Monday, 14 May 2007

Connecting to a Windows Share

If you are reading this my guess is that you are probably in the same situation as me: you're looking at moving from Windows to Linux. Obviously, I want to make sure any information I give out here is as accurate as possible. Connecting to a Windows file share is a very common thing to want to do, especially if you are coming from a Windows background. However, for me, it wasn't without its complications.

In a previous post I described joining my Linux machine to my Windows domain. Once I did this I had no problems at all mounting a Windows share using "Connect to Server..." from the "Places" menu on the Fedora desktop. (I'm using the Gnome desktop, which is the Fedora default. If you are using a KDE desktop, the menus are probably different. This is something I hope to come back to.) However, I got "The folder contents could not be displayed" error when I clicked on the "Windows Network" icon.

Like most companies, my company runs a network firewall. Having tried everything I could think of on Fedora, I enabled logging on the firewall just to check whether anything was showing up. Sure enough, the firewall was denying connections from my Linux machine on ports 32770 and 32771. Once I enabled the ports I was able to browse the Windows Network with no problems at all. Very cool...

Ok, but what if the machine is not joined to the domain? This is where things got complicated. The bottom line is that I have not been able to mount a Windows share using "Connect to Server..." from the desktop. I've spent a long time looking at this, but I've got no where. What I can do is mount the share from the command line:

mount -t cifs -o user=username,password=password
//Server/Share /mnt/Name

So what's going on? One possibility I considered was the issue of SMB packet signing. (There is a good discussion here.) However, if that was the case I wouldn't be able to mount the share from the command line. I downloaded Wireshark (formally Ethereal) and saw that I was getting a STATUS_LOGON_FAILURE error:

Doesn't help much... I ran a Wireshark again, this time to capture what happened when I ran mount. The difference was that mapping a drive from the desktop involved Fedora attempting to connect using SMB via NTLMSSP (NT Lan Manager Security Support Provider) whereas using mount did not.

I'm sure there is a solution to this somewhere; either by changing the configuration of the firewall, or the configuration of Fedora. However, I'm going to have to leave this for another time.

No comments: