Learn Linux, 302 (Mixed environments): CIFS integration

Using Linux as a client to SMB/CIFS servers

In addition to or instead of functioning as a server on a Windows network, a Linux computer can function as a client. You can use an ftp-like program to transfer files and modify a server, or you can mount a share from a Samba or Windows Server machine on your Linux computer, giving normal programs the ability to access files directly on the server. When doing so, though, keep in mind the characteristics of the original SMB protocol and its newer CIFS variant, particularly when accessing a Windows Server machine: You may not have access to all the file system features that a Linux computer supports.

Roderick W. Smith, Consultant and author

Roderick Smith author photoRoderick W. Smith is a consultant and author of over a dozen books on UNIX and Linux, including The Definitive Guide to Samba 3, Linux in a Windows World, and Linux Professional Institute Certification Study Guide. He is also the author of the GPT fdisk partitioning software. He currently resides in Woonsocket, Rhode Island.



25 October 2011

Also available in Chinese Russian Japanese Spanish

About this series

This series of articles helps you learn Linux systems administration tasks. You can also use the material in these articles to prepare for the Linux Professional Institute Certification level 3 (LPIC-3) exams.

See our developerWorks roadmap for LPIC-3 for a description of and link to each article in this series. The roadmap is in progress and reflects the current objectives (March 2011) for the LPIC-3 exams. As each article is completed, it is added to the roadmap.

In this article, learn about these concepts:

  • The Server Message Block (SMB) and Common Internet File System (CIFS) protocols
  • Features and benefits of using CIFS
  • Mounting CIFS shares on a Linux client

This article helps you prepare for Objective 314.1 in Topic 312 of the Linux Professional Institute's (LPI) Mixed Environment specialty exam (302). The objective has a weight of 3.

Prerequisites

This article assumes that you have a working knowledge of Linux command-line functions and that you understand the basics of Samba configuration. You should be familiar with the overall structure of the smb.conf configuration file. You should also understand the basics of how Linux mounts local and remote file systems (using the mount command and /etc/fstab file). Familiarity with the standard Linux text-mode ftp command is helpful but not required.


Understanding SMB/CIFS

About the elective LPI-302 exam

Linux Professional Institute Certification (LPIC) is like many other certifications in that different levels are offered, with each level requiring more knowledge and experience than the previous one. The LPI-302 exam is an elective specialty exam in the third level of the LPIC hierarchy and requires an advanced level of Linux systems administration knowledge.

To get your LPIC-3 certification, you must pass the two first-level exams (101 and 102), the two second-level exams (201 and 202), and the LPIC-3 core exam (301). After you have achieved this level, you can take the elective specialty exams, such as LPI-302.

Before proceeding with a description of how to use Linux as a client to an SMB/CIFS server, it's helpful to review the characteristics of the protocols to see how they compare with Linux's needs for a file system. This comparison comes in two parts: an examination of the original SMB protocol and an investigation of the ways in which the newer CIFS extensions change the SMB basics. You may want to review the developerWorks article on LPI Objective 310.1, which introduces some of the basic concepts behind SMB/CIFS (see Resources for a link).

Basic SMB features

SMB provides several unique features from a networking perspective, including its own naming system for computers (Network Basic Input/Output System [NetBIOS] names), workgroups, and user authentication protocols. For purposes of understanding how SMB and CIFS work as protocols for a Linux file-sharing client, the most important feature is the set of metadata that the protocol provides.

Metadata is data associated with, but not part of, a file. Examples include the file's timestamp, owner, permissions, and even its name. No doubt you're familiar with some of the common features of file metadata on Linux computers, and you may be familiar with some of the differences between Linux and other operating systems, such as Windows. Because SMB was designed for DOS, Windows, and IBM Operating System/2® (OS/2), it shares many of their metadata features. Most importantly, SMB lacks support for UNIX® and Linux metadata such as ownership, groups, and most permissions. SMB also lacks support for symbolic links and hard links as well as other special file types such as device nodes. SMB provides a few types of metadata that Linux doesn't normally understand, such as the hidden, archive, and system bits. You can map a Read-only bit to the Linux Write permission bit.

Build your own feed

You can build a custom RSS, Atom, or HTML feed so you will be notified as we add new articles or update content. Go to developerWorks RSS feeds. Select Linux for the zone and Articles for the type, and type Linux Professional Institute for the keywords. Then choose your preferred feed type.

Another limit of SMB is its file-size limit of 2GiB. This limitation can obviously pose a problem in today's world of multi-gibibyte backup files, multimedia files, and so on.

To work around these SMB differences from Linux's file system expectations, Linux SMB clients must either ignore them or provide options to "fake" the data. These options are similar to those used when mounting NT file system (NTFS) or File Allocation Table (FAT) file systems on Linux. Fortunately, CIFS provides more and better options for handling some of these limitations.

You should be aware of the network ports that SMB uses, as well. These are User Datagram Protocol (UDP) ports 137 and 138 (for name resolution and datagram services) and TCP port 139 (for session services—in other words, most file transfers). You'll need this information if you ever have to debug SMB using low-level network diagnostic tools.

CIFS extensions to SMB

In the mid-1990s, Microsoft® decided to change SMB's name to CIFS and simultaneously added a new set of features. These features include support for symbolic and hard links and larger file sizes. CIFS also supports access to the server on port 445 in addition to the older port, 139.

At least as important as Microsoft's own extensions to SMB in CIFS are others' extensions. In particular, a set of CIFS features known as UNIX extensions provides support for file ownership, permissions, and some other UNIX-style metadata. If the client and server both support these features, you can make much more effective use of a CIFS server from Linux than you could a server that only supports SMB. As you might expect, Windows Server® operating systems don't support these extensions, so they're only useful when your Linux client connects to a Samba server. This server must also be configured with the following global option:

unix extensions = Yes

This option was set to No by default in Samba prior to version 3.0, but Samba 3.0 switched the default to Yes, so you may not need to explicitly set the option.


Using smbclient

In some respects, the simplest way to access an SMB/CIFS server from Linux is to use a text-mode utility known as smbclient. This program is similar to the classic ftp client program, so if you're familiar with ftp, you should have few problems with smbclient. If you're not familiar with ftp, the idea behind the program is to initiate a connection to the server that does not involve mounting shares in a traditional manner. Instead, you type commands to view, delete, download, or upload files.

To use smbclient, you type its name followed by a service name, which takes the form //SERVER/SERVICE, such as //TANGO/GORDON to access the GORDON share on the TANGO server. Depending on the server's configuration, you will probably be prompted for a password. If you enter it correctly, you are able to type various commands to access files on the server. Table 1 summarizes some of the more important smbclient commands; consult the utility's main page for information on more exotic commands.

Table 1: Important smbclient commands
CommandEffect
? or helpDisplays a summary of commands
cdChanges to a new directory on the server
delDeletes a file
dir or lsShows the files in the current directory (or one you specify)
exit or quitTerminates the session
getTransfers a file from the server to the client
lcdChanges the working directory on the local computer
md or mkdirCreates a directory on the server
mgetTransfers multiple files from the server to the client
moreDisplays a remote file using your local pager
mputTransfers multiple files from the client to the server
putTransfers a file from the client to the server
rd or rmdirDeletes a directory
renameRenames a file on the server
rmDeletes one or more files on the server

By default, smbclient uses your current user name to connect to the server; however, you can change your user name with the -U option. In fact, several other command-line options are available, including options that make it possible to transfer files without entering smbclient's interactive mode. Therefore, you can use smbclient in scripts to perform automated file transfers. Consult the program's main page for details on this topic.

In use, an smbclient session is likely to resemble Listing 1.

Listing 1. Example smbclient session
$ smbclient //TANGO/GORDON/
Enter gordon's password: 
Domain=[RINGWORLD] OS=[Unix] Server=[Samba 3.4.12]
smb: \> cd mystuff
smb: \mystuff\> ls
  .                                   D        0  Mon May 16 19:20:08 2011
  ..                                  D        0  Mon May 16 19:18:12 2011
  xv-3.10a-1228.1.src.rpm                3441259  Tue May 18 19:09:26 2010
  License.txt                              27898  Mon May 16 19:17:15 2011
  xorg.conf                                 1210  Fri Jan 21 04:18:13 2011

		51198 blocks of size 2097152. 2666 blocks available
smb: \mystuff\> get xorg.conf
getting file \mystuff\xorg.conf of size 1210 as xorg.conf (9.4 KiloBytes/sec)
(average 9.4 KiloBytes/sec)
smb: \mystuff\> exit

Tip:smbclient makes an excellent debugging tool. It's simple and gives you the ability to access your network in a way other than mounting a share, which can be helpful if you're trying to debug a problem.


Mounting SMB/CIFS shares

Although smbclient is a useful tool, it doesn't give you the same sort of seamless access to the server that you're used to from Windows clients. If you need such access, you must use other tools to mount the SMB/CIFS shares. You can do this with the standard Linux mount command; or you can edit your /etc/fstab file to automatically mount SMB/CIFS shares when the computer boots.

Temporarily mounting shares

You can mount an SMB/CIFS share using the same mount command you use to mount local volumes or Network File System (NFS) exports. You can specify the file system type as cifs; or, in most cases, mount figures out to use this driver based on the syntax of the command. Alternatively, you can call the helper program mount.cifs directly. In principle, only the device specification is different from that for mounting a local file system; thus, to mount the GORDON share from the TANGO server, you could type, as root:

# mount //TANGO/GORDON /mnt

In practice, though, this usage has a problem: It passes root as the user name to the server. If the server doesn't permit root to log in, the mount attempt will fail. You can correct this problem by using the -o user=name option to pass a user name to the server:

# mount -o user=gordon //TANGO/GORDON /mnt
Password:

Several other mount options, passed with the -o option to mount, are available. Table 2 summaries the most useful of these options. Consult the mount.cifs main page for information on additional options.

Table 2: Important mount.cifs options
OptionEffect
user=name or username=nameSpecifies the user name to send to the server.
password=passSpecifies the password to send to the server. If the password is not specified, mount.cifs uses the value of the PASSWD environment variable; if that's not set, the program prompts for the password.
credentials=filenameSpecifies a file that contains the user name, password, and, optionally, the workgroup name. Each value appears on its own line, preceded by the strings username=, password=, and workgroup=, respectively.
uid=UIDSets the user ID (UID) of the user who is to own the files mounted from the share.
gid=GIDSimilar to the uid=UID option, but affects the group ID (GID) rather than the UID.
file_mode=modeSets the file mode (permissions), in numeric form, to be assigned to files from the server.
dir_mode=modeSimilar to file_mode=mode, but affects directories rather than files.
guestPrevents prompting for a password. This option typically works only if the share supports guest access.
hardIf the server becomes inaccessible, processes that attempt to access files on the server will hang until the server returns.
softIf the server becomes inaccessible, processes that attempt to access files on the server will receive error messages. This is the default behavior.

The uid, gid, file_mode, and dir_mode options are usually unnecessary if you connect to a server that supports the CIFS UNIX extensions. You can use these features to override the values that the server provides in these cases, though. Note also that these options all affect the way the files appear on the client; permissions and ownership on the server are unaffected by these options.

With the SMB/CIFS share mounted, you can access it just as you would a local volume or an NFS volume. You can copy files with cp, delete files with rm, edit files directly with text editors or other programs, and so on. Keep in mind, though, that if the server doesn't support a feature, you might not be able to use it. For instance, you can't use chmod to change the mode of a file unless the server supports the UNIX extensions. (A partial exception in the case of chmod is that you can change Write permissions; these are mapped, in inverse fashion, to the SMB Read-only bit.)

When you're finished using a share, you can unmount it with the umount command, just as if it were a local file system:

# umount /mnt

Mounting a share using SMB

Until kernel 2.6.37, the Linux kernel included separate SMB and CIFS drivers; you could mount a share using the original SMB protocols by specifying a file system type of smbfs or by using the smbmount program. Using this feature generally worked the same way as using the cifs file system type code or mount.cifs program, although some details differed. Using the SMB protocol made it impossible to use CIFS-only features, such as the CIFS UNIX extensions.

In the past, using SMB sometimes made sense; for instance, it was possible to mount shares exported by very old Microsoft Windows 9x/Me computers using Linux's smbfs driver but not using cifs. Today, such problems are rare, because the modern implementation of cifs has worked around most of its previous limitations. However, if you think you might be having such an issue, you could try installing a pre-2.6.37 kernel and see if the smbfs driver solves your problems.

Permanently mounting shares

If you want a computer to mount an SMB/CIFS share permanently, you can do so by adding an entry to /etc/fstab. This process works much like any other translation of a mount command to an /etc/fstab entry. However, one option from Table 2 deserves special mention in this context: credentials. Because most SMB/CIFS servers use passwords for authentication, you must permanently store the password if you expect a share to be mounted using /etc/fstab. Storing the password directly in /etc/fstab using the password option is possible, but inadvisable; because /etc/fstab must be readable by all the computer's users, a password stored in this way will also be readable by everyone. Using credentials enables you to store the password in a file that's readable only by root, thus improving password security.

A working /etc/password entry for an SMB/CIFS share might resemble the following:

//TANGO/BACKUPS  /saveit  cifs  credentials=/etc/samba/creds.txt  0 0

The associated credentials file might look like this:

username=buuser
password=Iw2bUmS[t

Caution: Be sure to give the credentials file suitable permissions—normally 0600 or 0400 with ownership by root or by the user whose credentials are stored in the file.

With this configuration in place, the //TANGO/BACKUPS share should be mounted automatically whenever you reboot the computer or type mount -a. If this feature doesn't work, verify that the user name and password are correct, test with the mount command, and perform other routine troubleshooting procedures.


Moving forward

The next article in this series, "Learn Linux, 302 (Mixed environments): NetBIOS and WINS", covers name resolution using the Windows Internet Name Service (WINS) and browsing, which enables computers to locate network shares in a tree-like hierarchy of computers and shares.

Resources

Learn

Discuss

  • Get involved in the My developerWorks community. Connect with other developerWorks users while exploring the developer-driven blogs, forums, groups, and wikis.

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Select information in your profile (name, country/region, and company) is displayed to the public and will accompany any content you post. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into Linux on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Linux
ArticleID=767790
ArticleTitle=Learn Linux, 302 (Mixed environments): CIFS integration
publish-date=10252011