smb-client

smb Clients

Install and configure smb clients for various platforms.

2022-08-06 Raspbian bullseye, macOS 15.5

Examples are based upon:

stringybark: smb server
fred
samba user known to samba server
freds: Private samba share for samba user fred
everyones: Public samba share accessible to all samba users, and fred in particular
linus: User on machine running linux OS
mac: User on machine running macOS OS

This assumes the clients all use protocol SMB3.11. Anything less is too terrifying for security to contemplate…

Windows 10/11 File Explorer

supports smb protocol natively. See How to connect to Linux Samba shares from Windows. In brief, for Windows 11 in File Explorer:

Enter location //stringybark/freds in address bar;
Enter username fred & password when prompted.

Windows 10 requires more steps than this.

macOS Finder

supports smb protocol natively. See How to connect your macOS device to an SMB share. In brief, in Finder:

In application menubar, select Go > Connect to Server...
In details popup, enter smb://stringybark/freds for server, then press Connect;
In login popup:
- choose Registered User
- enter Name as fred
- enter Password
- tick Remember this password in my keychain

then Finder opens a tab with share freds open – Done.

mac:~ ls /Volumes

Observe that share freds was mounted on /Volumes/freds by default. It is navigable via shell.
The volume can be dragged from Finder GUI pane into mac's login items so that it is reconnected at each login.

macOS private mount

provides samba private share as a local user mount at ~/a_share on-demand by the user.

mac:~ mkdir ~/a_share # create mount point mac:~ mount_smbfs //fred@stringybark/freds ~/a_share # mount Password: fred's password mac:~ mount | grep a_share //fred@stringybark/freds on /Users/mac/a_share (smbfs, nodev, nosuid, mounted by mac)

Verify share freds is mounted.

mac:~ ls ~/a_share

Verify expected contents of fred's share are shown.

mac:~ umount ~/samba # unmount mac:~ mount | grep a_share

Verify share freds is no longer mounted.

linux private mount

provides samba private share as a local user mount at ~/a_share on-demand by the user.

linus:~ sudo apt update linus:~ sudo apt install cifs-utils linus:~ sudo vi /etc/fstab

/etc/fstab append to end

//stringybark/fred /home/linus/a_share smb3 noauto,rw,user,credentials=/home/linus/.creds/fred@stringybark.smb,uid=linus,gid=linus,_netdev

linus:~ mkdir -p ~/.creds # container for samba credentials linus:~ chmod 700 ~/.creds

Passwords are stored in clear text so perms on ~/.creds must be tight.

linus:~ vi ~/.creds/fred@stringybark.smb # a specific samba credential

~linus/.creds/fred@stringybark.smb new file

username=fred
password=fred's password

linus:~ mkdir ~/a_share # create mount point

Now we can mount it whenever we like as a non-privileged user:

linus:~ mount ~/a_share # mount linus:~ ls ~/a_share

Verify expected contents of share freds are shown.
They will all have ownership linus:linus irrespective of the ownership in the native storage.

linus:~ mount | grep a_share //stringybark/freds on /home/linus/a_share type smb3 (rw,nosuid,nodev,relatime,vers=3.1.1,cache=strict,username=fred,uid=1001,noforceuid,gid=1001,noforcegid,addr=192.168.xx.yy,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1,user=linus,_netdev) linus:~ umount ~/a_share # unmount

The personal share can be made available during login session by adding the mount and umount commands to the login/out scripts e.g. for bash there is .bash_login and .bash_logout. This is beyond scope of this document.

linux public mount

provides a samba share permanently for all local users. It is managed by root.

everyones: A public samba share that is accessible by all samba users.
fred: The public share needs credentials (i.e. a valid samba user) for access. In this example we use poor fred's credentials for everyone. It would often be better to define a generic samba user e.g. somebody.
nobody: Generic UNIX user to own the public mounted share.
sambashare: UNIX group for local users permitted to access locally mounted samba shares.
/smb/everyones: Mount point for public share everyones.

linus:~ sudo apt update linus:~ sudo apt install cifs-utils linus:~ sudo vi /etc/fstab

/etc/fstab append to end of file

//stringybark/everyones /smb/everyones smb3 rw,credentials=/root/.creds/fred@stringybark.smb,uid=nobody,gid=sambashare,_netdev

linus:~ sudo mkdir -p ~root/.creds # container for samba credentials linus:~ sudo chmod 700 ~root/.creds

Passwords are stored in clear text so perms on ~root/.creds must be tight.

linus:~$ sudo vi ~root/.creds/fred@stringybark.smb

~root/.creds/fred@stringybark.smb new file

username=fred
password=fred's password

linus:~ sudo addgroup sambashare # group of users allowed to access samba shares linus:~ sudo adduser linus sambashare # authorise this user

Logout and login again for linus to pick up group membership.
Add required local users to sambashare group to give them access.

linus:~ sudo mkdir /smb/everyones # create premanent mount point linus:~ sudo mount /smb/everyones # permanent mount linus:~ ls -ld /smb/everyones drwxr-xr-x 19 nobody sambashare 4096 Aug 11 19:32 /smb/everyones linus:~ ls /smb/everyones

Verify expected contents of everyones share are shown.
They will all have ownership nobody:sambashare. We actually have fred's perms inside the share.

linus:~ mount | grep everyones //stringybark/everyones on /smb/everyones type smb3 (rw,relatime,vers=3.1.1,cache=strict,username=fred,uid=65534,noforceuid,gid=120,noforcegid,addr=192.168.xx.yy,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1,_netdev)

This is left permanently mounted. It will also be automatically re-mounted on reboot.

linux smbclient

provides ftp-like shell interface to enter commands to the remote share.

linus:~ sudo apt update linus:~ sudo apt install smbclient linus:~ smbclient //stringybark/freds -U fred Enter GEDDYAU\fred's password: Try "help" to get a list of possible commands. smb: \> ls . D 0 Tue Aug 2 22:29:42 2022 .. D 0 Tue Aug 2 22:16:41 2022 test D 0 Tue Aug 2 22:26:03 2022 61101516 blocks of size 1024. 55578124 blocks available smb: \> █