Bookmark this page

Chapter 12. Accessing Network Storage with SMB

SectionAccessing Network Storage with SMB
Guided Exercise: Practice: Mounting a SMB File System
Lab: Lab: Accessing Network Storage with SMB

Abstract

Overview
Goal	To use autofs and the command line to mount and unmount SMB file systems.
Objectives	Mount, automount, and unmount SMB file systems.
Sections	Accessing Network Storage with SMB (and Practice)
Lab	Accessing Network Storage with SMB

Accessing Network Storage with SMB

Identify the share details; for example, smbclient -L //server.
Create a mount point directory.
mount or update /etc/fstab to mount the SMB share.
umount to unmount a share.
Use autofs service for automounting, using the same mount options as mount.
- enable the service so it starts at boot.
- start the service.
Use -fstype=cifs and prefix the URI with a ":".

Objectives

After completing this section, students should be able to:

Mount and unmount SMB file systems using the command line.
Automount SMB file systems.

Manually mounting and unmounting SMB file systems

Many organizations need to provide network storage and print services for a range of desktop operating systems. Red Hat Enterprise Linux uses the Samba server to provide services that Microsoft Windows clients can use. Samba implements the Server Message Block (SMB) protocol, and Common Internet File System (CIFS) is a dialect of SMB. Often the two names are used interchangeably.

Mounting and unmounting SMB file systems

Connecting to SMB/CIFS shares

Red Hat desktops and servers can connect to shares offered via any server that use the SMB protocol.

Three Basic Steps for Accessing an SMB Share

Identify the remote share to access.
Determine a mount point where the share should be mounted and create the mount point's empty directory.
Mount the network file system with an appropriate command or configuration change.

Before starting, there is one package that must be installed in order to mount SMB shares: cifs-utils. Both the mount command and autofs automounter rely on this package for mounting CIFS file systems.

A second package, samba-client, has some useful command-line utilities—for example, smbclient—and is often worth installing as well.

Mount SMB Share

Identify: The administrator for the SMB server host can provide share details, such as username and password, share names, etc. An alternative is to use a client that can browse the shares, such as smbclient.
```
[student@desktopX ~]$ smbclient -L //serverX
```
The -L option asks the smbclient to list the shares available on serverX.
Mount point: Use mkdir to create a mount point in a suitable location.
```
[student@desktopX ~]$ mkdir -p /mountpoint
```
Mount: There are two choices here: manually or incorporated in the /etc/fstab file. Switch to root or use sudo for either operation.
- Manual: Use the mount command.
```
[student@desktopX ~]$ sudo mount -t cifs -o guest //serverX/share /mountpoint
```
  The -t cifs option is the file system type for SMB shares and the -o guest option tells mount to try and authenticate as a guest account without a password.
- /etc/fstab: Use vim to edit the /etc/fstab file and add the mount entry to the bottom of the file. The SMB share will be mounted at each system boot.
```
[student@desktopX ~]$ sudo vim /etc/fstab
...
//serverX/share  /mountpoint  cifs  guest  0 0
```

Use umount, using root privileges, to manually unmount the share.

[student@desktopX ~]$ sudo umount /mountpoint

Authentication to SMB shares

SMB shares can be flagged as non-browsable, meaning clients such as smbclient will not display them. The SMB shares are still accessible by explicitly specifying the SMB share name during the mount operation.

SMB servers typically restrict access to specific users, or groups of users. Accessing protected shares will require appropriate credentials be presented to the SMB server. There are a range of authentication methods that an SMB server can choose to implement, too many to cover here.

A common choice for authentication is username and password pairs. These can either be added to the mount command (or /etc/fstab entry) or stored in a credentials file that is referenced during the mount operation. The mount command will prompt for a password if it is not provided, but it must be provided if using /etc/fstab. Guest access can be explicitly requested with the guest option.

Some examples:

[student@desktopX ~]$ sudo mount -t cifs -o guest //serverX/docs /public/docs

Mount the SMB share //serverX/docs at /public/docs and attempt to authenticate as guest.

[student@desktopX ~]$ sudo mount -t cifs -o username=watson //serverX/cases /bakerst/cases

Mount the SMB share //serverX/cases at /bakerst/cases and attempt to authenticate as watson. The mount command will prompt for the password in this example.

The credentials file offers better security because the password is stored in a more secure file, whereas the /etc/fstab file is easily examined.

[student@desktopX ~]$ sudo mount -t cifs -o credentials=/secure/sherlock //serverX/sherlock /home/sherlock/work

Mount the SMB share //serverX/sherlock at /home/sherlock/work and attempt to authenticate using the credentials stored in /secure/sherlock.

The format for the credentials file is:

username=username
password=password
domain=domain

It should be placed somewhere secure with only root access (for example, chmod 600).

During file operations, the SMB server will check file access against the credentials used to mount the share. The client will check file access against the UID/GID of the files sent from the server. This means that the client will need to have the same UID/GID, and if necessary, supplementary group membership as the files on the SMB server.

There are a number of mount options that handle local access checking and alternate authentication methods, such as multiuser (and cifscreds) and Kerberos-based options. They will not be covered here; for more information, refer to the man pages and articles available at access.redhat.com.

Mounting SMB file systems with the automounter

Automounting SMB file systems

Using the mount command requires root privileges to connect to the SMB shares. Alternatively, entries can be added to /etc/fstab, but then the connections to the SMB servers would be active all the time.

The automounter, or autofs, service can be configured to mount SMB shares "on demand" when a process attempts to access a file on the SMB share. The automounter will then unmount the share once it is no longer in use, after a certain period of inactivity.

The process for setting up an automount on a SMB share using autofs is essentially the same as other automounts:

Add an auto.master.d configuration file that identifies the base directory for shares and the associated mapping file.
Create or edit the mapping file to include the mount details for the SMB share.
Enable and start the autofs service.

Note

If it is not already installed, install the autofs package. Like mount, the automounter is also dependent on the cifs-utils package for mounting SMB shares.

The mapping file

The file system type needs to be specified with the -fstype=cifs option and then a comma-separated list of mount options, the same mount options used by the mount command. The server URI address needs to be prefixed with a colon ":".

An example:

The following creates an automount at /bakerst/cases for SMB share //serverX/cases, and authenticates against the credentials file /secure/sherlock.

/etc/auto.master.d/bakerst.autofs content:
```
/bakerst   /etc/auto.bakerst
```

/etc/auto.bakerst content:

cases  -fstype=cifs,credentials=/secure/sherlock  ://serverX/cases

/secure/sherlock content (owned by root, perms 600):

username=sherlock
password=violin221B
domain=BAKERST

autofs enable and start:

[student@desktopX ~]$ sudo systemctl enable autofs
[student@desktopX ~]$ sudo systemctl start autofs

References

mount(8), umount(8), fstab(5), mount.cifs(8), smbclient(1), autofs(5), automount(8), and auto.master(5) man pages

Discuss Red Hat System Administration II

Go to community

Is It possible to reset root password when the system is on multi-user.target?

jennifer1987

27 lip 2023

Hi thereWell, i have a question, Is It possible to reset root password when the system is on multi-user.target? I was not be able to found a foro o some information related with this and another question that I have, If the grub menu dont show up, is it posible to reset the root password?

991

Red Hat System Administration II (RH134)

Haley_Ruccio

21 lip 2023

Build the skills to perform the key tasks needed to become a full-time Linux administratorRed Hat System Administration II (RH134) is the second part of the RHCSA training track for IT professionals who have already attended Red Hat System Administration I. The course goes deeper into core Linux system administration skills in storage configuration and management, installation and deployment of Red Hat Enterprise Linux, management of security features such as SELinux, control of recurring system tasks, management of the boot process and troubleshooting, basic system tuning, and command-line automation and productivity. This course assumes that students have attended Red Hat System Administration I (RH124).Experienced Linux administrators who seek rapid preparation for the RHCSA certification should instead start with RHCSA Rapid Track (RH199).This course is based on Red Hat Enterprise Linux 9.0.Course summaryInstall Red Hat Enterprise Linux using scalable methodsAccess security files, file systems, and networksExecute shell scripting and automation techniquesManage storage devices, logical volumes, and file systemsManage security and system accessControl the boot process and system servicesRun containersAudience for this courseThis course is geared toward Windows system administrators, network administrators, and other system administrators who are interested in supplementing current skills or backstopping other team members, in addition to Linux system administrators who are responsible for these tasks:Configuring, installing, upgrading, and maintaining Linux systems using established standards and proceduresProviding operational supportManaging systems for monitoring system performance and availabilityWriting and deploying scripts for task automation and system administrationRecommended trainingSuccessful completion of Red Hat System Administration I (RH124) is recommended.Experienced Linux administrators seeking to accelerate their path toward becoming a Red Hat Certified System Administrator should start with the RHCSA Rapid Track course (RH199).Take our free assessment to gauge whether this offering is the best fit for your skills.Technology considerationsThere are no special technology requirements.This course is not designed for bring your own device (BYOD).Internet access is not required, but is recommended to allow students to research and access Red Hat online resources.

Welcome to the Red Hat System Administration II (RH134) group in the Red Hat Learning Community!

Deanna

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat System Administration II! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH134.Read more about Red Hat System Administration II here.

417

Revision: rh134-7-63a207e