Samba at SLAC

		Samba at SLAC	UNIX at SLAC Security
		Updated: Dec 2012

Using Samba (slaccfs) at SLAC

Accessing Windows filesystems from Unix -- use Citrix

The SLAC samba server (slaccfs) is for Windows users to access Unix filesystems.
For Unix to Windows access, the supported solution at SLAC is Citrix.

However, here are some notes that may be helpful:

1. An ftp-like client to browse a Windows volume on RHEL6:

   First you have to figure out the Windows server name and 
   path for your u: or v: directory (or whatever you are interested
   in mounting).  Then:

	$ smbclient -W SLAC '\\file06\Users_ra-rm$'


2. Mounting a Windows volume on RHEL6:

	$ sudo mkdir /mnt/mountpoint
	$ sudo mount.cifs '\\file06\Users_ra-rm$' /mnt/mountpoint \
	     -o user=$USER,domain=SLAC


Note, that the 'sudo mount.cifs ...' command above may prompt you for two passwords:
(1) your sudo password, unless you just recently typed your sudo password
(2) your Windows password for the CIFS mount

for example:

$ sudo mount.cifs '\\file06\Users_ra-rm$' /mnt/mountpoint -o user=$USER,domain=SLAC
[sudo] password for ksa: 
Password: 

(I first entered my sudo password, then I entered my Windows password)


After you have mounted, you can see the mount details like this:

$ grep cifs /proc/mounts
//file06/Users_ra-rm$/ /mnt/mountpoint cifs \
        rw,relatime,sec=ntlm,
        unc=\\file06\Users_ra-rm$,
        username=ksa,domain=SLAC,uid=0,
        noforceuid,gid=1,forcegid,
        addr=134.79.164.207,file_mode=0755,
        dir_mode=0755,serverino,rsize=16384,wsize=65536 0 0


If you leave this mounted, and the Windows machine becomes
inaccessable, you may cause your machine to hang with this mount.

Please review the mount.cifs man page for descriptions of 
the various security and file permission options.  The above
mount command may make your Windows files available to anyone
logged into the Linux machine.

Accessing Unix filesystems from Windows -- use Samba

The Samba server at SLAC has the NetBIOS name "slaccfs", which stands for SLAC Central File Server.

From your Windows machine, double click on:

     My Network Places

Then put this in the address bar:

     \\slaccfs

Alternatively, you can browse to slaccfs by doing the following:

     My Network Places
       -> Entire Network
          -> Microsoft Windows Network
             -> Slac
                -> Slaccfs  (SLAC Central File Server)

If you are asked for your username and password, use your Windows username and password. You may need to specify the SLAC domain like this:

 
     Username:   slac\username
     Password:   [ Your Windows Password ]

Replace "username" with your Windows username in the above example.

If you are using your SLAC installed and maintained Windows machine, you probably will not need to enter your username and password since you've already authenticated with Windows server when you logged into your desktop.

If your password is rejected, make sure that you don't have a bad password stored on your Windows machine. To check, go into

     Control Panel 
       -> User Accounts 
          -> Advanced 
             -> Manage Passwords

Look for a slaccfs entry. If you find one, delete it.

If you enter your Windows password incorrectly too many times, your Windows account will get locked temporarily.
Contact the Help Desk (650-926-4357) for more information about that.

AFS Tokens

You do not have an AFS token when accessing Unix filesystems via Samba.

An AFS token is required to access certain directories in AFS which are sufficiently protected using Access Control Lists (ACLs).

To access AFS space from Windows with a token, the supported solution at SLAC is WinSCP.

When you authenticate with a Unix server (eg, flora or iris) using WinSCP, you will get an AFS token.

Owner: Karl Amrhein