When working in a hybrid OS environment, often there is a need to mount Windows shares from a Linux client. Below are some tips from my previous experience:
- CVE-2020-1301 — Windows SMB Authenticated Remote Code Execution Vulnerability. Be aware of this vulnerability of SMBv1, and most of Windows systems should have SMBv1 disabled. In this case, use the mount option “vers=” to sepcify SMB versions, such as vers=2.0, or vers=3.0.
- Be careful with a password which contains specific characters such as ‘,’ or ‘$’. Using the mount option “credentials=” to specify a file (with full path) which contains user name, password, domain is the best practice if mount is done in a script, especially for the security reason. Protect the file with the proper permission and ownership.
- If default mount doesn’t take the PASSWD environment variable or a credential file, need to install cifs-utils.x86_64.
- Some folders (directories) migh not be listed when using “ls” after the share is mounted. But they still can be accessed as normal direcotries using “cd” if the mount option “noserverino” is used or the server doesn’t support it properly.
- You may see the message in the system log /var/log/messages like “kernel: CIFS VFS: Autodisabling the use of server inode numbers on \\<CIFS_SHARE>. This server doesn’t seem to support them properly. Hardlinks will not be recognized on this mount. Consider mounting with the “noserverino” option to silence this message.” As suggested, use the option “noserverino” to surppress this message.
Some common errors:
- mount: wrong fs type, bad option, bad superblock on //<CIFS_SHARE> — wrong password
- mount: cannot mount block device //<CIFS_SHARE> read-only — need cifs-utils
- mount error(112): Host is down — need to specify correct SMB version