Some quick notes regarding mounting CIFS shares on RHEL and CentOS. Note that system-wide network filesystem mounts are typically specified in /etc/fstab and require supported kernel modules for compatible vfs filesystem types. In the case of SMB filesystems, the modern Linux kernel module is referred to as “cifs.”
For RHEL 5.x / CentOS 5.x – here are some hints
- Uninstall the default samba packages (3.0)
- Install the samba3x packages (3.6) – we need the “samba3x-client” for cifs mount
- You may need to specify the security type as a mount option – some bugs can prevent mount.cifs from negotiating compatible session authentication / security. Example may be “sec=ntlmv2“
- In /etc/fstab, add the option “_netdev” to allow the filesystem to mount during boot. Other local filesystems are mounted *before* the network becomes available (/etc/rc.d/rc.sysinit). _netdev lets the system know to wait until *after* the network comes online (/etc/init.d/netfs) before attempting to mount your Windows file share (smb filesystem).
- Review Microsoft KB # 957441 to see if you may need to enable “AllowLegacySrvCall” on your Windows file server. Linked below under references.
- If you’re specifying login credentials, you may need to use the short forms: user, pass, dom, or cred. If you’re using a credential file, use the short forms of user, pass, dom there too. The documentation is confusing on this – it may not work properly without the *short* forms of these options in either cred file or fstab.
For RHEL 6.x / CentOS 6.x
- Install cifs-utils (I think it’s still version 3.6 like we use on 5.x distro)
- Negotiation of correct session auth & security may work better due to newer kernel modules – YMMV.
- Same issue with the credentials options as 5.x distro – use the short forms!
- Windows server might need AllowLegacySrvCall fix – try without it first but if things continue to fail apply legacy setting to registry on Win file server.
For RHEL 7.x / CentOS 7.x
- I still need to work on this in the lab
- Try after joining Active Directory Domain with “realm join …”
- Try after installing sssd-libwbclient
- Hoping to use sssd joined to domain and something like user=SERVERNAME$,sec=krb5,multiuser options to automatically use machine credentials for kerberos mount session. Desired functionality is each domain user receiving appropriate privileges based on multiuser mapping from sssd.
- Documentation is difficult to find for this scenario. It’s not clear if the system will automatically allow use of machine domain credentials (krb5) on boot for the fstab mount.
- How SSSD Integrates with an Active Directory Environment (redhat.com)
- Samba mounting question (gmane.org linux.kernel.cifs forum)
- Connecting Linux machine to windows AD and mounting remote … dirs (Martin’s Chronicles blog)
- LinuxCIFS troubleshooting (samba.org)
- Client connections return a “STATUS_INVALID_PARAM” error code when you use a “Send NTLMv2 response only” authentication level in Windows Server (KB 957441)