use smbclient to connect to CIFS share from linux

To connect to a Windows network drive, or CIFS share, you can use a simple Linux utility called smbclient. This is much faster than trying to map a network drive through Windows. You can use this simple tool to test that the file server is working correctly.

# smbclient --user="DOMAIN\fordodone" //
Enter DOMAIN\fordodone's password:
Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
smb: \> 

You can use commands like cd, ls, cp, etc. to interact with the share (similar to FTP).

NetApp access NTFS CIFS share from Unix host via NFS

NTFS vs. Unix style volume settings have nothing to do with which hosts can mount the volume, they have to do with permissions. To access a NTFS volume via NFS, first allow rw or root mounting in /etc/exports (you do have your root vol mounted on your admin boxes right?):

# sed -i '/cifsshare/d' /mnt/toaster/vol0/etc/exports
# echo '/vol/cifsshare -sec=sys,rw,root=someadminhost:anotherlinuxbox,anon=0,nosuid' >> /mnt/toaster/vol0/etc/exports
# ssh toaster
toaster> exportfs -a
toaster> Connection to toaster closed by remote host.
Connection to toaster closed.

Mount the volume on your administration host and list the directory:

# mkdir -p /mnt/toaster/cifsshare
# mount toaster:/vol/cifsshare /mnt/toaster/cifsshare
# cd /mnt/toaster/cifsshare 
# ls
ls: .: Permission denied
# whoami

So even though we are able to mount this share via NFS, the NTFS permissions do not let us see what’s there. Check the filer to see what permissions context it has for ‘root’.

toaster> wcc -u root
Tue Jul 16 09:11:57 PDT [toaster: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Lookup of account "DOMAINNAME\root" failed: STATUS_NONE_MAPPED (0xc0000073).
(NT - UNIX) account name(s):  (DOMAINNAME\guest - root)
        UNIX uid = 0
        user is a member of group daemon (1)
        user is a member of group daemon (1)

        NT membership
                DOMAINNAME\Domain Guests
                DOMAINNAME\Domain Users
        User is also a member of Everyone, Network Users,
        Authenticated Users

Looks like the filer doesn’t recognize the user ‘root’ and sees it as a guest. This explains why we might not have permissions in the ‘cifsshare’ mount. The solution is to add a user mapping so that user ‘root’ is recognized as ‘administrator’ for the domain ‘DOMAINNAME’. Make an entry in usermap.cfg (you do have your root vol mounted on your admin boxes right?):

echo 'DOMAINNAME\administrator == root' >>/mnt/toaster/vol0/etc/usermap.cfg

Now let’s see what user ‘root’ is seen as from the view of the filer:

toaster> wcc -u root
Tue Jul 16 09:12:30 PDT [toaster: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Located account "DOMAINNAME\administrator" in domain "DOMAINNAME"..
(NT - UNIX) account name(s):  (DOMAINNAME\administrator - root)
        UNIX uid = 0
        user is a member of group daemon (1)
        user is a member of group daemon (1)

        NT membership
                DOMAINNAME\Enterprise Admins
                DOMAINNAME\Exchange Recovery Administrators
                DOMAINNAME\Schema Admins
<a ton of other stuff here>
        User is also a member of Everyone, Network Users,
        Authenticated Users

Now we have all the privileges that the domain administrator has, and we can view, list, and alter files that the domain administrator has permissions for. In a production environment, you could just map a Linux admin jdoe to DOMAINNAME\jdoe assuming they had domain admin permissions.