Mount Windows share (protected by domain username and password) on Linux

What i wanna do

Within a Windows 2000 domain (with Active Directory), i want connect a Linux box to a Windows box share,  and the share have access restrictions on domain users basics, and reconnect each time the linux box restart 

Environment:

  • Windows domain: WINDOMAIN
  • Windows domain user: WINDOMAIN\Rainbow
  • Server name: DMNSRV
  • Server share: \\DMNSRV\rainbow: only domain admins and domain user Rainbow can access to this share
  • Linux user: legolas

Some pre-check

  • in debian-like distribution, install smbfs (apt-get install smbfs), need to read and write on Windows shares (SMB), and, if not installed by default, the samba client (apt-get install smbclient)
  • check if you can ping the Windows sharing server within the linux box (ie: ping DMNSRV). if your domain it’s a true Windows 2000/XP/2003 domain, you must have a dns server and a dns domain name, ie windomain.intra. if your linuxbox use the windows domain dns server, try ping DMNSRV.windomain,intra. Elsewhere, add the host name to the linux host table (/etc/hosts). Assuming that you can ping SMNSRV.windomain.intra

Made the work

  • start linux as legolas user and obtain a command prompt (terminal or text-only mode)
  • cd /home/legolas (or the home directory of legolas user)
  • create .smbcredentials files and write in this lines
    username=rainbow
    password=rainbow_password 
  • optional: sudo chmod 500 .smbcredtials && sudo chown root .smbcredentials in this way, you make unreadable the file to the legolas linux user, it’s a little security addon if you want to grant access to windows share to the linux user without letting him know the windows user password (and, obviusly, if he cannot became root on the linux box)
  • mkdir rainbow (or another folder where windows share should be mounted)
  • sudo vi /etc/fstab
    add this line at the end of the file (it’s a unique line, don’t break it)
    //DMNSRV.windomain.intra/rainbow    /home/legolas/rainbow    smbfs credentials=/home/legolas/.smbcredentials,uid=legolas,gid=legolas,fmask=0770,dmask=0770,rw    0    0

    uid: set the owner of windows share file to user legolas
    gid: set the group of windows share file to group legolas
    fmask: set the file permissions to 0770
    dmask: set the directory permissions to 0770
    rw: files are in read/write mode

  • sudo mount rainbow… And the joke is done ;)


Final note

  • you can also bypass the creation of .smbcredentials file and write Windows user name and password directly in fstab file, but i like more this solution, for me is more clear…


Hope this can help someone (me surely)… Byez!

{mxc}

1 Comments

Leave a Reply