Mounting shares using CIFS/SMB on Linux

Detailed instruction on how to access your usershares on Linux

Intro

The CIFS/SMB protocols can be used to mount usershares. Some form of authentication is needed to access shares; a username and password in the simplest case, or something more complex like a Kerberos token. The credentials can be provided whenever the share is mounted, or they can be stored on the client to make mounting a share more convenient.

Mounting Samba shares from computers outside of the university domain

You can mount a usershare with a computer that is not part of the wwu domain. However, without domain membership, your computer will not be able to correctly resolve group and user IDs to their respective names, making the administration of permissions tedious or even impossible. If you need to mount shares on computers that are not part of the wwu domain, you can still administer the permissions from a computer that is. Should you not have access to one, you can also use university services such as Jupyterhub or Palma that make usershares available as described here.

Mounting shares using the CIFS kernel module on Linux

Mounting shares using CIFS should work out of the box in Linux:

sudo mount -t cifs //samba.public.os.wwu.de/usershare/projects/<PROJECT_NAME>/<USERSHARE_NAME> <MOUNT_POINT> -o username=<USERNAME>,domain=wwu.de,vers=3.1.1

The vers=... option explicitly determines the SMB protocol version to be used. Versions below 3.0 do not yet implement end-to-end encryption, which may expose your files to eavesdroppers.

Read the man page for more information, options and details that might be relevant to your use case:

man mount.cifs

You can add a line to your /etc/fstab so that your share gets mounted on startup. Usershares can only be mounted from within the university network, so depending on where you are trying to access them from (your private computer may not have access to the university network at boot time), you may need a different configuration:

# this mount point will not be mounted automatically; upon manually mounting it, a password prompt will be used for authentication
//samba.public.os.wwu.de/usershare/projects/<PROJECT_NAME>/USERSHARE_NAME> <MOUNT_POINT> cifs noauto,username=<USERNAME>,domain=wwu.de,vers=3.1.1 0 0
# this mount point will be mounted on boot automatically; the password is stored in `/etc/fstab`, which is readable by any user of the computer
//samba.public.os.wwu.de/usershare/projects/<PROJECT_NAME>/USERSHARE_NAME> <MOUNT_POINT> cifs username=<USERNAME>,password=<PASSWORD>,domain=wwu.de,vers=3.1.1 0 0
# this mount point will be mounted on boot automatically; the password and other login information are stored in a separate credential file, to which access can be restricted, so that only root may read it.
//samba.public.os.wwu.de/usershare/projects/<PROJECT_NAME>/USERSHARE_NAME> <MOUNT_POINT> cifs credentials=<CREDENTIAL_FILE_PATH>,vers=3.1.1 0 0
# same as above, but the systemd auto mount feature is used to only attempt mounting the file system when the mount point is first accessed
//samba.public.os.wwu.de/usershare/projects/<PROJECT_NAME>/USERSHARE_NAME> <MOUNT_POINT> cifs x-systemd.automount,x-systemd.mount-timeout=10,credentials=<CREDENTIAL_FILE_PATH>,vers=3.1.1 0 0

A typical credential file will look like this (refer to the man page mentioned above for more options):

username=<USERNAME>
password=<PASSWORD>
domain=wwu.de

Storing your credentials in clear text on your computer is not reccomended when unauthorised persons may access it, or the files and services you may have access to are particularly sensitive. You are responsible for the security of your own user account. Encrypting the credential file or the entire disk of the computer may help you secure your credentials. There are also other methods available such as authenticating using a kerberos token, instead of a user account. If you are unsure what the best way to proceed is, or you are an administrator responsible for the workplaces of other people, you can contact us and ask for help.