Voir aussi

• Serveur Samba SMB CIFS
• CIFS Unix Extensions / Services for Unix (SFU)

Voir :

• rclone
• curl smb / smbs

apt-get install cifs-utils smbclient

auth.cfg

username=jean
password=P@ssw0rd
domain=D$

smbclient -A auth.cfg //192.168.1.12/D$/ -c ls

Anonymement

smbclient -N -L 127.0.0.1

Avec un compte

smbclient -U utilisateur%mdp -L 127.0.0.1

Ou (debug)

smbtree -N -d3

smbclient -U utilisateur%mdp '\\127.0.0.1\partage'

gvfs-mount smb://server/share

apt-get install libpam-mount

/etc/security/pam_mount.conf.xml

<volume options= "user=%(DOMAIN_USER),dom=%(DOMAIN_NAME),setuids" fstype="cifs" server="192.168.x.x" path="sharename" mountpoint="~/sharemount" />

Voir nmap, smbmap, rpcclient, nbtscan, enum4linux

• https://www.infosecademy.com/nmap-smb-scripts-enumeration/

Pour tester

nmap -A 127.0.0.1
 
nmap --script smb-os-discovery.nse -p445 127.0.0.1
sudo nmap -sU -sS --script smb-os-discovery.nse -p U:137,T:139 127.0.0.1
 
nmap --script smb-enum-shares.nse -p445 <host>
sudo nmap -sU -sS --script smb-enum-shares.nse -p U:137,T:139 127.0.0.1
 
nmap --script smb-enum-users.nse -p445 <host>
sudo nmap -sU -sS --script smb-enum-users.nse -p U:137,T:139 127.0.0.1

Disable less secure legacy dialects

/etc/modprobe.d/cifs.conf

options cifs disable_legacy_dialects=1

echo 1 > /sys/module/cifs/parameters/disable_legacy_dialects
 
# Y or 1  stands for enabled
# N or 0 stands for disabled

Display CIFS statics with Mega bytes per a 1 second 3 times (sysstat)

cifsiostat -m 1 3 

Equiv :

mount.cifs -o credentials=/home/share/.auth.cfg,uid=1000,forceuid,gid=1000,forcegid,file_mode=0777,dir_mode=0777,noperm,port=1446,vers=2.0  //127.0.0.1/share /mnt/share/

#sudo apt-get install fusesmb
sudo apt-get install smbnetfs 
 
mkdir .smb
cp /etc/smbnetfs.conf ~/.smb/
chmod 600 ~/.smb/smbnetfs.conf
cp /etc/samba/smb.conf ~/.smb/
mkdir -p Network
smbnetfs Network
 
cd Network/127.0.0.1:1446/
 
 
cd Network/share:'domain\user1':'P@ssw0rd'@127.0.0.1:1446/Install

~/.smb/smbnetfs.conf

log_file                "/tmp/smbnetfs.log"
show_$_shares           "true"
show_hidden_hosts       "true"
auth                    "guest" ""
include                 "smbnetfs.auth"

~/.smb/smbnetfs.auth

auth "smb-sh"           "DOMAIN/user1" "P@ssw0rd"
auth "127.0.0.1"        "DOMAIN/user1" "P@ssw0rd"
auth "127.0.0.1:1446"   "DOMAIN/user1" "P@ssw0rd"

chmod 600 ~/.smb/smbnetfs.auth

Voir :

• https://lars.timmann.de/wiki/index.php?title=Cachefilesd
• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_file_systems/getting-started-with-fs-cache_managing-file-systems
• https://www.kernel.org/doc/html/latest/filesystems/caching/cachefiles.html
• https://serverfault.com/questions/602203/cachefilesd-cachefiles-everything-seems-to-be-set-up-still-not-working

findmnt -n -s -t cifs

mkdir /mnt/nompartage

/etc/fstab

//ouindoze/nompartage    /mnt/nompartage    cifs    credentials=/home/jean/.smbcredentials,rw,auto,user,nounix,noserverino,iocharset=utf8,file_mode=0777,dir_mode=0777 0 0

//public/plop /mnt/espace_build_ovs/ cifs _netdev,rw,uid=15041,forceuid,gid=15141,forcegid,file_mode=0777,dir_mode=0777,noperm,credentials=/etc/.cifs_public_plop 0 0

mount -t cifs //mystorage/data2 -o username=user1,password=myPassword,rw,bg,vers=3,proto=tcp,hard,intr,rsize=32768,wsize=32768,forcedirectio,llock /data2

/etc/modprobe.d/cifs.conf

# Disable caching and the CIFS oplog for stable NTFS network shares
options cifs enable_oplocks=0
 
install cifs /sbin/modprobe --ignore-install cifs $CMDLINE_OPTS && echo 0 > /proc/fs/cifs/LinuxExtensionsEnabled && echo 0 > /proc/fs/cifs/LookupCacheEnabled
remove cifs /sbin/modprobe -r cifs

Fichiers contenant les identifiants en clair (pour ne pas les mettre dans le fstab)

/etc/.cifs_public_plop

#domain=domain
username=utilisateur
password=motdepasse

/home/jean/.smbcredentials

username=utilisateur
password=motdepasse

Vous pouvez éventuellement ajouter :
domain=MONDOMAINE

Ou encore le mettre après le “username” comme :
username=utilisateur@MONDOMAINE

ou bien
username=MONDOMAINE\utilisateur

chmod 600 /home/jean/.smbcredentials /etc/.cifs_public_plop

Puis

mount /mnt/nompartage

# mount |grep /mnt/shared
systemd-1 on /mnt/shared type autofs (rw,relatime,fd=28,pgrp=1,timeout=10,minproto=5,maxproto=5,direct,pipe_ino=38828)

sudo umount -a -t cifs -l
sudo umount -a -t autofs -l

Voir https://bugzilla.redhat.com/show_bug.cgi?id=78846

# smbclient -A /etc/.creds //server-smb/partage1/
session setup failed: NT_STATUS_LOGON_FAILURE

# rpcclient vmx-gspl -d 1 -A /etc/.creds -c "getdriverdir \"Windows NT x86\""
Cannot connect to server.  Error was NT_STATUS_LOGON_FAILURE

# smbclient -U jean -W DOMAIN //server-smb/partage1/
Enter jean's password:
Domain=[ACME] OS=[Unix] Server=[Samba 3.6.6]
smb: \>

$ smbclient -U user%'P@ssw0rd' -p 1445 //127.0.0.1/E
WARNING: The "syslog" option is deprecated
protocol negotiation failed: NT_STATUS_CONNECTION_DISCONNECTED

Ajouter l'option -m SMB3

smbclient -U user%'P@ssw0rd' -p 1445 //127.0.0.1/E -m SMB3

plop@portable:~$ smbclient -U user%'P@ssw0rd' -p 1445 //127.0.0.1/D -m SMB3 -d 3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
WARNING: The "syslog" option is deprecated
added interface wlan0 ip=2a01:cb04:bae:2600:9aea:4ae:b4b3:15a2 bcast= netmask=ffff:ffff:ffff:ffff::
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255 netmask=255.255.0.0
added interface wlan0 ip=192.168.1.12 bcast=192.168.1.255 netmask=255.255.255.0
Client started (version 4.5.16-Debian).
Connecting to 127.0.0.1 at port 1445
Doing spnego session setup (blob length=398)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215



NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
Domain=[PLOP] OS=[] Server=[]
smb: \>

Où il y a trois lignes vides, ça a mis plusieurs secondes.
Dans le cas présent le contrôleur de domaine n'est pas joignable et nous utilisons un compte local.

Spécifier le domaine “.”
Le point indique un compte local (hors du domaine)
Vous pouvez utiliser l'option -W

smbclient -U user%'P@ssw0rd' -p 1445 //127.0.0.1/D -m SMB3 -W .

Mettre à jour smbclient et ses dépendances

# apt-get install smbclient
The following extra packages will be installed:
  libldb1 libsmbclient samba-common samba-libs

Erreur

# dmesg
[1231082.766925] CIFS VFS: cifs_mount failed w/return code = -61

Diag

# smbclient -U jean -W ACME \\partages\images

smb: \> cd REP\                                                     
Connection to pc1111 failed (Error NT_STATUS_BAD_NETWORK_NAME)           
Unable to follow dfs referral [\pc1111\REP$]                        
cd \REP\: NT_STATUS_PATH_NOT_COVERED                                 


# ping pc1111                        
ping: unknown host pc1111

Modifier le /etc/hosts ou /etc/resolv.conf afin de résoudre pc1111

# mount -t cifs -o rw,uid=1000,forceuid,gid=1000,forceuid,file_mode=0777,dir_mode=0777,noperm,credentials=/root/.fichier_mdp //server/partage /mnt/nompartage
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

# dmesg -T |tail
[Wed Dec 23 11:31:16 2020] CIFS: Attempting to mount //server/partage
[Wed Dec 23 11:31:16 2020] CIFS: VFS: cifs_mount failed w/return code = -22

Spécifier la version souhaitée

Exemple : vers=2.0

mount -t cifs -o rw,uid=1000,forceuid,gid=1000,forcegid,file_mode=0777,dir_mode=0777,noperm,vers=2.0,credentials=/root/.fichier_mdp //server/partage /mnt/nompartage

Exemple options de montage

 on /data/users_homedirs type cifs (rw,relatime,sec=ntlm,unc=\\serveur\Home$,username=utilisateur,domain=ACME,uid=1000,forceuid,gid=1000,forcegid,addr=192.168.1.20,file_mode=0755,dir_mode=0755,nounix,rsize=61440,wsize=65536,actimeo=1)