Tuesday, May 02, 2006

Accessing Windows Shares From a GNU/Linux Desktop

Many people work for companies that have a Windows-based infrastructure, while they have a GNU/Linux desktop. You could use something like VNC or rdesktop to gain access to files on Windows shares, but a couple of command-line utilities from the Samba suite are a nice option that let you gain access right from your desktop (for a more in-depth treatment of Samba, see the presentation Using Samba as a File Server, PDC or Domain Client).

Let's say your company has a Win2k3-based fileserver, call it "FILESRV", in the domain "DOM". The problem is that you have a Linux workstation, and don't have access to a Windows terminal server, or you don't have Administrative rights on the server in question, so you can't install VNC. The 'mount' command (which uses 'smbmount' under the hood when it is asked to mount a Windows share), 'smbclient', and Openoffice.org's import/export filters provide a nice alternative. On a Debian-based system, run 'apt-get install sudo smbfs smbclient' to get the required command-line utilities described below, although Ubuntu systems will already have sudo.

File Transfers With Smbclient

The 'smbclient' command from the Samba suite of tools provides an FTP-like command-line interface to a Windows fileshare. To make it easier to use, and so we don't have to remember all the command-line options, we are going to define a shell alias. Put the following in your ~/.bashrc file (using .bashrc means this alias will be available to you in any interactive shell, not just a login shell).

alias files='smbclient //FILESRV/path -d 3 -A ~/.dom.txt'
Where the file ".dom.txt" in your home directory is in this format (see smbclient(1) for details):

username = username password = password domain = DOM
Some tips:
  • To make this alias apply to all users, put it in /etc/bashrc, not ~/.bashrc. Each user will still have to have their own ~/.dom.txt file, however.
  • The "-d 3" sets the debug level to something useful, in case the command fails - you can remove this once your alias works correctly
  • Using the "-A" option like this keeps you from having to give a username and password every time you run the alias (but see the note about security, below).
  • You can put the share path in double quotes if it contains spaces, as in "//FILESERV/Tech Docs".
  • You can use an IP address in place of the server name if you want.
  • Running the 'alias' command will display a list of aliases that are currently defined.


When you are done editing ~/.bashrc (or after each editing session), you need to re-evaluate your .bashrc by running '. ~/.bashrc' or 'source ~/.bashrc'. Now when you run the command 'files', you should get dumped into an FTP-like interface from which you can get or put files from the remote share:

dmaxwell@stealth:~$ . .bashrc dmaxwell@stealth:~$ alias alias files='smbclient //10.0.0.2/Tech -A ~/.dom.txt' dmaxwell@stealth:~$ files Domain=[DOM] OS=[Windows Server 2003 3790 Service Pack 1] Server=... smb: \> get "ftp fix.doc" getting file \ftp fix.doc of size 24064 as ftp fix.doc (195.8 kb/s) smb: \> quit dmaxwell@stealth:~$

Transparent Access With Mount

Accessing Windows shares with the mount command is a little more convenient, since once mounted, you can use 'ls', 'cp', 'mv', 'mkdir' and all the other Unix filesystem commands you are used to. Let's say that you want transparent access to the Windows fileshare noted above (//FILESRV/path). First, create a directory with something like 'mkdir ~/files'. This directory is where the remote filesystem will get mounted. Then add the following to your ~/.bashrc (we are using sudo to let us run the mount command with the required root privileges):

alias filemount='sudo mount -t cifs //FILESRV/path ~/files -o username=user,password=pass,workgroup=DOM'

Make sure your alias definition is on one line - your browser might wrap the display, above. 'DOM' here is the name of your Windows domain, 'user' and 'pass' are your Windows domain credentials. When you are done, source your .bashrc again, and run the command 'filemount'. You should now be able to access the files in "//FILESRV/path" from within your ~/files directory.

Accessing HOME$ Shares

Sometimes a Windows admin will map a hidden share to everyone's Windows desktop, to use as a private storage space. This is usually called the "HOME$" share, although you won't see it if you try to browse the network (in a Windows-sense). To access it, make a directory in your home directory, again as a filesystem mount point. I'll use 'z' as the name of the directory, since a lot of Windows admins map the Z: drive to user's home shares at login.

Add the following to your .bashrc:

alias homez='sudo mount -t cifs //FILESRV/HOME$ ~/z -o username=user,password=pass,workgroup=DOM'

That's it. When you source your .bashrc again you should be able to run the command 'homez' and have full access to your private Windows home share from within your ~/z directory.

Security

A final word about security is in order. You may want to change the permissions on the "~/.dom.txt" and "~/.bashrc" files to 0600, to prevent any other non-root users on your workstation from reading the passwords stored in those files. Even though this is really just 'security through obscurity', the alternative, which is less convenient, is to type the password in every time you mount or access one of the remote shares. The smbmount(8) (and mount(8), since mount just passes it's options onto smbmount) command supports a 'credentials' option that allows the use of a file when authenticating, much like the '-A' option to smbclient.

Compatibility

These aliases will work on pretty much any (recent) GNU/Linux system under any shell, with Samba 3.x. I've written them with the Bash shell in mind, as it's the installed default on most of these systems. What may differ under other shells is the name of the shell startup file, and the syntax for defining shell aliases (although the above syntax will work under any Bourne-compatible shell).

If you have trouble getting the mount command to recognize the '-t cifs' option, try it with '-t smbfs' instead, but you may not be able to access Win2k3 shares easily if you do this. Some Unix systems' mount commands don't support passing the smbfs or cifs filesystem types onto smbmount - in this case, you can use smbmount(8) directly.

Technorati Tags: , , , ,

3 comments:

Anonymous said...

Hi Doug,

I am a new Linux user. i have installed Suse Linux Enterprise Desktop 10 on Dell Laptop and its working well as a standalone. I need this Laptop to connect to my company's Windows workgroup shares. I read your solution for DOmain connectivity. How do I do this on a Windows workgroup (no servers)?

Thanks
you can reach me @ my email digicorp@bigfoot.com

Anonymous said...

hi doug
i m new user of kubuntu .i hav manage to install all required packages .but the problem is that i m on lan where most hav windows sharing and while accessing their shares using samba i hav to copy everi file on my hdd to run it e.g the movies ..is there any way that i can run the files from host pc.like in windows files can be run from the shared pc.
and also samba while accessing some of the shared folders on windows pcs prompts for password trying and not for other folders shared on same ip.i tried smb://GUEST@192.168.21.1/movies
(21.1 for example) but it continues to prompt for passwd.

do u know ne software like lanscan or networkscan which show all the sharing of various ips so that i can see ne ip sharing movie on his pc.here in the university we have switch base lan system and various hostels are interlinked.

if u can help i shall be gr8ful
mail reply to mohsinkidwai@gmail.com

Doug said...

Hello-

I think Gnome's nautilus or KDE's Konqueror will transparently do what
you want, without you having to use the command line, using the smb://
syntax. The only way around the password is to have the share
configured without security on the server end - a bad idea for most
windows users, since it is a security hole.

A suggestion - why don't you setup a samba server with a public share,
and have the other windows hosts copy their movie files to it. Then
everyone can have transparent access with no password necessary. I
talk about setting up a server like that in my presentation on Samba,
see http://blog.unixlore.net/2006/03/using-samba-as-file-server-pdc-or.html.

HTH,

Doug