Voir aussi
Voir :
apt-get install cifs-utils smbclient
auth.cfg
username=jean password=P@ssw0rd domain=D$
smbclient -A auth.cfg //192.168.1.12/D$/ -c ls
Anonymement
smbclient -N -L 127.0.0.1
Avec un compte
smbclient -U utilisateur%mdp -L 127.0.0.1
Ou (debug)
smbtree -N -d3
smbclient -U utilisateur%mdp '\\127.0.0.1\partage'
gvfs-mount smb://server/share
apt-get install libpam-mount
/etc/security/pam_mount.conf.xml
<volume options= "user=%(DOMAIN_USER),dom=%(DOMAIN_NAME),setuids" fstype="cifs" server="192.168.x.x" path="sharename" mountpoint="~/sharemount" />
Voir nmap, smbmap, rpcclient, nbtscan, enum4linux
Pour tester
nmap -A 127.0.0.1 nmap --script smb-os-discovery.nse -p445 127.0.0.1 sudo nmap -sU -sS --script smb-os-discovery.nse -p U:137,T:139 127.0.0.1 nmap --script smb-enum-shares.nse -p445 <host> sudo nmap -sU -sS --script smb-enum-shares.nse -p U:137,T:139 127.0.0.1 nmap --script smb-enum-users.nse -p445 <host> sudo nmap -sU -sS --script smb-enum-users.nse -p U:137,T:139 127.0.0.1
Disable less secure legacy dialects
/etc/modprobe.d/cifs.conf
options cifs disable_legacy_dialects=1
echo 1 > /sys/module/cifs/parameters/disable_legacy_dialects # Y or 1 stands for enabled # N or 0 stands for disabled
Display CIFS statics with Mega bytes per a 1 second 3 times (sysstat)
cifsiostat -m 1 3
Equiv :
mount.cifs -o credentials=/home/share/.auth.cfg,uid=1000,forceuid,gid=1000,forcegid,file_mode=0777,dir_mode=0777,noperm,port=1446,vers=2.0 //127.0.0.1/share /mnt/share/
#sudo apt-get install fusesmb sudo apt-get install smbnetfs mkdir .smb cp /etc/smbnetfs.conf ~/.smb/ chmod 600 ~/.smb/smbnetfs.conf cp /etc/samba/smb.conf ~/.smb/ mkdir -p Network smbnetfs Network cd Network/127.0.0.1:1446/ cd Network/share:'domain\user1':'P@ssw0rd'@127.0.0.1:1446/Install
~/.smb/smbnetfs.conf
log_file "/tmp/smbnetfs.log" show_$_shares "true" show_hidden_hosts "true" auth "guest" "" include "smbnetfs.auth"
~/.smb/smbnetfs.auth
auth "smb-sh" "DOMAIN/user1" "P@ssw0rd" auth "127.0.0.1" "DOMAIN/user1" "P@ssw0rd" auth "127.0.0.1:1446" "DOMAIN/user1" "P@ssw0rd"
chmod 600 ~/.smb/smbnetfs.auth
Voir :
findmnt -n -s -t cifs
mkdir /mnt/nompartage
/etc/fstab
//ouindoze/nompartage /mnt/nompartage cifs credentials=/home/jean/.smbcredentials,rw,auto,user,nounix,noserverino,iocharset=utf8,file_mode=0777,dir_mode=0777 0 0 //public/plop /mnt/espace_build_ovs/ cifs _netdev,rw,uid=15041,forceuid,gid=15141,forcegid,file_mode=0777,dir_mode=0777,noperm,credentials=/etc/.cifs_public_plop 0 0
mount -t cifs //mystorage/data2 -o username=user1,password=myPassword,rw,bg,vers=3,proto=tcp,hard,intr,rsize=32768,wsize=32768,forcedirectio,llock /data2
/etc/modprobe.d/cifs.conf
# Disable caching and the CIFS oplog for stable NTFS network shares options cifs enable_oplocks=0 install cifs /sbin/modprobe --ignore-install cifs $CMDLINE_OPTS && echo 0 > /proc/fs/cifs/LinuxExtensionsEnabled && echo 0 > /proc/fs/cifs/LookupCacheEnabled remove cifs /sbin/modprobe -r cifs
Fichiers contenant les identifiants en clair (pour ne pas les mettre dans le fstab)
/etc/.cifs_public_plop
#domain=domain username=utilisateur password=motdepasse
/home/jean/.smbcredentials
username=utilisateur password=motdepasse
Vous pouvez éventuellement ajouter :
domain=MONDOMAINE
Ou encore le mettre après le “username” comme :
username=utilisateur@MONDOMAINE
ou bien
username=MONDOMAINE\utilisateur
chmod 600 /home/jean/.smbcredentials /etc/.cifs_public_plop
Puis
mount /mnt/nompartage
# mount |grep /mnt/shared systemd-1 on /mnt/shared type autofs (rw,relatime,fd=28,pgrp=1,timeout=10,minproto=5,maxproto=5,direct,pipe_ino=38828)
sudo umount -a -t cifs -l sudo umount -a -t autofs -l
Voir https://bugzilla.redhat.com/show_bug.cgi?id=78846
# smbclient -A /etc/.creds //server-smb/partage1/ session setup failed: NT_STATUS_LOGON_FAILURE
# rpcclient vmx-gspl -d 1 -A /etc/.creds -c "getdriverdir \"Windows NT x86\"" Cannot connect to server. Error was NT_STATUS_LOGON_FAILURE
# smbclient -U jean -W DOMAIN //server-smb/partage1/ Enter jean's password: Domain=[ACME] OS=[Unix] Server=[Samba 3.6.6] smb: \>
$ smbclient -U user%'P@ssw0rd' -p 1445 //127.0.0.1/E WARNING: The "syslog" option is deprecated protocol negotiation failed: NT_STATUS_CONNECTION_DISCONNECTED
Ajouter l'option -m SMB3
smbclient -U user%'P@ssw0rd' -p 1445 //127.0.0.1/E -m SMB3
plop@portable:~$ smbclient -U user%'P@ssw0rd' -p 1445 //127.0.0.1/D -m SMB3 -d 3 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" WARNING: The "syslog" option is deprecated added interface wlan0 ip=2a01:cb04:bae:2600:9aea:4ae:b4b3:15a2 bcast= netmask=ffff:ffff:ffff:ffff:: added interface docker0 ip=172.17.42.1 bcast=172.17.255.255 netmask=255.255.0.0 added interface wlan0 ip=192.168.1.12 bcast=192.168.1.255 netmask=255.255.255.0 Client started (version 4.5.16-Debian). Connecting to 127.0.0.1 at port 1445 Doing spnego session setup (blob length=398) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178@please_ignore GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 Domain=[PLOP] OS=[] Server=[] smb: \>
Où il y a trois lignes vides, ça a mis plusieurs secondes.
Dans le cas présent le contrôleur de domaine n'est pas joignable et nous utilisons un compte local.
Spécifier le domaine “.”
Le point indique un compte local (hors du domaine)
Vous pouvez utiliser l'option -W
smbclient -U user%'P@ssw0rd' -p 1445 //127.0.0.1/D -m SMB3 -W .
Mettre à jour smbclient et ses dépendances
# apt-get install smbclient The following extra packages will be installed: libldb1 libsmbclient samba-common samba-libs
Erreur
# dmesg [1231082.766925] CIFS VFS: cifs_mount failed w/return code = -61
Diag
# smbclient -U jean -W ACME \\partages\images smb: \> cd REP\ Connection to pc1111 failed (Error NT_STATUS_BAD_NETWORK_NAME) Unable to follow dfs referral [\pc1111\REP$] cd \REP\: NT_STATUS_PATH_NOT_COVERED # ping pc1111 ping: unknown host pc1111
Modifier le /etc/hosts ou /etc/resolv.conf afin de résoudre pc1111
# mount -t cifs -o rw,uid=1000,forceuid,gid=1000,forceuid,file_mode=0777,dir_mode=0777,noperm,credentials=/root/.fichier_mdp //server/partage /mnt/nompartage mount error(22): Invalid argument Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg) # dmesg -T |tail [Wed Dec 23 11:31:16 2020] CIFS: Attempting to mount //server/partage [Wed Dec 23 11:31:16 2020] CIFS: VFS: cifs_mount failed w/return code = -22
Spécifier la version souhaitée
Exemple : vers=2.0
mount -t cifs -o rw,uid=1000,forceuid,gid=1000,forcegid,file_mode=0777,dir_mode=0777,noperm,vers=2.0,credentials=/root/.fichier_mdp //server/partage /mnt/nompartage
$ smbclient -U user1%'BasP@ssw0rd' '\\localhost\shared' session setup failed: NT_STATUS_LOGON_FAILURE $ smbclient -U user1%'P@ssw0rd' '\\localhost\shared' Domain=[localhost] OS=[Unix] Server=[Samba 3.0.33-3.7.el5] tree connect failed: NT_STATUS_BAD_NETWORK_NAME
Le partage pointait vers un dossier non existant.
Exemple options de montage
on /data/users_homedirs type cifs (rw,relatime,sec=ntlm,unc=\\serveur\Home$,username=utilisateur,domain=ACME,uid=1000,forceuid,gid=1000,forcegid,addr=192.168.1.20,file_mode=0755,dir_mode=0755,nounix,rsize=61440,wsize=65536,actimeo=1)