Configuring a Samba client - Linux Tutorial

- Are you on a Linux computer and need to connect to a Samba share? Stay tuned to learn how. - [Narrator] You are watching ITProTV. (bright music) - Welcome back for more LPIC, more Samba. This episode is all about configuring a Samba client. So let's just go ahead and jump right in. What are we going to talk about today? - All right, we're going to learn about connecting to Samba shares, and we're actually kind of pulling double duty here because this applies to connecting to Microsoft Windows shared folders as well because they all use SMB. We're going to see three ways to do it, using the command line interface, using the graphical user interface and using it where it automatically boots at boot time on our computers, all done within a Linux client environment and all getting us up and connected. So that's our plan. - So we're going to learn three different ways to connect to a Samba file share, but how do we know which one to use? - You know, pros and cons to each one. So certain benefits and detractors, kind of depends on your environment so let me run through each one. Command line interface. Command line interface is really useful if you just need to temporarily connect to a share. Not something you're going to use a lot. You're trying to, maybe you're trying to automate. So I want a script written, and I want the script to connect to the share. Well, command line interface is the easy way to do that for bash scripting. Also on headless servers, maybe I'm on a server, I need to connect to a shared folder, and I don't have a graphical user interface, then the command line is kind of our only option at that point. That's where we're going to use that type of connectivity. I mentioned the graphical user interface. Well, on a GUI that's super easy if you're on a workstation, if you're on a desktop, if you're an end user and you're trying to connect, it's a heck of a lot of easier than using the command line. Because we can use our file navigation tools or whatever to be able to connect to an SMB share, authenticate and get connected. So that's usually where we'll see the GUI used. And then the last one is a boot time. If there's a shared folder that I access every single day and I always want to be connected to it, make sense to set it up to connect at boot time, or if I have a computer that's shared, used by more than one user, and I have one user log out, another user logs in and I still want that share to be there, it's better to mount that at boot time, because otherwise, like, if I connect with my user account, when I log out it disconnects. I wouldn't want that so I could configure it to connect at boot time and that would protect us there. So all kind of different ways that we can get it configured, and hopefully that lets you know which scenario is going to be right for what you're trying to do. - Well, so far we've been doing pretty much everything from the CLI. So why don't we go ahead and start there. - Yeah, and and that's going to be pretty common for most of us when we're connecting, 'cause the CLI is what we know we're going to have. It's kind of the guaranteed method. So I'm going to do that right here. I'm on... actually let me get out of my server and just get over to my laptop. There we go. So I'm on my laptop, and I want to connect up to the shared folders that we've been configuring these last several episodes, right? We created a corp folder, and home folders, and so on. I want to get connected. So, I'm on my workstation, I want to get there. I may or may not have Samba installed by default. Now, I'm running Ubuntu 20.04, and I did the workstation install. It's almost a guarantee that Samba is already installed for me, but if you're ever not sure, you can install it. Now, we don't need the full Samba package to get connected. In fact, we just need the cifs-utils package to be able to get connected to resources from the command line. So I'm going to do a sudo apt install cifs-utils. That's the package that I want, and I wouldn't be surprised if it was already installed. Oh, actually it was not installed, so it did install it for me. It's got it in there now, and that's going to give me the tools I need to get connected to Windows or Samba file shares. Now that I've got it, I need to create a mount point. So I'll say sudo mkdir, and I'm going to make slash mnt slash corp. I'm going to connect to my corporate folder, and so that's what I'm going to connect to for this share to be able to work. Then I need to mount the folder to the cif share or to the the samba share. And this is going to be the long command, the command that does the real work for us. I need to say sudo mount dash t, and I have to sudo this one, because I'm doing the dash t command. So anytime you combine that, you've got to be an administrator, and for the type, I'm going to say cifs. Now, if I didn't install the cifs-utils package, this part is what's going to fail. That type won't exist. So cifs-util is what gave mount the cifs type. Then, I need to tell it the user that I'm going to be using. So I'll say dash o user equals dpezet, comma, password equals, I need to punch in my password. Mine, we know is the highly secure password 1, 2, 3. So I'll punch that in, and then I have to add an odd option. So dash o is actually options, and mainly you're providing the user and password as your options. But I need to add one more which is no perm, and I'm not talking about my hairstyle, we're saying no permissions. Normally Linux and and Unix in general are going to be checking for file permissions. File permissions don't exactly work right, when you connect to a Samba share. So Samba is doing its own permission checking, and that's what I want to rely on. So I'm telling the mount command and really the Linux kernel to ignore permissions here and let Samba do the job for it. If you leave that off, you'll connect, but you'll be read only, regardless of what the permissions are on the share, you'll be kind of locked in a read only mode. You won't be able to write. So I'm going to do a no perm to make sure that my hair is nice and straight, and that I'm able to write files. Then I need to tell it who I'm connecting to. Now, the syntax here is not the way we would normally point to like a Linux server. We're pointing to a Samba or Windows server. So we need to say forward slash, forward slash, followed by the host name or IP address of that server. I'm going to use the IP address, because I can't remember the host name of my server. So 10.222.0.51, forward slash, and the name of the folder we're connecting to, I'm connecting to corp, right? So that's where I want to connect. And then I need to fill out the mount point, which mine is slash mnt slash corp. Alright, when I run that, that should connect. If I get an error, that I know I've got a problem, I've got to sort out. But if I get no feedback, it should have connected. I'm going to double check that. I'm just going to run the mount command. So that'll list the mounts that I've got, and I do see there's the mount that we just added, and it's showing a lot of extra options that I didn't provide. Those are just kind of defaults that came in. But it is mounted, if I do a df -h, I can see that corporate folder right there is mounted, and it's even showing the available space. I've got about eight gigs of storage available in it, and I can go and try and use it. If I go into slash mnt slash corp and take a look in there while it's empty, I could try and touch a file. So I'll just do test1.txt, and I'll pull up a listing, and there it is. I just created a text file. We could take like uname -a and echo that into test1.text, and then cat that, and there it is. So we're able to read and write into that folder. We're now connected to that Samba share, and so we got in. The main command that did all that was the mount command. That mount command is what's doing all the real work, telling the system it's a cif share, here's the username and password, here's the server to connect to, and then it connects up. Pretty easy process. - So I can see where that wouldn't really work for your average end user. So does using the GUI make it any easier? - You know, it certainly can, and even not just for end users, even for me, like if I just need to connect to a share real quick, and I've got a graphical user interface, I'm going to use it. Command line's kind of a pain unless I'm automating, right? So if we're on a Linux workstation that has a GUI, almost all of them run the gnome desktop environment, and it's got integrated right into its file explorer, where we can just connect to SMB shares, it's pretty easy. Let me show you how here. So I'm on Ubuntu 20.04, and I will bring up my file explorer, which I believe is actually called Nautilus in the backend. But I'm going to bring this up, and when we look at it, it's showing our local storage. You'll see things like your home folder, desktop, documents, and so on. So they're all kind of laid out there, but at the very bottom you can click other locations, and right here you can navigate your entire hard drive or look, I've got an entry right here for Windows Network. I could browse for Windows servers that are on the network, or if I know the server I want to connect to, I can just skip past the browsing part, and right down here at the bottom I can type in the server I want to connect to. I'm going to do that, I'll just type smb colon slash slash, so kind of like a web address, and then the IP or name of the server, I'll use the IP 10.222.0.51 slash, and then the name of the folder I want to connect to, mine is corp, and so I'll punch that in, and I will hit connect. It's going to prompt me, am I connecting anonymously or am I using a registered user? Mine is a registered user, dpezet is my username, and I'll punch in my SMB password, which was the highly secure password 1, 2, 3. And I'll go ahead and hit connect, and when I do, it connects up to that server and right there, I can see that test1.txt file that we wrote earlier. If I double click on that, it'll open up, and I can see that uname output that was on there. I could, you know, maybe create a new folder. This would be my test folder. So again, I'm able to read and write, and do it all right from here, and not a difficult thing to do, right? Just punching in that server address, authenticating, and then there we go. So the GUI makes that a lot easier. - So if both of the examples that we've seen so far are temporary, that means that we're going to disconnect from those folders if we log out or if we reboot. Is that right? - Right, on the GUI side, definitely, when we log out. On the CLI side there's sometimes where it can hang around until a reboot, but usually when you log out, it's going to disconnect. If you're using tmux or other utilities like that, it might stay connected even after you log out. But if you reboot, they absolutely go away and they're gone. So if this is a share that I need all the time, I can configure my system to go ahead and mount it at boot. And we can do that by modifying the file system table stored in our our system, right? The fstab file. So let me get back into my command prompt, and I'm going to get into slash etc and inside, or I don't have to be in this folder really, but inside of slash etc there's the fstab, or file system table file. So I'll do a sudoedit slash etc slash fstab, and this is showing the discs that get mounted when we boot up. Alright, so I need to come through here and basically tell it that I want to mount to this Samba share every time that we boot. Now the problem here is going to be, you guys saw when we did the mount command a moment ago, I had to give it my password. Well, how do I give it my password in here, if I want it to, like, not let other people find my password? The file system table has to be readable by the kernel when the system's booting up so it can mount the hard drives. Well, that means the file systems table has to be stored unencrypted, and that's a problem. I don't want to put my password in an unencrypted file. So there's a way around this. If we're using luks encryption and our disc is encrypted, everything gets encrypted except the boot folder, which is where the file system table will kind of end up being. So that's where our password could be compromised. So instead, I can put the password in my home directory, and then call that from the file system table, and it will wait until after luks has decrypted the disc before it does that mount, and that keeps my password secure. So before I go and put the entry in here, let me start out by storing my credentials in my home directory. I use my home directory, because in theory only I should have access to that. Administrators could have access too, but administrators can do whatever they want anyway, so there's no sense worrying about that. So I'm going to create a new file here, and I don't need to do sudoedit this time. I can just use nano, and I'm going to create a file called .smbcredentials. You can call a file whatever you want, right? But this helps me remember, this is for connecting to samba, and it's going to store my credentials. Inside of that file I just need two lines, user equals followed by my username and then password equals followed by my password, in my case password 1, 2, 3. So those are the credentials that we're going to be using to authenticate when we connect to that share. So let me go ahead and save that file, and now I can do a sudoedit slash etc slash fstab, and we can add a new entry in here and call that file to get our credentials. So to do that we have to kind of type something a little bit on the long side. I need to do a.. Oh, actually I'm forgetting something. When the system runs and does mounts, it's doing it as root, and so the root user is going to be connecting to the share and connecting it to the mount point during the boot phase. And that means as my user account, I won't be able to access it. So I need to tell it not only to use my credentials with samba, I need to tell it to use my credentials for creating the the mount point as well. So there's a couple extra steps that I need to do here real quick just to make sure that we're going to be able to connect. One of those is when you look at your mount point. So I created slash mnt slash corp. When I look at that on the file system, I can see that the root user is the owner and has full access. Everybody else just has read and execute. That's going to include my user account. I won't be able to write to this folder based on these permissions. Now when I mount it I can tell it to ignore permissions, so that kind of fixes some of that. But there's going to be other issues with user access there. So for example, when I start writing files, I don't want those files to be written as root. I want them to be written as me. But if I go into the corp folder and look, a lot of the files that have been written, oh shoot, I've disconnected, so I don't see any files, but the files are getting written as the root user, not as me anyway. So I need to fix that, and I can fix both of these right in the fstab file. But in order to do that I do need to do a couple of things. One, I'm going to change the mount point to be owned by me instead of root. So I'm going to say sudo chown, I'm going to change owner, dpezet:dpezet slash mnt slash corp. That's going to make my user and my group the owner of that folder. Then I'm going to run the id command to figure out what my id is. I can see my user and group ids are 1001. When you do a mount, you can tell it what user to mount the folder as. And so I can tell it to mount it as id 1001, me, instead of mounting it as root. So now that I have that, I can say sudoedit slash etc slash fstab, and I can add my new entry down here at the bottom. Now, the entry is going to read like this. I need to point to the folder first. So mine is slash, slash, and then the name or IP address of the server. Inside of the fstab file I almost always use IP addresses, because you don't necessarily know if DNS has been loaded yet at this point, right? So we want to make sure that it works. I'm going to do an IP if I can. So mine's 10.222.0.51 slash corp. That's the folder I want to connect to. Then I need to tell it where to mount to, in my case slash mnt slash corp. That's the folder. Then I need to tell it the file system. The file system in this case is cifs, so it knows that it's a network share. Then, the credentials. Now I'll say, really, you'd put kind of any options here. So one of the options is going to be credentials equals, and I need to point to my credential file, and mine is in /home/dpezet/.smbcredentials. That's that file we made a moment ago, okay? And notice, I'm not using tilde slash as the shortcut from my home directory, and that's because I'm not the one running this. The root user will run this, and home or tilde would point to slash root, which is not right. So I need to do the full path, /home/dpezet/.smbcredentials. Okay? Then beyond that we can do a comma uid equals 1001, comma gid equals 1001. Don't mount this as root, mount it as dpezet, as me. And so that's my user id and my group id. They usually match, but they don't always, that's why I ran the id command to make sure I had the right numbers. All right, then I'm going to do that comma and noperm. Again, we don't want permissions to be processed by mount or by the kernel. We want them processed by samba. So throwing that in. Then the last two options, these are kind of important. You can specify the first bit here is whether or not the dump command works in this partition. You never want to use the dump command with these shares. So this is always going to be a zero. And then the last one is, do you do a file system check at boot? This one needs to be a zero. If it's set to one and your system boots up and can't connect to the other server for some reason, then your system will fail to boot. We don't want that. If we can't connect to the server, we should just ignore it and let the system boot the rest of the way. A zero lets us do that. So whenever you're mounting to a samba share, you should always do zero, zero. Not any other combination, but that's all it takes right there. I'm going to exit out of this file, and I will do a sudo mount dash a, and that's going to tell it to go through and try and mount everything in the fstab file, just like it was booting up. And if I run the mount command again, I should see that it did connect. I see it right there. I see it's got the user identities. If I go into slash mnt slash corp and take a look, now I'm connected and see how it's all tied to dpezet now. Nice and neat, that's me, my users making these changes, and I can access the share, and every time I reboot that share will be put right back. - And that's all there is to it. In this episode, we were able to look at three different ways to mount a samba share. We looked at mounting from the CLI, from the GUI and we looked at mounting at boot, or I think you have it in the notes as boot time, which I think is a cute way to say it. - [Don] Yeah, boot time. - I like that. Mounting at boot time. And that's all we have for this episode, but don't go away. We've got more LPIC coming up. So we'll see you next time. - [Narrator] Thank you for watching ITProTV.