How to mount Windows share on Red Hat Enterprise Linux system using CIFS?
Environment
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 5
Issue
- How can Windows shares be mounted on Red Hat Enterprise Linux?
Resolution
- To run the following commands, you need to install
cifs-utilspackage which providesmount.cifshelper program. Some commands for mounting CIFS volume require the helper program to pre-process options before issuing amount()syscall. -
Windows share can be mounted on RHEL system using
cifsoption ofmountcommand as :# mount -t cifs -o username=<share user>,password=<share password> //WIN_PC_IP/<share name> /mnt -
You can specify
iocharsetto convert local path names to/from UTF-8 if the server uses multi byte charset:# mount -t cifs -o iocharset=cp932,username=<share user>,password=<share password> //WIN_PC_IP/<share name> /mnt -
In case your user is in windows domain then you can define the domain as follows:
# mount -t cifs -o username=<share user>,password=<share password>,domain=example.com //WIN_PC_IP/<share name> /mnt -
By default, Windows shares are mounted with the full permission (0755) in Linux. To change the default permission use the
dir_modeandfile_modeoptions to set directory and file permission.# mount -t cifs -o username=<share user>,password=<sharepassword>,dir_mode=0755,file_mode=0755 //WIN_PC_IP/<share name> /mnt -
To make the mount persistent across reboots, make the below entry to the
/etc/fstab//WIN_PC_IP/<share name> /<mntpoint> cifs _netdev,username=<share user>,password=<share password>,dir_mode=0755,file_mode=0755,uid=500,gid=500 0 0 -
If a username/password/domain is needed, it is best not to leave it in fstab. In order to achieve this, the previous entry can be modified like so:
//WIN_PC_IP/<share name> /<mntpoint> cifs _netdev,credentials=/root/.credfile,dir_mode=0755,file_mode=0755,uid=500,gid=500 0 0and then create the file /root/.credfile, with the following content (domain might not be mandatory):
username=<share user> password=<share password> domain=<share domain> -
If you receive the following error when try to mount the share folder from windows machines
mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)Please verify the permission on the folder on you windows machine and try again mount the share folder.
Root Cause
- Fore more information, please refer to
MOUNT.CIFS(8).
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
20 Comments
You'll need the "cifs-utils" package (not part of the @base) installed to get the mount.cifs command.
Worth noting that, if you're in an Active Directory environment and packet-signing is enforced for CIFS shares (or your CIFS server is a Windows 2008R2 server), you will need to add an appropriate
sec=flag to your mount options. In our environment, we got vague permission denied errors (permission denied (errno 13)) until we set our client mount options to one of "sec=ntlmv2i" or "sec=ntlmsspi".Another peculiarity of using a Windows 2008R2 server (or higher) is that mounting via CNAME may be not possible when using the "
sec=ntlmsspi" mount option. It used to be, you could overcome this by settingDisableStrictNameChecking(per Microsoft KB 926642). However that fix no longer seems to reliably work.As of Sept 2, 2015 connecting to a Windows share with CIFS is not possible if you enable FIPS on your RHEL 6x or 7x system. https://bugzilla.redhat.com/show_bug.cgi?id=1259497
Since /etc/fstab is world-readable, I think it's better to put the credentials in a file (e.g. /root/cifs_creds.txt), then use the "credentials=/root/cifs_creds.txt" mount option.
The credentials file should contain at least two lines "username=user" and "password=secretpass"
I tried "mount -t cifs //example.com/Linux_Support /mnt -o credentials=/root/cifsauth,noserverino,vers=3.0", on RHEL 6 , but it shows error "mount error(112): Host is down". This same command work on rhel7. What could be a possible cause?
Any one has solution or suggestions for this issue? I am too seeing this issue. I am trying to mount share from Windows 2012 R2 system on to RHL Linux 6.
I have seen this issue. Try adding the option vers=2.1 to the mount options, possibly in addition to sec=ntlmsspi
On system reboot, networking doesn't start until after file systems are mounted. There is a _netdev option supposedly to add to the fstab entry to fix this.
What does the "0 0" designate at the end of the 4th example?
Those are the standard options for network drives, and mean respectively: don't back up, and don't scan for errors on boot. Wikipedia fstab
And a silly question: on two similar (but not identical) hosts (one running 7.4, one 7.5), both using cifs-utils-6.2-10.el7.x86_64 I get different results in the output of
mountfor identical fstab entries (neither of them mentionsdomainin the mount options). On the one running 7.5 the domain name doesn't feature in mount's output, on the 7.4 one it does. The smb.conf is identical for both machines, as is sssd.conf (both are AD attached and authenticate the mounting user [same user on both] via AD). What other config file might play a part in this?Unfortunately the answer does not include details of how to mount a CIFS share when that share must be mounted with no username and no password.
Very nice page explaining syntax of the mount command for cifs. Doesn't mention dependencies though to make it work: mount: wrong fs type, bad option, bad superblock on //, missing codepage or helper program, or other error (for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount. helper program) for the command to work. The solution page might suggest a package that contains the helper program for CIFS. Now I get to look for it. :(
"To make the mount persistant across reboots, make the below entry to the /etc/fstab"
There is no "a" in "persistent".
doesnt work.
Still works as a command, but needs an update since I see these messages when the server comes back up after a reboot:
No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
Going to see if there is another thread regarding this.
When we grant permissions to the account being used to mount the CIFS (network share), we have to reboot the linux server so the account realizes it now has permission to mount. Permissions are all granted via AD (Linux server is realm joined, users authorize and authenticate through SSSD... ie no local accounts or permissions). Anyone have any suggestions on what service(s) need restarted instead of full o/s reboot? We've tried service cycling SSSD, oddjobd, polkit, NetworkManager, and anything else that looks auth related, but none of it seems to read the new permissions from AD until a full system restart.
Rick, Here's what we do to clear the sssd cache on a host where access credentials have changed:
systemctl stop sssd ; rm -rf /var/lib/sss/{db,mc}/* ; systemctl start sssdThanks Eric! Unfortunately, that didn’t work either… just tried it on a system currently experiencing this. I think the reason this specifically didn’t work is because the user account never actually logs onto this Linux server, we strictly only use the account in question as a service account for mounting the network share, since it has full modify permission in order to mount… so we keep it out of the hands of the users and avoid that temptation of them logging in/on with it. Since the account never logs on, no SSSD cache to clear. So this goes back to finding the service that pulls permissions from AD at server start.
It may be irrelevant, but it may be useful to someone. I put the following code into a simple script (it works on Fedora, RHEL, and Nixos):
Script:
Fedora or RHEL 9x (fstab)
But, as I've discovered, if your share or mnt points are mounted and the system (ALL LINUX distros, for example) goes into sleep mode, the entire system becomes unresponsive and hangs for a few minutes! As a result, I had to create a system-wide package to mount/unmount everything before going to sleep. The strange thing is that nixos appears to be the only operating system where the mount timers actually time out automatically, as opposed to the others that stay mounted?