A nicer way to access Windows file servers from Linux
I recently came across smbnetfs. Initially I had only been looking for a way to mount a Windows file share from userspace, so that I wouldn’t have to deal with permissions for my non-root user accessing a mountpoint. smbnetfs can do a lot more than just that though: It gives you the equivalent of Windows’s “Network” feature, allowing you to access the whole network via a single mount. Since the documentation is a bit sparse, here’s how I set it up.
I’ll demonstrate how to use smbnetfs in conjunction with Kerberos, so that you don’t need to supply your username and password all the time when accessing things. Note that a correctly functioning DNS name resolution is vital for this, because Kerberos requires you use FQDNs everywhere instead of raw-dawging IP addresses.
So, first we need to install everything:
apt-get install smbnetfs krb5-user
Next, configure /etc/krb5.conf
:
[libdefaults]
default_realm = YOUR.AD.DOMAIN.IN.UPPERCASE
default_keytab_name = /etc/krb5.keytab
default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
[domain_realm]
.your.ad.domain.in.lowercase = YOUR.AD.DOMAIN.IN.UPPERCASE
your.ad.domain.in.lowercase = YOUR.AD.DOMAIN.IN.UPPERCASE
Now get a Kerberos ticket:
kinit -r28d your.user@YOUR.AD.DOMAIN.IN.UPPERCASE
Validate that it works:
smbclient -k -U your.user@YOUR.AD.DOMAIN.IN.UPPERCASE -L //hostname.your.ad.domain.in.whatevercase
This command should display the shares that the host is exporting.
Next, we need to configure smbnetfs
. To do this:
mkdir ~/.smb
cp /etc/samba/smb.conf ~/.smb
cp /etc/smbnetfs.conf ~/.smb
With this configuration, smbnetfs
will probably already
work. If you want to bookmark a few hosts that you use often, you can
create another file called ~/.smb/smbnetfs.host
and list
the hosts there:
host hostname.your.ad.domain.in.whatevercase visible=true
Now, run smbnetfs ~/mountpoint
to set up the actual
mountpoint.
You can now access Windows stuff using
ls ~/mountpoint/hostname.your.ad.domain.in.whatevercase/sharename/folder/file.txt
— not just for the hosts you listed in
~/.smb/smbnetfs.host
, but indeed for any name that resolves
in DNS.
I combined this with an hourly cronjob to renew the Kerberos ticket:
0 * * * kinit -r28d -R your.user@YOUR.AD.DOMAIN.IN.UPPERCASE
This makes life in a Windows network a lot easier.