I wanted to access a full DFS tree of shared folders from my Windows Server 2008R2 network from an Ubuntu Linux 12.04 machine running on the same network.
My first attempt at using “sudo mount –t cifs …blah-blah-blah… “ simply would not work. Sometimes it *seemed* to connect, but the folders were always empty. I wasted hours trying to figure out how to solve this.
Here is the original post I made on ServerFault.com asking for help, back in March 2012: http://serverfault.com/questions/370338/ubuntu-linux-cannot-see-files-in-folders-when-connected-to-a-dfs-tree-on-windo
I never solved the problem, that is, until I tried again in October 2012. I’m now running Ubuntu 12.04. So, I started all over… I tried a bunch of things from Google… And I finally got it working, even from “Connect to Server” in Nautilus!!!
These are the steps that finally made it work:
1. Enable/configure proper WINS resolution
Follow this discussion to enable WINS resolution of Windows computer names on the network http://askubuntu.com/questions/93302/windows-hostnames-are-not-resolved
Basically, it boils down to making this change:
2. Install SMBFS and KeyUtils
Every time I tried to call the MOUNT command, I was getting some error like “cifs_mount failed w/ return code = -22” that I could see by running dmesg | tail
So, some posts lead me to install these things:
sudo apt-get install smbfs
sudo apt-get install keyutils
Some posts state that the Samba stuff on Ubuntu is now deprecated or replaced by the newer CIFS stuff, and for some things, CIFS is the only thing needed, but I assure you that the original Samba package is also required to connect to a DFS tree on a Windows server.
You will notice that “smbfs” will also install “cifs-utils” if it’s not already installed.
3. Configure smb.conf
I also made a few tweaks in /etc/samba/smb.conf. Uncomment these lines, and enter the correct values for your network:
4. Finally – a very important discovery…
This is the magic that finally made this work for me!!! Changing one little parameter…
I happened to notice this teensy little difference in one of my files compared to a blog post referenced in the only reply to my original question on SeverFault.
In the /etc/request-key.conf, I changed this line:
1 create cifs.spnego * * /usr/sbin/cifs.upcall <font style="background-color: #ffff00">-c</font> %k
1 create cifs.spnego * * /usr/sbin/cifs.upcall <font style="background-color: #ffff00">-t</font> %k
Note: This file is created by the “keyutils” install. It was not present before, as I looked for it. I noticed that it appeared after installing keyutils via apt-get.
Two things to note here…
1. According to http://www.samba.org/samba/docs/man/manpages-3/cifs.upcall.8.html, the –c option is deprecated and is currently ignored. So, I don’t know why that option is included in the file in first place.
2. Warning: The suggested –t option has something to do with “trusting” the DNS server to resolve and retrieve kerberos session keys. I really don’t understand what it all means, but it is explained in the link listed right above here. All I know is, from my trial-and-error testing, this allows Windows DFS tree mounting to work, and it DOES NOT work without –t on this one line.
So, read the above link to learn more about this and make sure it’s safe for your environment. I tried several times to make it work without the –t option, but whenever it connected It gave me folder names from the DFS tree, but they were empty when viewed in Nautilus.
You need to restart your terminal window after making these changes and before going to the final step below:
Finally, let’s connect to a DFS tree or any other shared folder on the server.
Open a new Terminal window, and type the following:
mount -t cifs //servername/sharename /mnt/temp –-verbose -o username=my_user_name,password=my_password,workgroup=DOMAIN_NAME
The –verbose option adds logging info about the mount, which you can read from this command:
dmesg | tail
Or, from Nautilus file browser, you can use “Connect to Server” from the File menu, and make these entries in the dialog window:
Kaboom!!! It worked. At least for me.
Good luck to others who need this.