What i wanna do
Within a Windows 2000 domain (with Active Directory), i want connect a Linux box to a Windows box share, and the share have access restrictions on domain users basics, and reconnect each time the linux box restart
Environment:
- Windows domain: WINDOMAIN
- Windows domain user: WINDOMAIN\Rainbow
- Server name: DMNSRV
- Server share: \\DMNSRV\rainbow: only domain admins and domain user Rainbow can access to this share
- Linux user: legolas
Some pre-check
- in debian-like distribution, install smbfs (apt-get install smbfs), need to read and write on Windows shares (SMB), and, if not installed by default, the samba client (apt-get install smbclient)
- check if you can ping the Windows sharing server within the linux box (ie: ping DMNSRV). if your domain it’s a true Windows 2000/XP/2003 domain, you must have a dns server and a dns domain name, ie windomain.intra. if your linuxbox use the windows domain dns server, try ping DMNSRV.windomain,intra. Elsewhere, add the host name to the linux host table (/etc/hosts). Assuming that you can ping SMNSRV.windomain.intra
Made the work
- start linux as legolas user and obtain a command prompt (terminal or text-only mode)
- cd /home/legolas (or the home directory of legolas user)
- create .smbcredentials files and write in this lines
username=rainbow
password=rainbow_password - optional: sudo chmod 500 .smbcredtials && sudo chown root .smbcredentials in this way, you make unreadable the file to the legolas linux user, it’s a little security addon if you want to grant access to windows share to the linux user without letting him know the windows user password (and, obviusly, if he cannot became root on the linux box)
- mkdir rainbow (or another folder where windows share should be mounted)
- sudo vi /etc/fstab
add this line at the end of the file (it’s a unique line, don’t break it)
//DMNSRV.windomain.intra/rainbow /home/legolas/rainbow smbfs credentials=/home/legolas/.smbcredentials,uid=legolas,gid=legolas,fmask=0770,dmask=0770,rw 0 0uid: set the owner of windows share file to user legolas
gid: set the group of windows share file to group legolas
fmask: set the file permissions to 0770
dmask: set the directory permissions to 0770
rw: files are in read/write mode - sudo mount rainbow… And the joke is done ;)
Final note
- you can also bypass the creation of .smbcredentials file and write Windows user name and password directly in fstab file, but i like more this solution, for me is more clear…
Hope this can help someone (me surely)… Byez!
{mxc}
great post save up the great work.