Mounting a share from a Windows PC

Mounting a share from a Windows PC
	Ubuntu Linux as client of Active Directory server

The machine 192.168.96.24 is sharing C:\Shared to user SomeAdmin, and from a previous, not so clean but succesful attempt, we know that the following command should work: mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose. At this point however, with a PC configured for a different environment, it doesn't, and we're going to fix that.

First try

apprentice@linux-pc:~$ mkdir ~/myShared apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose The program 'mount.cifs' is currently not installed. To run 'mount.cifs' please ask your administrator to install the package 'smbfs'
Obviously, we 're missing a package.
Installing smbfs

apprentice@linux-pc:~$ sudo apt-get install -y smbfs <snip> Setting up smbfs (2:3.4.7~dfsg-1ubuntu3.8) ... apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose mount error: could not resolve address for 192-168-96-24.winprogress.local: Name or service not known No ip address specified and hostname not found
This looks like a nameserver issue, but the nameserver is outside of our reach.
Fixing the hostname resolution for the Windows PC
We may yet have to install winbind later on, but for now, we simply create in /etc/hosts a line:
```
  192.168.96.24   192-168-96-24.winprogress.local 192-168-96-24
	  
```
.. and we try again:
apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose mount.cifs kernel mount options: unc=//192-168-96-24.winprogress.local\Shared,ver=1,domain=WINPROGRESS,user=SomeAdmin@WINPROGRESS.LOCAL,sec=krb5,netbiosname=192-168-96-24.winprogress.local,uid=7305,gid=7305,ip=192.168.96.24 mount error(1): Operation not permitted Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
This time, the problem is permissions: the ordinary user cannot use mount.cifs: the binary needs to be suid-root.
Fixing permissions on mount.cifs

apprentice@linux-pc:~$ sudo chmod u+s $(which mount.cifs) $(which umount.cifs) apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose mount.cifs kernel mount options: unc=//192-168-96-24.winprogress.local\Shared,ver=1,domain=WINPROGRESS,user=SomeAdmin@WINPROGRESS.LOCAL,sec=krb5,netbiosname=192-168-96-24.winprogress.local,uid=7305,gid=7305,ip=192.168.96.24 mount error(126): Required key not available Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
We need a Kerberos key, and we haven't done anything yet to obtain it.
Trying to get a Kerberos key

apprentice@linux-pc:~$ kinit SomeAdmin@WINPROGRESS.LOCAL SomeAdmin@WINPROGRESS.LOCAL's Password: kinit: krb5_get_init_creds: unable to reach any KDC in realm WINPROGRESS.LOCAL
Well, as a matter of fact, the package heimdal-clients is installed on the system. If it hadn't been, the command kinit wouldn't even have been available.
But Kerberos certainly isn't configured for use with the experimental WINPROGRESS.LOCAL realm.

Configuring Kerberos

We add a stanza under

[realms]

in /etc/krb5.conf:

  <snip>
  WINPROGRESS.LOCAL = {
  kdc = 192.168.127.201 192.168.127.202
  admin_server = 192.168.127.201 192.168.127.202
  }
  <snip>

and under

[libdefaults]

, we put:

  <snip>
  default_realm = WINPROGRESS.LOCAL
  <snip>

	Note
	We 're using IP numbers rather than hostnames, because the nameserving isn't working for the domain `winprogress.local`.

... now we retry:

apprentice@linux-pc:~$ kinit SomeAdmin@WINPROGRESS.LOCAL SomeAdmin@WINPROGRESS.LOCAL's Password: apprentice@linux-pc:~$ klist Credentials cache: FILE:/tmp/krb5cc_7305 Principal: SomeAdmin@WINPROGRESS.LOCAL Issued Expires Principal Nov 23 13:20:18 Nov 23 23:20:18 krbtgt/WINPROGRESS.LOCAL@WINPROGRESS.LOCAL apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose mount.cifs kernel mount options: unc=//192-168-96-24.winprogress.local\Shared,ver=1,domain=WINPROGRESS,user=SomeAdmin@WINPROGRESS.LOCAL,sec=krb5,netbiosname=192-168-96-24.winprogress.local,uid=7305,gid=7305,ip=192.168.96.24 apprentice@linux-pc:~$ mount -t cifs //192-168-96-24.winprogress.local/Shared on /admin/apprentice/myShared type cifs (rw,mand,nosuid,nodev)

Note

It appears that this also works:

apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5