Accessing Windows Shares From a GNU/Linux Desktop

Many people work for companies that have a Windows-based
infrastructure, while they have a GNU/Linux desktop. You could use
something like VNC or rdesktop to gain access to files on Windows
shares, but a couple of command-line utilities from the Samba suite
are a nice option that let you gain access right from your desktop
(for a more in-depth treatment of Samba, see the
presentation Using
Samba as a File Server, PDC or Domain Client).







Let's say your company has a Win2k3-based fileserver, call it
"FILESRV", in the domain "DOM". The problem is that you have a Linux
workstation, and don't have access to a Windows terminal server, or
you don't have Administrative rights on the server in question, so you
can't install VNC. The 'mount' command (which uses 'smbmount' under
the hood when it is asked to mount a Windows share), 'smbclient', and
Openoffice.org's import/export filters provide a nice alternative. On
a Debian-based system, run 'apt-get install sudo smbfs smbclient' to
get the required command-line utilities described below, although
Ubuntu systems will already have sudo.



File Transfers With Smbclient


The 'smbclient' command from the Samba suite of tools provides an
FTP-like command-line interface to a Windows fileshare. To make it
easier to use, and so we don't have to remember all the command-line
options, we are going to define a shell alias. Put the following in
your ~/.bashrc file (using .bashrc means this alias will be available
to you in any interactive shell, not just a login shell).






alias files='smbclient //FILESRV/path -d 3 -A ~/.dom.txt'




Where the file ".dom.txt" in your home directory is in this format
(see smbclient(1) for details):






username = username
password = password
domain = DOM




Some tips:











To make this alias apply to all users, put it in /etc/bashrc, not
~/.bashrc. Each user will still have to have their own ~/.dom.txt
file, however.


The "-d 3" sets the debug level to something useful, in case the
command fails - you can remove this once your alias works correctly


Using the "-A" option like this keeps you from having to give a
username and password every time you run the alias (but see the note
about security, below).


You can put the share path in double quotes if it contains spaces, as
in "//FILESERV/Tech Docs".


You can use an IP address in place of the server name if you want.


Running the 'alias' command will display a list of aliases that are
currently defined.







When you are done editing ~/.bashrc
(or after each editing session), you need to re-evaluate your .bashrc
by running '. ~/.bashrc' or 'source ~/.bashrc'. Now when you
run the command 'files', you should get dumped into an FTP-like
interface from which you can get or put files from the remote share:







dmaxwell@stealth:~$ . .bashrc
dmaxwell@stealth:~$ alias
alias files='smbclient //10.0.0.2/Tech -A ~/.dom.txt'
dmaxwell@stealth:~$ files
Domain=[DOM] OS=[Windows Server 2003 3790 Service Pack 1] Server=...
smb: \> get "ftp fix.doc"
getting file \ftp fix.doc of size 24064 as ftp fix.doc (195.8 kb/s)
smb: \> quit
dmaxwell@stealth:~$








Transparent Access With Mount


Accessing Windows shares with the mount command is a little more
convenient, since once mounted, you can use 'ls', 'cp', 'mv', 'mkdir'
and all the other Unix filesystem commands you are used to. Let's say
that you want transparent access to the Windows fileshare noted above
(//FILESRV/path). First, create a directory with something like 'mkdir
~/files'. This directory is where the remote filesystem will get
mounted. Then add the following to your ~/.bashrc (we are using sudo
to let us run the mount command with the required root privileges):









alias filemount='sudo mount -t cifs //FILESRV/path ~/files -o username=user,password=pass,workgroup=DOM'





Make sure your alias definition is on
one line - your browser might wrap the display, above. 'DOM'
here is the name of your Windows domain, 'user' and 'pass' are your
Windows domain credentials. When you are done, source your .bashrc
again, and run the command 'filemount'. You should now be able to
access the files in "//FILESRV/path" from within your ~/files
directory.




Accessing HOME$ Shares


Sometimes a Windows admin will map a hidden share to everyone's
Windows desktop, to use as a private storage space. This is usually
called the "HOME$" share, although you won't see it if you try to
browse the network (in a Windows-sense). To access it, make a
directory in your home directory, again as a filesystem mount
point. I'll use 'z' as the name of the directory, since a lot of
Windows admins map the Z: drive to user's home shares at login.







Add the following to your .bashrc:









alias homez='sudo mount -t cifs //FILESRV/HOME$ ~/z -o username=user,password=pass,workgroup=DOM'







That's it. When you source your .bashrc again you should be able to
run the command 'homez' and have full access to your private Windows
home share from within your ~/z directory.


Security


A final word about security is in order. You may want to change the
permissions on the "~/.dom.txt" and "~/.bashrc" files to 0600, to
prevent any other non-root users on your workstation from reading the
passwords stored in those files. Even though this is really just
'security through obscurity', the alternative, which is less
convenient, is to type the password in every time you mount or access
one of the remote shares. The smbmount(8) (and mount(8), since mount
just passes it's options onto smbmount) command supports a
'credentials' option that allows the use of a file when
authenticating, much like the '-A' option to smbclient.


Compatibility


These aliases will work on pretty much any (recent) GNU/Linux system
under any shell, with Samba 3.x. I've written them with the Bash shell
in mind, as it's the installed default on most of these systems. What
may differ under other shells is the name of the shell startup file,
and the syntax for defining shell aliases (although the above syntax
will work under any Bourne-compatible shell).







If you have trouble getting the mount command to recognize the '-t
cifs' option, try it with '-t smbfs' instead, but you may not be able
to access Win2k3 shares easily if you do this. Some Unix systems'
mount commands don't support passing the smbfs or cifs filesystem
types onto smbmount - in this case, you can use smbmount(8) directly.