Mounting a share from a Windows PC

The machine 192.168.96.24 is sharing C:\Shared to user SomeAdmin, and from a previous, not so clean but succesful attempt, we know that the following command should work: mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose. At this point however, with a PC configured for a different environment, it doesn't, and we're going to fix that.

  1. apprentice@linux-pc:~$ mkdir ~/myShared
    apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose
    The program 'mount.cifs' is currently not installed.  To run 'mount.cifs' please ask your administrator to install the package 'smbfs'

    Obviously, we 're missing a package.

  2. apprentice@linux-pc:~$ sudo apt-get install -y smbfs
    <snip>
    Setting up smbfs (2:3.4.7~dfsg-1ubuntu3.8) ...
    apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose
    mount error: could not resolve address for 192-168-96-24.winprogress.local: Name or service not known
    No ip address specified and hostname not found

    This looks like a nameserver issue, but the nameserver is outside of our reach.

  3. We may yet have to install winbind later on, but for now, we simply create in /etc/hosts a line:

      192.168.96.24   192-168-96-24.winprogress.local 192-168-96-24
    	  

    .. and we try again:

    apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose

    mount.cifs kernel mount options: unc=//192-168-96-24.winprogress.local\Shared,ver=1,domain=WINPROGRESS,user=SomeAdmin@WINPROGRESS.LOCAL,sec=krb5,netbiosname=192-168-96-24.winprogress.local,uid=7305,gid=7305,ip=192.168.96.24
    mount error(1): Operation not permitted
    Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

    This time, the problem is permissions: the ordinary user cannot use mount.cifs: the binary needs to be suid-root.

  4. apprentice@linux-pc:~$ sudo chmod u+s $(which mount.cifs) $(which umount.cifs)
    apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose

    mount.cifs kernel mount options: unc=//192-168-96-24.winprogress.local\Shared,ver=1,domain=WINPROGRESS,user=SomeAdmin@WINPROGRESS.LOCAL,sec=krb5,netbiosname=192-168-96-24.winprogress.local,uid=7305,gid=7305,ip=192.168.96.24
    mount error(126): Required key not available
    Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

    We need a Kerberos key, and we haven't done anything yet to obtain it.

  5. apprentice@linux-pc:~$ kinit SomeAdmin@WINPROGRESS.LOCAL
    SomeAdmin@WINPROGRESS.LOCAL's Password: 
    kinit: krb5_get_init_creds: unable to reach any KDC in realm WINPROGRESS.LOCAL

    Well, as a matter of fact, the package heimdal-clients is installed on the system. If it hadn't been, the command kinit wouldn't even have been available.

    But Kerberos certainly isn't configured for use with the experimental WINPROGRESS.LOCAL realm.

  6. We add a stanza under

    [realms]

    in /etc/krb5.conf:

      <snip>
      WINPROGRESS.LOCAL = {
      kdc = 192.168.127.201 192.168.127.202
      admin_server = 192.168.127.201 192.168.127.202
      }
      <snip>
    	  

    and under

    [libdefaults]

    , we put:

      <snip>
      default_realm = WINPROGRESS.LOCAL
      <snip>
    	  

    [Note]Note

    We 're using IP numbers rather than hostnames, because the nameserving isn't working for the domain winprogress.local.

    ... now we retry:

    apprentice@linux-pc:~$ kinit SomeAdmin@WINPROGRESS.LOCAL
    SomeAdmin@WINPROGRESS.LOCAL's Password: 
    apprentice@linux-pc:~$ klist
    Credentials cache: FILE:/tmp/krb5cc_7305
    Principal: SomeAdmin@WINPROGRESS.LOCAL

    Issued           Expires          Principal
    Nov 23 13:20:18  Nov 23 23:20:18  krbtgt/WINPROGRESS.LOCAL@WINPROGRESS.LOCAL                    
    apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose

    mount.cifs kernel mount options: unc=//192-168-96-24.winprogress.local\Shared,ver=1,domain=WINPROGRESS,user=SomeAdmin@WINPROGRESS.LOCAL,sec=krb5,netbiosname=192-168-96-24.winprogress.local,uid=7305,gid=7305,ip=192.168.96.24
    apprentice@linux-pc:~$ mount -t cifs
    //192-168-96-24.winprogress.local/Shared on /admin/apprentice/myShared type cifs (rw,mand,nosuid,nodev)

    [Note]Note

    It appears that this also works:

    apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5