A nicer way to access Windows file servers from Linux

I recently came across smbnetfs. Initially I had only been looking for a way to mount a Windows file share from userspace, so that I wouldn’t have to deal with permissions for my non-root user accessing a mountpoint. smbnetfs can do a lot more than just that though: It gives you the equivalent of Windows’s “Network” feature, allowing you to access the whole network via a single mount. Since the documentation is a bit sparse, here’s how I set it up.

I’ll demonstrate how to use smbnetfs in conjunction with Kerberos, so that you don’t need to supply your username and password all the time when accessing things. Note that a correctly functioning DNS name resolution is vital for this, because Kerberos requires you use FQDNs everywhere instead of raw-dawging IP addresses.

So, first we need to install everything:

apt-get install smbnetfs krb5-user

Next, configure /etc/krb5.conf:

default_keytab_name = /etc/krb5.keytab
default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5

.your.ad.domain.in.lowercase = YOUR.AD.DOMAIN.IN.UPPERCASE
your.ad.domain.in.lowercase = YOUR.AD.DOMAIN.IN.UPPERCASE

Now get a Kerberos ticket:

kinit -r28d your.user@YOUR.AD.DOMAIN.IN.UPPERCASE

Validate that it works:

smbclient -k -U your.user@YOUR.AD.DOMAIN.IN.UPPERCASE -L //hostname.your.ad.domain.in.whatevercase

This command should display the shares that the host is exporting.

Next, we need to configure smbnetfs. To do this:

mkdir ~/.smb
cp /etc/samba/smb.conf ~/.smb
cp /etc/smbnetfs.conf ~/.smb

With this configuration, smbnetfs will probably already work. If you want to bookmark a few hosts that you use often, you can create another file called ~/.smb/smbnetfs.host and list the hosts there:

host hostname.your.ad.domain.in.whatevercase visible=true

Now, run smbnetfs ~/mountpoint to set up the actual mountpoint.

You can now access Windows stuff using ls ~/mountpoint/hostname.your.ad.domain.in.whatevercase/sharename/folder/file.txt — not just for the hosts you listed in ~/.smb/smbnetfs.host, but indeed for any name that resolves in DNS.

I combined this with an hourly cronjob to renew the Kerberos ticket:

0 * * * kinit -r28d -R your.user@YOUR.AD.DOMAIN.IN.UPPERCASE

This makes life in a Windows network a lot easier.