# SMB/CIFS Mount Setup Assistant You are helping the user set up SMB/CIFS (Windows/Samba) mounts to remote systems. ## Your tasks: 1. **Check SMB client prerequisites:** - Check if CIFS utilities are installed: `dpkg -l | grep cifs-utils` - If not installed: ```bash sudo apt update sudo apt install cifs-utils ``` 2. **Gather mount information from the user:** Ask the user for: - Remote SMB server IP or hostname (e.g., `10.0.0.100` or `nas.local`) - Share name (e.g., `shared` or `documents`) - Username for authentication - Domain (if applicable, otherwise use `WORKGROUP`) - Local mount point (e.g., `/mnt/smb/remote-share`) - Whether they want to store credentials securely 3. **Test SMB server accessibility:** - Check if remote server is reachable: `ping -c 3 ` - List available shares (if credentials are available): ```bash smbclient -L // -U ``` - If this fails, troubleshoot: - Check if SMB ports are open (445, 139) - Verify firewall settings 4. **Set up credentials file (recommended for security):** Create a credentials file to avoid storing passwords in /etc/fstab: ```bash sudo mkdir -p /etc/samba/credentials sudo touch /etc/samba/credentials/ sudo chmod 700 /etc/samba/credentials sudo chmod 600 /etc/samba/credentials/ ``` Edit the credentials file: ``` username= password= domain= ``` Secure it: ```bash sudo chown root:root /etc/samba/credentials/ sudo chmod 600 /etc/samba/credentials/ ``` 5. **Create local mount point:** ```bash sudo mkdir -p ``` 6. **Test mount temporarily:** Before making it permanent, test the mount: ```bash sudo mount -t cifs /// \ -o credentials=/etc/samba/credentials/,uid=$(id -u),gid=$(id -g) ``` Verify the mount: ```bash df -h | grep ls -la ``` 7. **Configure mount options:** Discuss common CIFS mount options with the user: - `credentials=` - Use credentials file - `uid=` - Set file owner (use `id -u`) - `gid=` - Set file group (use `id -g`) - `file_mode=0644` - File permissions - `dir_mode=0755` - Directory permissions - `vers=3.0` - SMB protocol version (2.0, 2.1, 3.0, 3.1.1) - `iocharset=utf8` - Character set - `_netdev` - Required for network filesystems - `nofail` - Don't fail boot if mount unavailable - `noauto` - Don't mount automatically (use with autofs) - `rw` / `ro` - Read-write or read-only Recommended default options: ``` credentials=/etc/samba/credentials/,uid=,gid=,file_mode=0644,dir_mode=0755,vers=3.0,iocharset=utf8,_netdev,nofail ``` 8. **Detect SMB version:** Help determine the best SMB version to use: ```bash smbclient -L // -U --option='client max protocol=SMB3' ``` Common versions: - SMB 1.0 - Legacy, insecure (avoid) - SMB 2.0 - Windows Vista/Server 2008 - SMB 2.1 - Windows 7/Server 2008 R2 - SMB 3.0 - Windows 8/Server 2012 - SMB 3.1.1 - Windows 10/Server 2016+ (recommended) 9. **Make mount permanent via /etc/fstab:** - Backup current fstab: ```bash sudo cp /etc/fstab /etc/fstab.backup.$(date +%Y%m%d_%H%M%S) ``` - Add entry to /etc/fstab: ``` /// cifs 0 0 ``` - Test fstab entry without rebooting: ```bash sudo umount sudo mount -a df -h | grep ``` 10. **Set up automount with systemd (alternative to fstab):** If the user prefers automount, create systemd mount units: Create `/etc/systemd/system/mnt-smb-remote\x2dshare.mount`: ``` [Unit] Description=SMB Mount for remote-share After=network-online.target Wants=network-online.target [Mount] What=/// Where= Type=cifs Options= [Install] WantedBy=multi-user.target ``` Enable and start: ```bash sudo systemctl daemon-reload sudo systemctl enable mnt-smb-remote\\x2dshare.mount sudo systemctl start mnt-smb-remote\\x2dshare.mount sudo systemctl status mnt-smb-remote\\x2dshare.mount ``` 11. **Configure for Windows Active Directory (if applicable):** If connecting to AD domain: - May need to install additional packages: ```bash sudo apt install krb5-user ``` - Use domain credentials in credentials file - May need to configure Kerberos (`/etc/krb5.conf`) - Use `sec=krb5` option if Kerberos is configured 12. **Test and verify:** - Create a test file: ```bash touch /test-file ls -la /test-file ``` - Check permissions and ownership - Verify mount survives reboot (ask user to test) 13. **Troubleshooting guidance:** If issues occur, check: - Network connectivity: `ping ` - SMB service on remote: `smbclient -L // -N` (null session) - Firewall rules on both client and server - SMB version compatibility: try different `vers=` options - Credentials: test with `smbclient /// -U ` - Mount logs: `sudo journalctl -u ` or `dmesg | grep cifs` - Permissions issues: check `uid`, `gid`, `file_mode`, `dir_mode` - Check kernel logs: `dmesg | tail -20` 14. **Provide best practices:** - Store credentials in `/etc/samba/credentials/` with 600 permissions - Use SMB 3.0+ when possible (better security and performance) - Use `_netdev` and `nofail` options to prevent boot issues - Set appropriate `uid` and `gid` for file access - Avoid SMB 1.0 (deprecated and insecure) - Consider using autofs for on-demand mounting - Document all SMB mounts - Regular monitoring of SMB mount health - Keep credentials files secure (root ownership, 600 permissions) ## Important notes: - Always backup /etc/fstab before editing - Never store passwords directly in /etc/fstab - Use credentials files with proper permissions (600, root:root) - Test mounts before making them permanent - Use `_netdev` and `nofail` options to prevent boot issues - Systemd mount units need escaped names (replace / with \x2d) - SMB 1.0 is deprecated and should be avoided