LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-28-2006, 03:29 AM   #1
humbletech99
Member
 
Registered: Jun 2005
Posts: 374

Rep: Reputation: 30
Accessing Windows shares in a domain


Hi,
I've got domain authentication working on a couple of linux boxes in an Active Directory domain via Winbind/PAM/Kerberos.

Now that I can ssh etc with a domain account I want to know how to access windows share using these new found credentials.

If I log in as a domain user I can't mount anything since I need root priveleges to do this, and if I su to root then I can't use domain priviledges as I'm now a local user!

I've tried smbclient but it also prompts for password when I just want it to use my domain credentials...
 
Old 03-28-2006, 04:26 AM   #2
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
Mounting, and especially mounting SMB shares (use "smbmount" or "mount -t smbfs" for that) can be done with
custom credentials (there are command options to specify credentials).

In most systems, only root is allowed to mount disks for security reasons. Bypassing that isn't recommended,
but you could always configure "sudo" (much safer than setUID option) to allow certain or all users to mount
SMB shares via smbmount command.
See:
man sudo
man sudoers
for more info.
 
Old 03-28-2006, 04:30 AM   #3
humbletech99
Member
 
Registered: Jun 2005
Posts: 374

Original Poster
Rep: Reputation: 30
I know that you can specify credentials, but I'd rather not, I just want it to work transparently the way windows does, it passes your currently logged on credentials by default.

Also, by configuring sudo I would have to write sudo mount... which would 1. Be inconvenient and 2. would be run as root which is not the desired effect as I really do want to use the domain account and it's creds...
 
Old 03-28-2006, 05:03 AM   #4
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
You'll need to pass some credentials in any case. Windows needs a username/password to give you access (unless you're using some kind of untrustworthy guest account).

Don't sudo mount, sudo smbmount. That's safer.
Having to write it isn't so inconvenient. You can provide an alias:
alias winmnt="sudo smbmount" (you can even add stuff like "-o username=$LOGNAME").

If you don't specify a password, $PASSWD gets used if I'm not mistaken. Maybe, $USER (the username) gets used by default when you leave out the username as well.

If you really insist on running smbmount by normal users, try enabling the setUID permission bit on the "smbmount" program. But I must stress that this is very insecure.
 
Old 03-28-2006, 05:16 AM   #5
aryys
LQ Newbie
 
Registered: Mar 2006
Location: london, england
Distribution: Fedora 12, Mandriva 2010, FreeBSD 7.2, Slackware 13, OpenBSD 3.7
Posts: 29

Rep: Reputation: 16
try
sudo mount -t smbfs //server/share /home/user/win -o user='username', workgroup='domainname', password='password'

methinks that was how i did it on debian, might be an idea to add yourself to the %wheel group if you're not already in there
 
Old 03-28-2006, 04:49 PM   #6
cowanrl
Member
 
Registered: Dec 2004
Location: Western Pennsylvania, USA
Distribution: Red Hat
Posts: 150

Rep: Reputation: 15
You can modify the permissions on smbmnt(not smbmount) so that non-root users can use it to mount shares. I've done it on just about every Linux machine I've ever set up and never experienced any problems.
Scroll down to the bottom of this link and it describes how to do it.

http://www.justlinux.com/nhf/Filesys...rmanently.html
 
Old 03-29-2006, 02:02 AM   #7
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
@cowanrl, as already said, using the setUID permission bit (on the smbmnt program owned by root) works too.
But setUID root programs are generally considered a security risk (for good reasons) and should be avoided when possible.
A better approach would be to use group permissions (like the "wheel" group mentioned in aryys' post).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Accessing Windows Shares careyd Linux - Networking 3 12-01-2005 04:18 PM
Accessing windows shares in GUI kaldenord Fedora 7 02-08-2005 10:52 AM
Accessing Shares from windows z9_87 Linux - Networking 1 02-07-2005 08:35 PM
Accessing Windows Shares haroldopaulino Linux - Networking 1 08-18-2004 12:01 AM
accessing Windows shares on Linux Nachiappan Linux - Networking 2 04-25-2003 02:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration