-- Stanford Linear Accelerator Center

Samba at SLAC

UNIX at SLAC
Security
Updated: Dec 2012
--

Using Samba (slaccfs) at SLAC


  • Accessing Windows filesystems from Unix -- use Citrix
  • The SLAC samba server (slaccfs) is for Windows users to access Unix filesystems.
    For Unix to Windows access, the supported solution at SLAC is Citrix.

    However, here are some notes that may be helpful:

    1. An ftp-like client to browse a Windows volume on RHEL6:
    
       First you have to figure out the Windows server name and 
       path for your u: or v: directory (or whatever you are interested
       in mounting).  Then:
    
    	$ smbclient -W SLAC '\\file06\Users_ra-rm$'
    
    
    2. Mounting a Windows volume on RHEL6:
    
    	$ sudo mkdir /mnt/mountpoint
    	$ sudo mount.cifs '\\file06\Users_ra-rm$' /mnt/mountpoint \
    	     -o user=$USER,domain=SLAC
    
    
    Note, that the 'sudo mount.cifs ...' command above may prompt you for two passwords:
    (1) your sudo password, unless you just recently typed your sudo password
    (2) your Windows password for the CIFS mount
    
    for example:
    
    $ sudo mount.cifs '\\file06\Users_ra-rm$' /mnt/mountpoint -o user=$USER,domain=SLAC
    [sudo] password for ksa: 
    Password: 
    
    (I first entered my sudo password, then I entered my Windows password)
    
    
    After you have mounted, you can see the mount details like this:
    
    $ grep cifs /proc/mounts
    //file06/Users_ra-rm$/ /mnt/mountpoint cifs \
            rw,relatime,sec=ntlm,
            unc=\\file06\Users_ra-rm$,
            username=ksa,domain=SLAC,uid=0,
            noforceuid,gid=1,forcegid,
            addr=134.79.164.207,file_mode=0755,
            dir_mode=0755,serverino,rsize=16384,wsize=65536 0 0
    
    
    If you leave this mounted, and the Windows machine becomes
    inaccessable, you may cause your machine to hang with this mount.
    
    Please review the mount.cifs man page for descriptions of 
    the various security and file permission options.  The above
    mount command may make your Windows files available to anyone
    logged into the Linux machine.
    
    

  • Accessing Unix filesystems from Windows -- use Samba
  • The Samba server at SLAC has the NetBIOS name "slaccfs", which stands for SLAC Central File Server.

    From your Windows machine, double click on:

         My Network Places 
    Then put this in the address bar:
         \\slaccfs 
    Alternatively, you can browse to slaccfs by doing the following:
         My Network Places
           -> Entire Network
              -> Microsoft Windows Network
                 -> Slac
                    -> Slaccfs  (SLAC Central File Server) 
    

    If you are asked for your username and password, use your Windows username and password. You may need to specify the SLAC domain like this:

     
         Username:   slac\username
         Password:   [ Your Windows Password ]
    

    Replace "username" with your Windows username in the above example.

    If you are using your SLAC installed and maintained Windows machine, you probably will not need to enter your username and password since you've already authenticated with Windows server when you logged into your desktop.

    If your password is rejected, make sure that you don't have a bad password stored on your Windows machine. To check, go into

         Control Panel 
           -> User Accounts 
              -> Advanced 
                 -> Manage Passwords
    
    Look for a slaccfs entry. If you find one, delete it.

    If you enter your Windows password incorrectly too many times, your Windows account will get locked temporarily.
    Contact the Help Desk (650-926-4357) for more information about that.


  • AFS Tokens
  • You do not have an AFS token when accessing Unix filesystems via Samba.  

    An AFS token is required to access certain directories in AFS which are sufficiently protected using Access Control Lists (ACLs).  

    To access AFS space from Windows with a token, the supported solution at SLAC is WinSCP.  

    When you authenticate with a Unix server (eg, flora or iris) using WinSCP, you will get an AFS token.


    Owner: Karl Amrhein