22 July 2013

481. A little bit of samba on the command line

I have a bit of a problem with samba currently.

My problem is that my computers are sitting behind a router (on a 192.168.2.0/24 subnet) and the computers that I want to access sit on the university network, to which the router is connected. The address range is, say, 131.172.x.x.

In other words, I (think I) want to use samba across two subnets.

I've opened up ports 13-139,445 to tcp and udp on both the router and in iptables on my desktop.

My problem:
1. I can't see the network shares of the other computers using
   a) nautilus (Network/Windows Network)
   b) nmblookup
   c) sambascanner

2. I can't connect to network shares using their netbios names. For example, I'd like to connect to e.g. smb://avance400/data, but I have to use the IP address instead. For some curious reason not even that works using nautilus.

Workaround:
So here's not a solution, but a workaround.

I can connect to other computers from the command line as long as I know the IP address, and here's how
smbclient //131.172.123.30/data -U myuni/me

If you actually want to mount the share, which is password protected, and you do, then do
sudo mount -t cifs -o user=me //131.172.123.30/data /media/smbmounts/

where /media/smbmounts belong to you (e.g. sudo mkdir /media/smbmounts && sudo chown $USER /media/smbmounts).

And that's more or less it.

Some additional information:
If you don't get prompted for the password, and get
mount: block device //131.172.123.30/data is write-protected, mounting read-only
mount: cannot mount block device //131.172.123.30/data read-only

but supplying the password as part of the command line works, then you are missing cifs-utils, so install them.

Note that mount.cifs can handle credentials from a special file, e.g. like this , which you chmod to 600. My chief issue with that is that ~/.bash_history has exactly the same permissions (u+rw, go-rwx) and so I don't see how it's that's any safer than exposing everything by supplying your password as part of the mount command. Both should be avoided if possible.

On the other hand you could argue that since the password is transmitted over the network in cleartext you're inviting trouble either way...




No comments:

Post a Comment