lunes, 2 de octubre de 2017

Mount an Azure Share from Linux


Some times we need to make things we don't like, just because a customer needs it. and you have to do some tests. That was my case, I needed to make a test mounting a CIFS/smb share from Microsoft Windows server from Linux (as you can imagine I have no Windows Server to make such a test) so, we got a Windows Server in Azure and we succeded to share a directory to the world.


Requirements

You need these packages:

I rather use a credential file to don't write user and passwd every time (i.e.: ~/.smbclient.conf) with this content:

username=<domain>/<user>
password=<passwd>


First test to connect from a Debian 9 Stretch GNU/Linux with :

smbclient //<azureURLServer>/<shareName> -A ~/.smbclient.conf

And we got this answer:
WARNING: The "syslog" option is deprecated
protocol negotiation failed: NT_STATUS_CONNECTION_DISCONNECTED


This line have been working well for some server I had connected to, but not for Azure? ...


After a while googling I got some interesting info: How to force Linux cifs mount to default to smb3? (https://superuser.com/questions/1226973/how-to-force-linux-cifs-mount-to-default-to-smb3/1228011)

Maybe Azure is only publishing SMB shares in SMB3 because of security concerns? So make the change in /etc/samba/smb.conf:
[global]
client min protocol = SMB2
client max protocol = SMB3


These changes made it work:
WARNING: The "syslog" option is deprecated
Domain=[X] OS=[] Server=[]
smb: \>


Some other tests

I also tested this working config with other Linux flavors and library versions:
  • Oldstable version of Debian 8 GNU/Linux (Jessie): Not working
  • Ubuntu 16.04.2 LTS (Xenial Xerus): Not working
  • Amazon AWS AMI: Not woking 


Conclusion

All tests made with the others distros were using older versions of samba libraries, so the hypothesis is:

Azure is sharing using the last version of SMB protocol (3.0.2 or 3.1.1 maybe) and the only libraries supporting this version are the one with Debian 9 Stretch.

I hope it helps someone ...








No hay comentarios:

Publicar un comentario