This is going to be a quick and dirty walk through on how to setup access to domain controlled SMB shares, using a combination of domain permissions and traditional Unix style drive mounting using fstab.
1. Install CIFS-Utils
jake@molly:~$ sudo apt install cifs-utils Reading package lists... Done Building dependency tree... Done Reading state information... Done Suggested packages: smbclient winbind The following NEW packages will be installed: cifs-utils 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 94.9 kB of archives. After this operation, 325 kB of additional disk space will be used. Get:1 http://deb.debian.org/debian bookworm/main amd64 cifs-utils amd64 2:7.0-2 [94.9 kB] Fetched 94.9 kB in 0s (263 kB/s) Selecting previously unselected package cifs-utils. (Reading database ... 37110 files and directories currently installed.) Preparing to unpack .../cifs-utils_2%3a7.0-2_amd64.deb ... Unpacking cifs-utils (2:7.0-2) ... Setting up cifs-utils (2:7.0-2) ... update-alternatives: using /usr/lib/x86_64-linux-gnu/cifs-utils/idmapwb.so to provide /etc/cifs-utils/idmap-plugin (idmap-plugin) in auto mode Processing triggers for man-db (2.11.2-2) ... jake@molly:~$
Create a folder to mount your remote file syste, on. you can create it anywhere you want. I am going to create it under /mnt. This is semi standard./mnt is owned by root, so you have to use sudo.
jake@molly:~$ sudo mkdir /mnt/backups jake@molly:~$
Change the permissions of the folder to match the users that will be accessing it locally. This folder is going to be only accessed by me, so i am setting the owner to my domain user, and going to grant any domain user RW access to the folder.
sudo chown jake@realityindustries.ca backups jake@molly:/mnt$ ls -la total 12 drwxr-xr-x 3 root root 4096 Sep 2 01:47 . drwxr-xr-x 18 root root 4096 Sep 1 17:28 .. drwxr-xr-x 2 jake@realityindustries.ca root 4096 Sep 2 01:47 backups
Change group access to domain users RW
jake@molly:/mnt$ sudo chgrp "domain users@realityindustries.ca" backups jake@molly:/mnt$ ls -la total 12 drwxr-xr-x 3 root root 4096 Sep 2 01:47 . drwxr-xr-x 18 root root 4096 Sep 1 17:28 .. drwxr-xr-x 2 jake@realityindustries.ca domain users@realityindustries.ca 4096 Sep 2 01:47 backups jake@molly:/mnt$
Set permissions so owner has RW, group has RW, everyone else gets no access.
jake@molly:/mnt$ sudo chmod 660 backups jake@molly:/mnt$ ls -la total 12 drwxr-xr-x 3 root root 4096 Sep 2 01:47 . drwxr-xr-x 18 root root 4096 Sep 1 17:28 .. drw-rw---- 2 jake@realityindustries.ca domain users@realityindustries.ca 4096 Sep 2 01:47 backups jake@molly:/mnt$
Edit /etc/fstab with your favorite text editor. I like Nano. If you prefer VI(m) good for you, if you prefer emacs, you probably need to clean your ears. Anyway, the syntax of the mount entry is:
Device or share name mount point File syestems options dump fsck.
A really good resource for fstab and file system mounts is fstab at Arch Wiki. Our entry looks like:
share name = //<server/share>
File system = CIFS, Common Internet File System, a very good implementation of SAMBA file mapping.
options
- iocharset=utf8 – character encoding, for international and wide language support
- credentials=<Credential File> – i’m not telling where that is.
- domain = domain name, if on a domain, in old netbios format
- file_mode = 0660,dir_mode=0660 set to owner and group, full access, everyone else, no access
- _netdev = Network device, to keep the system from becoming unresponsive waiting for a share
- 0 0 = 1st 0 is to set dump(8) filesystem checks to off. the 2nd is to disable fsckdisk checks
So the finished entry begins to look like:
//<server/share> <path to folder> cifs iocharset=utf8,credentials=<Credential File>,domain=<domain>,file_mode=0660,dir_mode=0660,_netdev 0 0
Don’t forget to use your own info instead of the placeholders, or it won’t work
After you have added that, save it, and reload systemds version of fstab, and then mount the drive
jake@molly:/mnt$ systemctl daemon-reload ==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon ==== Authentication is required to reload the systemd state. Authenticating as: Jeremy Sutherland,,, (jake) Password: ==== AUTHENTICATION COMPLETE ==== jake@molly:/mnt$ jake@molly:/mnt$ sudo mount -a jake@molly:/mnt$ cd /mnt/backups jake@molly:/mnt/backups$ ls Camera Offsite Projects Servers users work jake@molly:/mnt/backups$
That’s all that’s too it. That Arch wiki entry is a great resource for those that want to know more