Use Linux Mint credentials to access NAS SMB/CIFS share

[DrGoat]

I have a CIFS/SMB share on my freenas server and a laptop running Mint 20.1 (and several windows machines). I'd like this share to work similarly to a mapped network drive in windows (where the share folder looks like part of the filesystem, and the default credentials used are from the windows/mint OS login).
I should mention that one of the files on this share is a keepass database, and I want to periodically synchronize a local copy of the database (On the Mint laptop) to it.

Through scanning the forums and the web, I can almost do what I want. I tried two different methods, described below.

1) I tried file > connect to server, and I can successfully connect to the smb share this way. It shows up as smb://user1@freenasIP/share. I don't have the option to use my Linux credentials as the default (like I do with windows), but there is an option to remember it so it's not too bad.
The bigger issue is that this share does not show up in the keepass2 file browser (based on mono I think?), so I cannot sync the keepass database without manually copying the file locally first (clunky and annoying). Also, it'd be nice if this share could show up in the user's home folder.

2) I tried editing fstab, adding the following line (and various variants of it):

Code: Select all

//freenasIP/share /home/user1/share cifs username=user1,password=pw,nofail,noperm,uid=1000,gid=1000 0 0

This works pretty well - I can access the share under the home folder, and it shows up the the keepass2 file browser when I want to sync.
My issue here is I again can't seem to use the Linux Mint credentials for the SMB credentials. And I'm not keen on leaving a plaintext password on the system. I could use a credentials file, but as I understand it that would still be in plain text, just not accessible by any user who logged on.

With that background, can some one advise me on how improve upon these methods (or what instruction I failed to find on the web in my noobness...)?

The thing that seemed closest was fstab: if I could get the mount to automatically use the Linux Mint credentials for the SMB credentials (like Windows seems to by default) I think I am done.
If that isn't possible, then an encrypted file with the SMB credentials would be an acceptable plan B. Is this easy to do? Did I miss someting when looking at the credentials option to fstab?

Alternatively, I'm OK with the first option (connect to server) if I could get the share to show up in the keepass2 file browser (for syncing the database); being able to also map it to the user's home folder and/or use the Linux Mint credentials to connect to SMB would be bonuses.

I'm not attached to either of these methods in principle, they are just what I found & explored in a few hours of web research & experimentation.
If there's a better way to easily access my NAS from 3 windows and a linux mint computer, I'm all ears. Thus far it has been easiest for me to just set the same credentials for each of the 4 computers, set the freenas share to take these creds, and it all works (well except for this snag I'm hitting with Mint).

Thanks in advance for any advice

[AndyMH]

I do what you do, but a different way.

I mount my NAS (a synology) via fstab.

My issue here is I again can't seem to use the Linux Mint credentials for the SMB credentials.

They are two different things, so no (or not that I'm aware of), even if your uname/pwd is the same for the NAS as it is for the local mint PC. I agree plaintext pwds are not good. I use a credentials file (not stored in home), owned by root and read-only so a normal user cannot open it. Best I've been able to come up with. You could switch to nfs instead of cifs, but that's a whole different ballgame. In nfs it is the client PC that is authenticated, you don't logon to the NAS as a known user on the NAS. I know the basics of nfs, but that's about it.

What I do is store the keepass database locally. I then use unison* (in a small script running on boot**) to sync the local file with a copy on the NAS. That way the database is synced across all my PCs and if I'm away and not connected to the NAS, I still have a local copy, up-to-date as of the last time it was connected to the network.

EDIT - just read this bit

If there's a better way to easily access my NAS from 3 windows and a linux mint computer, I'm all ears

The win PCs being the issue. You could probably do what I do with freefilesync instead of unison. I don't like it - think the GUI looks clunky and it's obviously been ported from win, but you can run it from the command line. And I don't think win supports nfs as it is native to linux.

* it's in software manager, there is a GUI as well, unison-gtk.
** I also have a launcher on the desktop to update the NAS or client PC at anytime, or you could run it as a cron job.

[DrGoat]

Thanks for the response. Based on your feedback, I went ahead and made a credentials file in the root folder and use that with fstab.

Too bad it doesn't look like it can push the login creds to samba like windows does. Oh well, I guess windows needs to be good at something.

As far as the syncing of keepass, I'm fine with the occasional manual sync. Now that the file is shared and shows up in the keepass file browser it's trivial to do.
Someday if I get motivated I'll try using the http sync with a local owncloud or something and try automating that.

[Moonstone Man]

... fstab.

Too bad it doesn't look like it can push the login creds to samba like windows does...

https://askubuntu.com/questions/157128/ ... re-on-boot
https://www.swerdna.net.au/susesambacifs.html
https://unix.stackexchange.com/question ... nt-command

Search terms: samba fstab credentials

[DrGoat]

Yes, that's exactly what I am doing now (I did that search prior to posting here in the first place).

What I would prefer it to do is to try using the linux mint login credentials as the samba share credentials, just like MS windows does. I don't need a separate credentials file on the windows boxes (it tries to use your windows login as the samba credentials, asking for samba username/password only if they don't match). When setting up the samba share on the NAS, I set the group credentials to match those I was using for windows logins.

What I'd like is an fstab option something like tryLinuxOScreds=True instead of a separate credentials file.

[jontrv]

I do not know about freenas, but in my (long) experience Windows does NOT use windows credentials as such.

When you first setup the NAS server you create user identities and passwords. These can match what you use on Windows, but do not need to do so. Then the first time you connect to the share Windows asks for both the username and password you setup on the server. These values are then stored (in encrypted form!) in the registry, and passed to the server when the connection is (re)opened. You can have multiple NAS servers with different credentials, and Windows will remember them all. I think that for Linux to do this you would need to have multiple credentials files.
To test this, login to your freenas server and change a password to something different to the windows credentials. Your next Windows login to the NAS will fail and prompt you for a password.
For Linux what I think you want is a means of using an encrypted credentials file. Maybe a better solution is to put the credentials into the keychain. The hard part is teaching the mount to look there and how to extract and use the relevant data.
JT:

[djph]

What I would prefer it to do is to try using the linux mint login credentials as the samba share credentials,
just like MS windows does.

The authentication and authorization mechanisms for SMB/CIFS (a Microsoft product) are entirely different than the authentication and authorization mechanisms (natively) available in Linux-based operating systems (and applications). Hence needing to hand off to shims like samba; which need configuration details provided somehow.

Windows can (SOMETIMES) get around this when setting the [work]group as the (PC's or user's) inclusion in the [work]group is the defining factor for authorization and authentication (especially in "simple" shares such as in a house or small office where you don't have a proper centralized directory service). However, I've seen this both work and not work in various flavors of Windows as far back as 2k (necessitating the "set share credentials" thing as mentioned by jontrv.