failed protocol negotiation between the Samba server and your client in case the protocol version offerd by the server is higher than the client accepts. To fix this apply the protocol configuration mentioned above.

smbclient accepts the parameter "-m" to set the protocol level directly without the need to apply the protocol configuration:

pmuster@testclient:~$ smbclient -W d -m SMB3 //itet-stor.ee.ethz.ch/pmuster


CategoryEDUC

Services/FileAccess/CIFSLinux (last edited 2022-11-10 14:03:06 by stroth)