Introduction
This document outlines how to connect from Linux, specifically Ubuntu, to a Windows share that is on a machine managed in the Stanford 'WIN' Active Directory domain. Shares on this domain typically require a SUNet ID and password. Mounting file shares using this method requires the Samba suite of tools, specifically smbfs. These instructions detail how to mount a Windows Share manually as well as mounting the share at boot time.
These instructions require sudo/root privileges on the client machine and some familiarity with the Command Line Interface (CLI). Any text in these commands below in ITALICIZED BOLD letters indicates where each user should enter in their own SUNet ID, password, etc.
This guide is essentially a Stanford-specific version of the Ubuntu Forums guide 'Mount samba shares with utf8 encoding using cifs'.
Security Risks and Analysis
The steps for mounting a Windows share at boot time requires putting your SUNet password, UNENCRYPTED, in a root-privileged text file. If multiple users have root access, then you should NOT use this method and have each user manually mount shares at login time. If you have only one user with root access to a machine, the risk is still high and security should still be tightly controlled on that machine since a root compromise would also compromise the users SUNet password. Lastly, mounting a share at boot time on a system with multiple users could give those users access to the Windows share as if they were the user with the specified WIN domain credentials. This scenario should also be avoided. Each user should only have write access to shares which they have been specifically granted access to.
Mounting a Share manually
- Open the terminal application and type at the command prompt
sudo mount -t cifs //WINSERVERNAME/WINSHARENAME /media/WINSHARENAME -o username=SUNETID,domain=WIN,iocharset=utf8,file_mode=0777,dir_mode=0777
- Type in SUNETPASSWORD when prompted
Mounting a Share at Boot time
This method requires root access to the machine.
- Install the required packages
sudo aptitude install smbfs winbind
- Create the mount point. Creating the mount point in '/media' provides the share as an icon on your desktop when logged in
sudo mkdir /media/WINSHARENAME
- Append 'wins' to the "host:" line in /etc/nsswitch.conf
- Restart networking to make changes active
sudo /etc/init.d/networking restart
- Create a new text file '/root/.smbcredentials' with the following contents
username=WIN\SUNETID
password=SUNETPASSWORD - Lock down text file such that unprivileged users cannot acccess it
sudo chmod 700 /root/.smbcredentials
- Append the following line to /etc/fstab
//WINSERVERNAME/WINSHARENAME /media/WINSHARENAME cifs sec=ntlmv2,credentials=/root/.smbcredentials,iocharset=utf8,file_mode=0777,dir_mode=0777 0 0
