Mount CIFS Share on RHEL/CentOS

Some quick notes regarding mounting CIFS shares on RHEL and CentOS. Note that system-wide network filesystem mounts are typically specified in /etc/fstab and require supported kernel modules for compatible vfs filesystem types. In the case of SMB filesystems, the modern Linux kernel module is referred to as “cifs.”

For RHEL 5.x / CentOS 5.x – here are some hints

  • Uninstall the default samba packages (3.0)
  • Install the samba3x packages (3.6) – we need the “samba3x-client” for cifs mount
  • You may need to specify the security type as a mount option – some bugs can prevent mount.cifs from negotiating compatible session authentication / security. Example may be “sec=ntlmv2
  • In /etc/fstab, add the option “_netdev” to allow the filesystem to mount during boot. Other local filesystems are mounted *before* the network becomes available (/etc/rc.d/rc.sysinit). _netdev lets the system know to wait until *after* the network comes online (/etc/init.d/netfs) before attempting to mount your Windows file share (smb filesystem).
  • Review Microsoft KB # 957441 to see if you may need to enable “AllowLegacySrvCall” on your Windows file server. Linked below under references.
  • If you’re specifying login credentials, you may need to use the short forms: user, pass, dom, or cred. If you’re using a credential file, use the short forms of user, pass, dom there too. The documentation is confusing on this – it may not work properly without the *short* forms of these options in either cred file or fstab.

For RHEL 6.x / CentOS 6.x

  • Install cifs-utils (I think it’s still version 3.6 like we use on 5.x distro)
  • Negotiation of correct session auth & security may work better due to newer kernel modules – YMMV.
  • Same issue with the credentials options as 5.x distro – use the short forms!
  • Windows server might need AllowLegacySrvCall fix – try without it first but if things continue to fail apply legacy setting to registry on Win file server.

For RHEL 7.x / CentOS 7.x

  • I still need to work on this in the lab
  • Try after joining Active Directory Domain with “realm join …”
  • Try after installing sssd-libwbclient
  • Hoping to use sssd joined to domain and something like user=SERVERNAME$,sec=krb5,multiuser options to automatically use machine credentials for kerberos mount session. Desired functionality is each domain user receiving appropriate privileges based on multiuser mapping from sssd.
  • Documentation is difficult to find for this scenario. It’s not clear if the system will automatically allow use of machine domain credentials (krb5) on boot for the fstab mount.
  • How SSSD Integrates with an Active Directory Environment (redhat.com)
  • Samba mounting question (gmane.org linux.kernel.cifs forum)
  • Connecting Linux machine to windows AD and mounting remote … dirs (Martin’s Chronicles blog)

References:

Advertisements

About notesbytom

Keeping technology notes on WordPress.com to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in Linux, System Administration and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s